Index: ios/web/web_state/ui/crw_web_controller.mm |
diff --git a/ios/web/web_state/ui/crw_web_controller.mm b/ios/web/web_state/ui/crw_web_controller.mm |
index 96f66346c385f396f998a5424c4436114c0e9919..55563f4a36ec1c9121fbf76f70cdef9dca8d43c8 100644 |
--- a/ios/web/web_state/ui/crw_web_controller.mm |
+++ b/ios/web/web_state/ui/crw_web_controller.mm |
@@ -2044,7 +2044,17 @@ const NSTimeInterval kSnapshotOverlayTransition = 0.5; |
// If it's a chrome URL, but not a native one, create the WebUI instance. |
if (web::GetWebClient()->IsAppSpecificURL(currentURL) && |
![_nativeProvider hasControllerForURL:currentURL]) { |
- [self createWebUIForURL:currentURL]; |
+ web::NavigationItem* item = [self currentNavItem]; |
+ if (!(item->GetTransitionType() & ui::PAGE_TRANSITION_TYPED) && |
+ self.sessionController.openedByDOM) { |
+ // WebUI URLs can not be open By DOM to prevent cross-site scripting as |
Jackie Quinn
2016/08/23 02:23:05
s/open By/opened by
Eugene But (OOO till 7-30)
2016/08/23 17:41:02
Done.
|
+ // they have increased power. The only exception is when the user has |
Jackie Quinn
2016/08/23 02:23:05
Maybe "WebUI URLs may only be opened when the user
Eugene But (OOO till 7-30)
2016/08/23 17:41:02
Good catch. Added bookmarks handling (which also a
|
+ // typed URL in. |
+ [[self sessionController] discardNonCommittedEntries]; |
+ return; |
+ } else { |
+ [self createWebUIForURL:currentURL]; |
+ } |
} |
// Loading a new url, must check here if it's a native chrome URL and |