Chromium Code Reviews Chromium Code Reviews
Issue 2378573005:
[HBD] Blanket BLOCK on all non-HTTP(s) and non-FILE URLs for Flash. (Closed)
| Index: chrome/browser/plugins/plugin_utils.cc |
| diff --git a/chrome/browser/plugins/plugin_utils.cc b/chrome/browser/plugins/plugin_utils.cc |
| index 582d098b1380424bcca1aa64cad2f0986093c9c5..57a6462bfe4009c18ed20d75c576be4301ebcec1 100644 |
| --- a/chrome/browser/plugins/plugin_utils.cc |
| +++ b/chrome/browser/plugins/plugin_utils.cc |
| @@ -5,10 +5,12 @@ |
| #include "chrome/browser/plugins/plugin_utils.h" |
| #include "base/values.h" |
| +#include "chrome/common/chrome_features.h" |
| #include "chrome/common/plugin_utils.h" |
| #include "components/content_settings/core/browser/host_content_settings_map.h" |
| #include "content/public/common/webplugininfo.h" |
| #include "url/gurl.h" |
| +#include "url/origin.h" |
| namespace { |
| @@ -17,29 +19,45 @@ const char kFlashPluginID[] = "adobe-flash-player"; |
| void GetPluginContentSettingInternal( |
| const HostContentSettingsMap* host_content_settings_map, |
| bool use_javascript_setting, |
| - const GURL& policy_url, |
| + const url::Origin& main_frame_origin, |
| const GURL& plugin_url, |
| const std::string& resource, |
| ContentSetting* setting, |
| bool* uses_default_content_setting, |
| bool* is_managed) { |
| + GURL main_frame_url = |
| + main_frame_origin.unique() ? GURL() : GURL(main_frame_origin.Serialize()); |
| + |
| std::unique_ptr<base::Value> value; |
| content_settings::SettingInfo info; |
| bool uses_plugin_specific_setting = false; |
| if (use_javascript_setting) { |
| value = host_content_settings_map->GetWebsiteSetting( |
| - policy_url, policy_url, CONTENT_SETTINGS_TYPE_JAVASCRIPT, std::string(), |
| - &info); |
| + main_frame_url, main_frame_url, CONTENT_SETTINGS_TYPE_JAVASCRIPT, |
| + std::string(), &info); |
| } else { |
| + // For non-JavaScript treated plugins (Flash), always return BLOCK if the |
| + // top level origin is any scheme other HTTP, HTTPS, or FILE. |
|
raymes
2016/10/02 05:12:56
nit: other than HTTP, ...
raymes
2016/10/02 12:00:05
After thinking about this a bit, I feel like we sh
tommycli
2016/10/03 18:49:28
Done.
tommycli
2016/10/03 18:49:28
Done.
|
| + if (base::FeatureList::IsEnabled(features::kPreferHtmlOverPlugins) && |
| + !main_frame_url.SchemeIsHTTPOrHTTPS() && |
| + !main_frame_url.SchemeIsFile()) { |
| + *setting = CONTENT_SETTING_BLOCK; |
| + if (uses_default_content_setting) |
| + *uses_default_content_setting = true; |
|
raymes
2016/10/02 05:12:56
I think this should be false - it's not necessaril
tommycli
2016/10/03 18:49:28
I preserved the actual is_default and is_managed v
|
| + if (is_managed) |
| + *is_managed = true; |
|
raymes
2016/10/02 05:12:56
This should only be true if the setting is being o
tommycli
2016/10/03 18:49:28
Done.
|
| + return; |
| + } |
| + |
| content_settings::SettingInfo specific_info; |
| std::unique_ptr<base::Value> specific_setting = |
| host_content_settings_map->GetWebsiteSetting( |
| - policy_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS, resource, |
| + main_frame_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS, resource, |
| &specific_info); |
| content_settings::SettingInfo general_info; |
| std::unique_ptr<base::Value> general_setting = |
| host_content_settings_map->GetWebsiteSetting( |
| - policy_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS, |
| + main_frame_url, plugin_url, CONTENT_SETTINGS_TYPE_PLUGINS, |
| std::string(), &general_info); |
| // If there is a plugin-specific setting, we use it, unless the general |
| // setting was set by policy, in which case it takes precedence. |
| @@ -71,27 +89,28 @@ void GetPluginContentSettingInternal( |
| void PluginUtils::GetPluginContentSetting( |
| const HostContentSettingsMap* host_content_settings_map, |
| const content::WebPluginInfo& plugin, |
| - const GURL& policy_url, |
| + const url::Origin& main_frame_origin, |
| const GURL& plugin_url, |
| const std::string& resource, |
| ContentSetting* setting, |
| bool* uses_default_content_setting, |
| bool* is_managed) { |
| - GetPluginContentSettingInternal(host_content_settings_map, |
| - ShouldUseJavaScriptSettingForPlugin(plugin), |
| - policy_url, plugin_url, resource, setting, |
| - uses_default_content_setting, is_managed); |
| + GetPluginContentSettingInternal( |
| + host_content_settings_map, ShouldUseJavaScriptSettingForPlugin(plugin), |
| + main_frame_origin, plugin_url, resource, setting, |
| + uses_default_content_setting, is_managed); |
| } |
| // static |
| ContentSetting PluginUtils::GetFlashPluginContentSetting( |
| const HostContentSettingsMap* host_content_settings_map, |
| - const GURL& policy_url, |
| + const url::Origin& main_frame_origin, |
| const GURL& plugin_url, |
| bool* is_managed) { |
| ContentSetting plugin_setting = CONTENT_SETTING_DEFAULT; |
| - GetPluginContentSettingInternal( |
| - host_content_settings_map, false /* use_javascript_setting */, policy_url, |
| - plugin_url, kFlashPluginID, &plugin_setting, nullptr, is_managed); |
| + GetPluginContentSettingInternal(host_content_settings_map, |
| + false /* use_javascript_setting */, |
| + main_frame_origin, plugin_url, kFlashPluginID, |
| + &plugin_setting, nullptr, is_managed); |
| return plugin_setting; |
| } |
