Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 2347163004: Disallow navigations to blob URLs with non-canonical origins. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy_impl.h" 5 #include "content/browser/child_process_security_policy_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after
572 // Every child process can request <about:blank>. 572 // Every child process can request <about:blank>.
573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) 573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
574 return true; 574 return true;
575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be 575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
576 // requestable by any child process. Also, this case covers 576 // requestable by any child process. Also, this case covers
577 // <javascript:...>, which should be handled internally by the process and 577 // <javascript:...>, which should be handled internally by the process and
578 // not kicked up to the browser. 578 // not kicked up to the browser.
579 return false; 579 return false;
580 } 580 }
581 581
582 // https://crbug.com/646278 Valid blob URLs should contain canonically
583 // serialized origins.
584 if (url.SchemeIsBlob() &&
585 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/",
586 base::CompareCase::INSENSITIVE_ASCII)) {
587 return false;
588 }
589
582 // If the process can commit the URL, it can request it. 590 // If the process can commit the URL, it can request it.
583 if (CanCommitURL(child_id, url)) 591 if (CanCommitURL(child_id, url))
584 return true; 592 return true;
585 593
586 // Also allow URLs destined for ShellExecute and not the browser itself. 594 // Also allow URLs destined for ShellExecute and not the browser itself.
587 return !GetContentClient()->browser()->IsHandledURL(url) && 595 return !GetContentClient()->browser()->IsHandledURL(url) &&
588 !net::URLRequest::IsHandledURL(url); 596 !net::URLRequest::IsHandledURL(url);
589 } 597 }
590 598
591 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, 599 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
592 const GURL& url) { 600 const GURL& url) {
593 if (!url.is_valid()) 601 if (!url.is_valid())
594 return false; // Can't commit invalid URLs. 602 return false; // Can't commit invalid URLs.
595 603
596 // Of all the pseudo schemes, only about:blank is allowed to commit. 604 // Of all the pseudo schemes, only about:blank is allowed to commit.
597 if (IsPseudoScheme(url.scheme())) 605 if (IsPseudoScheme(url.scheme()))
598 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); 606 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL);
599 607
ncarter (slow) 2016/09/16 21:21:03 Probably need this here too.
Charlie Reis 2016/09/16 21:45:02 Agreed.
600 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site 608 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site
601 // that is isolated can only be committed in a process dedicated to that site. 609 // that is isolated can only be committed in a process dedicated to that site.
602 // CanRequestURL should still allow all web-safe schemes. See 610 // CanRequestURL should still allow all web-safe schemes. See
603 // https://crbug.com/515309. 611 // https://crbug.com/515309.
604 if (IsWebSafeScheme(url.scheme())) 612 if (IsWebSafeScheme(url.scheme()))
605 return true; // The scheme has been white-listed for every child process. 613 return true; // The scheme has been white-listed for every child process.
606 614
607 { 615 {
608 base::AutoLock lock(lock_); 616 base::AutoLock lock(lock_);
609 617
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after
851 base::AutoLock lock(lock_); 859 base::AutoLock lock(lock_);
852 860
853 SecurityStateMap::iterator state = security_state_.find(child_id); 861 SecurityStateMap::iterator state = security_state_.find(child_id);
854 if (state == security_state_.end()) 862 if (state == security_state_.end())
855 return false; 863 return false;
856 864
857 return state->second->can_send_midi_sysex(); 865 return state->second->can_send_midi_sysex();
858 } 866 }
859 867
860 } // namespace content 868 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698