Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(502)

Side by Side Diff: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

Issue 2490943002: Block 'javascript:' navigation in the correct document. (Closed)
Patch Set: feedback Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2000 Simon Hausmann (hausmann@kde.org) 4 * (C) 2000 Simon Hausmann (hausmann@kde.org)
5 * (C) 2001 Dirk Mueller (mueller@kde.org) 5 * (C) 2001 Dirk Mueller (mueller@kde.org)
6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved.
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 14 matching lines...) Expand all
25 25
26 #include "bindings/core/v8/ScriptController.h" 26 #include "bindings/core/v8/ScriptController.h"
27 #include "bindings/core/v8/ScriptEventListener.h" 27 #include "bindings/core/v8/ScriptEventListener.h"
28 #include "core/HTMLNames.h" 28 #include "core/HTMLNames.h"
29 #include "core/dom/Attribute.h" 29 #include "core/dom/Attribute.h"
30 #include "core/dom/Document.h" 30 #include "core/dom/Document.h"
31 #include "core/frame/FrameView.h" 31 #include "core/frame/FrameView.h"
32 #include "core/frame/LocalFrame.h" 32 #include "core/frame/LocalFrame.h"
33 #include "core/frame/RemoteFrame.h" 33 #include "core/frame/RemoteFrame.h"
34 #include "core/frame/RemoteFrameView.h" 34 #include "core/frame/RemoteFrameView.h"
35 #include "core/frame/csp/ContentSecurityPolicy.h"
35 #include "core/html/parser/HTMLParserIdioms.h" 36 #include "core/html/parser/HTMLParserIdioms.h"
36 #include "core/loader/FrameLoader.h" 37 #include "core/loader/FrameLoader.h"
37 #include "core/loader/FrameLoaderClient.h" 38 #include "core/loader/FrameLoaderClient.h"
38 #include "core/page/FocusController.h" 39 #include "core/page/FocusController.h"
39 #include "core/page/Page.h" 40 #include "core/page/Page.h"
40 41
41 namespace blink { 42 namespace blink {
42 43
43 using namespace HTMLNames; 44 using namespace HTMLNames;
44 45
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 m_URL = AtomicString(blankURL().getString()); 78 m_URL = AtomicString(blankURL().getString());
78 79
79 LocalFrame* parentFrame = document().frame(); 80 LocalFrame* parentFrame = document().frame();
80 if (!parentFrame) 81 if (!parentFrame)
81 return; 82 return;
82 83
83 // Support for <frame src="javascript:string"> 84 // Support for <frame src="javascript:string">
84 KURL scriptURL; 85 KURL scriptURL;
85 KURL url = document().completeURL(m_URL); 86 KURL url = document().completeURL(m_URL);
86 if (protocolIsJavaScript(m_URL)) { 87 if (protocolIsJavaScript(m_URL)) {
87 scriptURL = url; 88 // We'll set/execute |scriptURL| iff CSP allows us to execute inline
89 // JavaScript. If CSP blocks inline JavaScript, then exit early if
90 // we're trying to execute script in an existing document. If we're
91 // executing JavaScript to create a new document (e.g.
92 // '<iframe src="javascript:...">' then continue loading 'about:blank'
93 // so that the frame is populated with something reasonable.
94 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) ||
95 document().contentSecurityPolicy()->allowJavaScriptURLs(
96 this, document().url(), OrdinalNumber::first())) {
97 scriptURL = url;
98 } else {
99 if (contentFrame())
100 return;
101 }
102
88 url = blankURL(); 103 url = blankURL();
89 } 104 }
90 105
91 if (!loadOrRedirectSubframe(url, m_frameName, replaceCurrentItem)) 106 if (!loadOrRedirectSubframe(url, m_frameName, replaceCurrentItem))
92 return; 107 return;
93 if (!contentFrame() || scriptURL.isEmpty() || !contentFrame()->isLocalFrame()) 108 if (!contentFrame() || scriptURL.isEmpty() || !contentFrame()->isLocalFrame())
94 return; 109 return;
95 if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin) 110 if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin)
96 return; 111 return;
97 toLocalFrame(contentFrame()) 112 toLocalFrame(contentFrame())
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
246 m_marginWidth = marginWidth; 261 m_marginWidth = marginWidth;
247 frameOwnerPropertiesChanged(); 262 frameOwnerPropertiesChanged();
248 } 263 }
249 264
250 void HTMLFrameElementBase::setMarginHeight(int marginHeight) { 265 void HTMLFrameElementBase::setMarginHeight(int marginHeight) {
251 m_marginHeight = marginHeight; 266 m_marginHeight = marginHeight;
252 frameOwnerPropertiesChanged(); 267 frameOwnerPropertiesChanged();
253 } 268 }
254 269
255 } // namespace blink 270 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698