OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 561 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
572 // Every child process can request <about:blank>. | 572 // Every child process can request <about:blank>. |
573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) | 573 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) |
574 return true; | 574 return true; |
575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be | 575 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be |
576 // requestable by any child process. Also, this case covers | 576 // requestable by any child process. Also, this case covers |
577 // <javascript:...>, which should be handled internally by the process and | 577 // <javascript:...>, which should be handled internally by the process and |
578 // not kicked up to the browser. | 578 // not kicked up to the browser. |
579 return false; | 579 return false; |
580 } | 580 } |
581 | 581 |
582 // https://crbug.com/646278 Valid blob URLs should contain canonically | |
583 // serialized origins. | |
584 if (url.SchemeIsBlob() && | |
585 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/", | |
586 base::CompareCase::INSENSITIVE_ASCII)) { | |
587 return false; | |
588 } | |
589 | |
590 // If the process can commit the URL, it can request it. | 582 // If the process can commit the URL, it can request it. |
591 if (CanCommitURL(child_id, url)) | 583 if (CanCommitURL(child_id, url)) |
592 return true; | 584 return true; |
593 | 585 |
594 // Also allow URLs destined for ShellExecute and not the browser itself. | 586 // Also allow URLs destined for ShellExecute and not the browser itself. |
595 return !GetContentClient()->browser()->IsHandledURL(url) && | 587 return !GetContentClient()->browser()->IsHandledURL(url) && |
596 !net::URLRequest::IsHandledURL(url); | 588 !net::URLRequest::IsHandledURL(url); |
597 } | 589 } |
598 | 590 |
599 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, | 591 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
600 const GURL& url) { | 592 const GURL& url) { |
601 if (!url.is_valid()) | 593 if (!url.is_valid()) |
602 return false; // Can't commit invalid URLs. | 594 return false; // Can't commit invalid URLs. |
603 | 595 |
604 // Of all the pseudo schemes, only about:blank is allowed to commit. | 596 // Of all the pseudo schemes, only about:blank is allowed to commit. |
605 if (IsPseudoScheme(url.scheme())) | 597 if (IsPseudoScheme(url.scheme())) |
606 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); | 598 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); |
607 | 599 |
608 // https://crbug.com/646278 Valid blob URLs should contain canonically | |
609 // serialized origins. | |
610 if (url.SchemeIsBlob() && | |
611 !base::StartsWith(url.GetContent(), url::Origin(url).Serialize() + "/", | |
612 base::CompareCase::INSENSITIVE_ASCII)) { | |
613 return false; | |
614 } | |
615 | |
616 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site | 600 // TODO(creis): Tighten this for Site Isolation, so that a URL from a site |
617 // that is isolated can only be committed in a process dedicated to that site. | 601 // that is isolated can only be committed in a process dedicated to that site. |
618 // CanRequestURL should still allow all web-safe schemes. See | 602 // CanRequestURL should still allow all web-safe schemes. See |
619 // https://crbug.com/515309. | 603 // https://crbug.com/515309. |
620 if (IsWebSafeScheme(url.scheme())) | 604 if (IsWebSafeScheme(url.scheme())) |
621 return true; // The scheme has been white-listed for every child process. | 605 return true; // The scheme has been white-listed for every child process. |
622 | 606 |
623 { | 607 { |
624 base::AutoLock lock(lock_); | 608 base::AutoLock lock(lock_); |
625 | 609 |
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
867 base::AutoLock lock(lock_); | 851 base::AutoLock lock(lock_); |
868 | 852 |
869 SecurityStateMap::iterator state = security_state_.find(child_id); | 853 SecurityStateMap::iterator state = security_state_.find(child_id); |
870 if (state == security_state_.end()) | 854 if (state == security_state_.end()) |
871 return false; | 855 return false; |
872 | 856 |
873 return state->second->can_send_midi_sysex(); | 857 return state->second->can_send_midi_sysex(); |
874 } | 858 } |
875 | 859 |
876 } // namespace content | 860 } // namespace content |
OLD | NEW |