third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp - Issue 2490943002: Block 'javascript:' navigation in the correct document.

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

Issue 2490943002: Block 'javascript:' navigation in the correct document. (Closed)

Patch Set: feedback Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/resources/javascript-url.pl ('k') | third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

index 52ef1de51c2fae117ff77b156b302897ead5674c..6b99ae0d54bc13edc6c2cad6f03101e41f986c58 100644

--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp

@@ -1211,31 +1211,35 @@ void ContentSecurityPolicy::reportViolation(

reportObject->setObject("csp-report", std::move(cspReport));

String stringifiedReport = reportObject->toJSONString();

- if (!shouldSendViolationReport(stringifiedReport))

- return;

- didSendViolationReport(stringifiedReport);

- RefPtr<EncodedFormData> report =

- EncodedFormData::create(stringifiedReport.utf8());

- LocalFrame* frame = document->frame();

- if (!frame)

- return;

- for (const String& endpoint : reportEndpoints) {

- // If we have a context frame we're dealing with 'frame-ancestors' and we

- // don't have our own execution context. Use the frame's document to

- // complete the endpoint URL, overriding its URL with the blocked document's

- // URL.

- DCHECK(!contextFrame || !m_executionContext);

- DCHECK(!contextFrame ||

- equalIgnoringCase(effectiveDirective, FrameAncestors));

- KURL url =

- contextFrame

- ? frame->document()->completeURLWithOverride(endpoint, blockedURL)

- : completeURL(endpoint);

- PingLoader::sendViolationReport(

- frame, url, report, PingLoader::ContentSecurityPolicyViolationReport);

+ // Only POST unique reports to the external endpoint; repeated reports add no

+ // value on the server side, as they're indistinguishable. Note that we'll

+ // fire the DOM event for every violation, as the page has enough context to

+ // react in some reasonable way to each violation as it occurs.

+ if (shouldSendViolationReport(stringifiedReport)) {

+ didSendViolationReport(stringifiedReport);

+ RefPtr<EncodedFormData> report =

+ EncodedFormData::create(stringifiedReport.utf8());

+ LocalFrame* frame = document->frame();

+ if (!frame)

+ return;

+ for (const String& endpoint : reportEndpoints) {

+ // If we have a context frame we're dealing with 'frame-ancestors' and we

+ // don't have our own execution context. Use the frame's document to

+ // complete the endpoint URL, overriding its URL with the blocked

+ // document's URL.

+ DCHECK(!contextFrame || !m_executionContext);

+ DCHECK(!contextFrame ||

+ equalIgnoringCase(effectiveDirective, FrameAncestors));

+ KURL url =

+ contextFrame

+ ? frame->document()->completeURLWithOverride(endpoint, blockedURL)

+ : completeURL(endpoint);

+ PingLoader::sendViolationReport(

+ frame, url, report, PingLoader::ContentSecurityPolicyViolationReport);

+ }

}

document->postTask(