ios/web/web_state/ui/crw_web_controller.mm - Issue 2268053002: [ios] Do not allow WebUI URLs for windows open by DOM.

Side by Side Diff: ios/web/web_state/ui/crw_web_controller.mm

Issue 2268053002: [ios] Do not allow WebUI URLs for windows open by DOM. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2012 The Chromium Authors. All rights reserved.	1 // Copyright 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #import "ios/web/web_state/ui/crw_web_controller.h"	5 #import "ios/web/web_state/ui/crw_web_controller.h"

6	6

7 #import <WebKit/WebKit.h>	7 #import <WebKit/WebKit.h>

8	8

9 #import <objc/runtime.h>	9 #import <objc/runtime.h>

10 #include <stddef.h>	10 #include <stddef.h>

(...skipping 2026 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2037 [self abortLoad];	2037 [self abortLoad];

2038	2038

2039 DCHECK(!_isHalted);	2039 DCHECK(!_isHalted);

2040 // Remove the transient content view.	2040 // Remove the transient content view.

2041 [self clearTransientContentView];	2041 [self clearTransientContentView];

2042	2042

2043 const GURL currentURL = [self currentNavigationURL];	2043 const GURL currentURL = [self currentNavigationURL];

2044 // If it's a chrome URL, but not a native one, create the WebUI instance.	2044 // If it's a chrome URL, but not a native one, create the WebUI instance.

2045 if (web::GetWebClient()->IsAppSpecificURL(currentURL) &&	2045 if (web::GetWebClient()->IsAppSpecificURL(currentURL) &&

2046 ![_nativeProvider hasControllerForURL:currentURL]) {	2046 ![_nativeProvider hasControllerForURL:currentURL]) {

2047 [self createWebUIForURL:currentURL];	2047 web::NavigationItem* item = [self currentNavItem];

	2048 if (!(item->GetTransitionType() & ui::PAGE_TRANSITION_TYPED) &&

	2049 self.sessionController.openedByDOM) {

	2050 // WebUI URLs can not be open By DOM to prevent cross-site scripting as
	Jackie Quinn 2016/08/23 02:23:05 s/open By/opened by s/open By/opened by Eugene But (OOO till 7-30) 2016/08/23 17:41:02 Done. Show quoted text On 2016/08/23 02:23:05, Jackie Quinn wrote: > s/open By/opened by Done.
	2051 // they have increased power. The only exception is when the user has
	Jackie Quinn 2016/08/23 02:23:05 Maybe "WebUI URLs may only be opened when the user Maybe "WebUI URLs may only be opened when the user types in the URL" Also does that cover the bookmarked WebUI URL case? Eugene But (OOO till 7-30) 2016/08/23 17:41:02 Good catch. Added bookmarks handling (which also a Show quoted text On 2016/08/23 02:23:05, Jackie Quinn wrote: > Maybe "WebUI URLs may only be opened when the user types in the URL" > > Also does that cover the bookmarked WebUI URL case? Good catch. Added bookmarks handling (which also accounts for history) and updated the comment.
	2052 // typed URL in.

	2053 [[self sessionController] discardNonCommittedEntries];

	2054 return;

	2055 } else {

	2056 [self createWebUIForURL:currentURL];

	2057 }

2048 }	2058 }

2049	2059

2050 // Loading a new url, must check here if it's a native chrome URL and	2060 // Loading a new url, must check here if it's a native chrome URL and

2051 // replace the appropriate view if so, or transition back to a web view from	2061 // replace the appropriate view if so, or transition back to a web view from

2052 // a native view.	2062 // a native view.

2053 if ([self shouldLoadURLInNativeView:currentURL]) {	2063 if ([self shouldLoadURLInNativeView:currentURL]) {

2054 [self loadCurrentURLInNativeView];	2064 [self loadCurrentURLInNativeView];

2055 } else {	2065 } else {

2056 [self loadCurrentURLInWebView];	2066 [self loadCurrentURLInWebView];

2057 }	2067 }

(...skipping 3604 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5662 }	5672 }

5663	5673

5664 return web::WEB_VIEW_DOCUMENT_TYPE_GENERIC;	5674 return web::WEB_VIEW_DOCUMENT_TYPE_GENERIC;

5665 }	5675 }

5666	5676

5667 - (NSString)refererFromNavigationAction:(WKNavigationAction)action {	5677 - (NSString)refererFromNavigationAction:(WKNavigationAction)action {

5668 return [action.request valueForHTTPHeaderField:@"Referer"];	5678 return [action.request valueForHTTPHeaderField:@"Referer"];

5669 }	5679 }

5670	5680

5671 @end	5681 @end

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »