Chromium Code Reviews Chromium Code Reviews
Issue 2494633004:
Remove about:srcdoc url conversion. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_host_impl.h" | 5 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 994 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1005 void RenderFrameHostImpl::OnDetach() { | 1005 void RenderFrameHostImpl::OnDetach() { |
| 1006 frame_tree_->RemoveFrame(frame_tree_node_); | 1006 frame_tree_->RemoveFrame(frame_tree_node_); |
| 1007 } | 1007 } |
| 1008 | 1008 |
| 1009 void RenderFrameHostImpl::OnFrameFocused() { | 1009 void RenderFrameHostImpl::OnFrameFocused() { |
| 1010 delegate_->SetFocusedFrame(frame_tree_node_, GetSiteInstance()); | 1010 delegate_->SetFocusedFrame(frame_tree_node_, GetSiteInstance()); |
| 1011 } | 1011 } |
| 1012 | 1012 |
| 1013 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) { | 1013 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) { |
| 1014 GURL validated_url(params.url); | 1014 GURL validated_url(params.url); |
| 1015 GetProcess()->FilterURL(false, &validated_url); | 1015 if (validated_url != GURL(content::kAboutSrcDocURL)) |
| 1016 GetProcess()->FilterURL(false, &validated_url); | |
| 1016 | 1017 |
| 1017 if (params.is_history_navigation_in_new_child) { | 1018 if (params.is_history_navigation_in_new_child) { |
| 1018 DCHECK(SiteIsolationPolicy::UseSubframeNavigationEntries()); | 1019 DCHECK(SiteIsolationPolicy::UseSubframeNavigationEntries()); |
| 1019 | 1020 |
| 1020 // Try to find a FrameNavigationEntry that matches this frame instead, based | 1021 // Try to find a FrameNavigationEntry that matches this frame instead, based |
| 1021 // on the frame's unique name. If this can't be found, fall back to the | 1022 // on the frame's unique name. If this can't be found, fall back to the |
| 1022 // default params using RequestOpenURL below. | 1023 // default params using RequestOpenURL below. |
| 1023 if (frame_tree_node_->navigator()->NavigateNewChildFrame(this, | 1024 if (frame_tree_node_->navigator()->NavigateNewChildFrame(this, |
| 1024 validated_url)) | 1025 validated_url)) |
| 1025 return; | 1026 return; |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1183 return; | 1184 return; |
| 1184 } | 1185 } |
| 1185 | 1186 |
| 1186 // Without this check, an evil renderer can trick the browser into creating | 1187 // Without this check, an evil renderer can trick the browser into creating |
| 1187 // a navigation entry for a banned URL. If the user clicks the back button | 1188 // a navigation entry for a banned URL. If the user clicks the back button |
| 1188 // followed by the forward button (or clicks reload, or round-trips through | 1189 // followed by the forward button (or clicks reload, or round-trips through |
| 1189 // session restore, etc), we'll think that the browser commanded the | 1190 // session restore, etc), we'll think that the browser commanded the |
| 1190 // renderer to load the URL and grant the renderer the privileges to request | 1191 // renderer to load the URL and grant the renderer the privileges to request |
| 1191 // the URL. To prevent this attack, we block the renderer from inserting | 1192 // the URL. To prevent this attack, we block the renderer from inserting |
| 1192 // banned URLs into the navigation controller in the first place. | 1193 // banned URLs into the navigation controller in the first place. |
| 1193 process->FilterURL(false, &validated_params.url); | 1194 if (validated_params.url != GURL(content::kAboutSrcDocURL)) |
| 1195 process->FilterURL(false, &validated_params.url); | |
| 1194 process->FilterURL(true, &validated_params.referrer.url); | 1196 process->FilterURL(true, &validated_params.referrer.url); |
| 1195 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); | 1197 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); |
| 1196 it != validated_params.redirects.end(); ++it) { | 1198 it != validated_params.redirects.end(); ++it) { |
| 1197 process->FilterURL(false, &(*it)); | 1199 if (*it != GURL(content::kAboutSrcDocURL)) |
|
nasko
2016/11/10 18:14:14
All of these checks will be unnecessary if we upda
| |
| 1200 process->FilterURL(false, &(*it)); | |
| 1198 } | 1201 } |
| 1199 process->FilterURL(true, &validated_params.searchable_form_url); | 1202 process->FilterURL(true, &validated_params.searchable_form_url); |
| 1200 | 1203 |
| 1201 // Without this check, the renderer can trick the browser into using | 1204 // Without this check, the renderer can trick the browser into using |
| 1202 // filenames it can't access in a future session restore. | 1205 // filenames it can't access in a future session restore. |
| 1203 if (!CanAccessFilesOfPageState(validated_params.page_state)) { | 1206 if (!CanAccessFilesOfPageState(validated_params.page_state)) { |
| 1204 bad_message::ReceivedBadMessage( | 1207 bad_message::ReceivedBadMessage( |
| 1205 GetProcess(), bad_message::RFH_CAN_ACCESS_FILES_OF_PAGE_STATE); | 1208 GetProcess(), bad_message::RFH_CAN_ACCESS_FILES_OF_PAGE_STATE); |
| 1206 return; | 1209 return; |
| 1207 } | 1210 } |
| (...skipping 1980 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3188 NavigationEntryImpl* pending_entry = | 3191 NavigationEntryImpl* pending_entry = |
| 3189 NavigationEntryImpl::FromNavigationEntry( | 3192 NavigationEntryImpl::FromNavigationEntry( |
| 3190 frame_tree_node()->navigator()->GetController()->GetPendingEntry()); | 3193 frame_tree_node()->navigator()->GetController()->GetPendingEntry()); |
| 3191 if (pending_entry && pending_entry->GetUniqueID() == params.nav_entry_id) { | 3194 if (pending_entry && pending_entry->GetUniqueID() == params.nav_entry_id) { |
| 3192 pending_nav_entry_id = params.nav_entry_id; | 3195 pending_nav_entry_id = params.nav_entry_id; |
| 3193 is_renderer_initiated = pending_entry->is_renderer_initiated(); | 3196 is_renderer_initiated = pending_entry->is_renderer_initiated(); |
| 3194 } | 3197 } |
| 3195 | 3198 |
| 3196 return NavigationHandleImpl::Create( | 3199 return NavigationHandleImpl::Create( |
| 3197 params.url, frame_tree_node_, is_renderer_initiated, | 3200 params.url, frame_tree_node_, is_renderer_initiated, |
| 3198 params.was_within_same_page, params.is_srcdoc, base::TimeTicks::Now(), | 3201 params.was_within_same_page, base::TimeTicks::Now(), |
| 3199 pending_nav_entry_id, false); // started_from_context_menu | 3202 pending_nav_entry_id, false); // started_from_context_menu |
| 3200 } | 3203 } |
| 3201 | 3204 |
| 3202 // Determine if the current NavigationHandle can be used. | 3205 // Determine if the current NavigationHandle can be used. |
| 3203 if (navigation_handle_ && navigation_handle_->GetURL() == params.url) { | 3206 if (navigation_handle_ && navigation_handle_->GetURL() == params.url) { |
| 3204 return std::move(navigation_handle_); | 3207 return std::move(navigation_handle_); |
| 3205 } | 3208 } |
| 3206 | 3209 |
| 3207 // If the URL does not match what the NavigationHandle expects, treat the | 3210 // If the URL does not match what the NavigationHandle expects, treat the |
| 3208 // commit as a new navigation. This can happen when loading a Data | 3211 // commit as a new navigation. This can happen when loading a Data |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3240 | 3243 |
| 3241 // Reset any existing NavigationHandle. | 3244 // Reset any existing NavigationHandle. |
| 3242 navigation_handle_.reset(); | 3245 navigation_handle_.reset(); |
| 3243 } | 3246 } |
| 3244 | 3247 |
| 3245 // There is no pending NavigationEntry in these cases, so pass 0 as the | 3248 // There is no pending NavigationEntry in these cases, so pass 0 as the |
| 3246 // pending_nav_entry_id. If the previous handle was a prematurely aborted | 3249 // pending_nav_entry_id. If the previous handle was a prematurely aborted |
| 3247 // navigation loaded via LoadDataWithBaseURL, propagate the entry id. | 3250 // navigation loaded via LoadDataWithBaseURL, propagate the entry id. |
| 3248 return NavigationHandleImpl::Create( | 3251 return NavigationHandleImpl::Create( |
| 3249 params.url, frame_tree_node_, is_renderer_initiated, | 3252 params.url, frame_tree_node_, is_renderer_initiated, |
| 3250 params.was_within_same_page, params.is_srcdoc, base::TimeTicks::Now(), | 3253 params.was_within_same_page, base::TimeTicks::Now(), |
| 3251 entry_id_for_data_nav, false); // started_from_context_menu | 3254 entry_id_for_data_nav, false); // started_from_context_menu |
| 3252 } | 3255 } |
| 3253 | 3256 |
| 3254 } // namespace content | 3257 } // namespace content |
| OLD | NEW |
