| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 // Every child process can request <about:blank>. | 572 // Every child process can request <about:blank>. |
| 573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) | 573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) |
| 574 return true; | 574 return true; |
| 575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be | 575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be |
| 576 // requestable by any child process. Also, this case covers | 576 // requestable by any child process. Also, this case covers |
| 577 // <javascript:...>, which should be handled internally by the process and | 577 // <javascript:...>, which should be handled internally by the process and |
| 578 // not kicked up to the browser. | 578 // not kicked up to the browser. |
| 579 return false; | 579 return false; |
| 580 } | 580 } |
| 581 | 581 |
| 582 // https://crbug.com/646278 Valid blob URLs should contain canonically |
| 583 // serialized origins. |
| 584 if (url.SchemeIsBlob() && |
| 585 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/", |
| 586 base::CompareCase::INSENSITIVE_ASCII)) { |
| 587 return false; |
| 588 } |
| 589 |
| 582 // If the process can commit the URL, it can request it. | 590 // If the process can commit the URL, it can request it. |
| 583 if (CanCommitURL(child_id, url)) | 591 if (CanCommitURL(child_id, url)) |
| 584 return true; | 592 return true; |
| 585 | 593 |
| 586 // Also allow URLs destined for ShellExecute and not the browser itself. | 594 // Also allow URLs destined for ShellExecute and not the browser itself. |
| 587 return !GetContentClient()->browser()->IsHandledURL(url) && | 595 return !GetContentClient()->browser()->IsHandledURL(url) && |
| 588 !net::URLRequest::IsHandledURL(url); | 596 !net::URLRequest::IsHandledURL(url); |
| 589 } | 597 } |
| 590 | 598 |
| 591 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, | 599 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
| 592 const GURL& url) { | 600 const GURL& url) { |
| 593 if (!url.is_valid()) | 601 if (!url.is_valid()) |
| 594 return false; // Can't commit invalid URLs. | 602 return false; // Can't commit invalid URLs. |
| 595 | 603 |
| 596 // Of all the pseudo schemes, only about:blank is allowed to commit. | 604 // Of all the pseudo schemes, only about:blank is allowed to commit. |
| 597 if (IsPseudoScheme(url.scheme())) | 605 if (IsPseudoScheme(url.scheme())) |
| 598 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); | 606 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); |
| 599 | 607 |
| 608 // https://crbug.com/646278 Valid blob URLs should contain canonically |
| 609 // serialized origins. |
| 610 if (url.SchemeIsBlob() && |
| 611 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/", |
| 612 base::CompareCase::INSENSITIVE_ASCII)) { |
| 613 return false; |
| 614 } |
| 615 |
| 600 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site | 616 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site |
| 601 // that is isolated can only be committed in a process dedicated to that site. | 617 // that is isolated can only be committed in a process dedicated to that site. |
| 602 // CanRequestURL should still allow all web-safe schemes. See | 618 // CanRequestURL should still allow all web-safe schemes. See |
| 603 // https://crbug.com/515309. | 619 // https://crbug.com/515309. |
| 604 if (IsWebSafeScheme(url.scheme())) | 620 if (IsWebSafeScheme(url.scheme())) |
| 605 return true; // The scheme has been white-listed for every child process. | 621 return true; // The scheme has been white-listed for every child process. |
| 606 | 622 |
| 607 { | 623 { |
| 608 base::AutoLock lock(lock_); | 624 base::AutoLock lock(lock_); |
| 609 | 625 |
| (...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 851 base::AutoLock lock(lock_); | 867 base::AutoLock lock(lock_); |
| 852 | 868 |
| 853 SecurityStateMap::iterator state = security_state_.find(child_id); | 869 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 854 if (state == security_state_.end()) | 870 if (state == security_state_.end()) |
| 855 return false; | 871 return false; |
| 856 | 872 |
| 857 return state->second->can_send_midi_sysex(); | 873 return state->second->can_send_midi_sysex(); |
| 858 } | 874 } |
| 859 | 875 |
| 860 } // namespace content | 876 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2347163004:
Disallow navigations to blob URLs with non-canonical origins. (Closed)
