third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp - Issue 2490943002: Block 'javascript:' navigation in the correct document. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(52)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

Issue 2490943002: Block 'javascript:' navigation in the correct document. (Closed)

Patch Set: Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/navigation/to-javascript-url.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp.php ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

diff --git a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

index 5168a162275426a27313b095d744f7cc1b87cfc3..c2382a5eaa807da595646b29e7f53158b2c3539b 100644

--- a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

+++ b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp

@@ -32,6 +32,7 @@

#include "core/frame/LocalFrame.h"

#include "core/frame/RemoteFrame.h"

#include "core/frame/RemoteFrameView.h"

+#include "core/frame/csp/ContentSecurityPolicy.h"

#include "core/html/parser/HTMLParserIdioms.h"

#include "core/loader/FrameLoader.h"

#include "core/loader/FrameLoaderClient.h"

@@ -94,6 +95,11 @@ void HTMLFrameElementBase::openURL(bool replaceCurrentItem) {

return;

if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin)

return;

+ if (!ContentSecurityPolicy::shouldBypassMainWorld(&document()) &&

+ !document().contentSecurityPolicy()->allowJavaScriptURLs(

+ this, document().url(), OrdinalNumber::first())) {

+ return;

+ }

toLocalFrame(contentFrame())

->script()

.executeScriptIfJavaScriptURL(scriptURL, this);

« third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/navigation/to-javascript-url.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/csp.php ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698