Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 2494633004: Remove about:srcdoc url conversion. (Closed)
Patch Set: Addressed comments (@creis) Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/history/history_utils.cc ('K') | « content/browser/android/web_contents_observer_proxy.cc ('k') | content/browser/frame_host/frame_tree_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy_impl.h" 5 #include "content/browser/child_process_security_policy_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 608 matching lines...) Expand 10 before | Expand all | Expand 10 after
619 619
620 state->second->RevokeReadRawCookies(); 620 state->second->RevokeReadRawCookies();
621 } 621 }
622 622
623 bool ChildProcessSecurityPolicyImpl::CanRequestURL( 623 bool ChildProcessSecurityPolicyImpl::CanRequestURL(
624 int child_id, const GURL& url) { 624 int child_id, const GURL& url) {
625 if (!url.is_valid()) 625 if (!url.is_valid())
626 return false; // Can't request invalid URLs. 626 return false; // Can't request invalid URLs.
627 627
628 if (IsPseudoScheme(url.scheme())) { 628 if (IsPseudoScheme(url.scheme())) {
629 // Every child process can request <about:blank>. 629 // Every child process can request <about:blank> and <about:srcdoc>
630 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) 630 if (url == url::kAboutBlankURL || url == content::kAboutSrcDocURL)
631 return true; 631 return true;
632 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be 632 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
633 // requestable by any child process. Also, this case covers 633 // requestable by any child process. Also, this case covers
634 // <javascript:...>, which should be handled internally by the process and 634 // <javascript:...>, which should be handled internally by the process and
635 // not kicked up to the browser. 635 // not kicked up to the browser.
636 return false; 636 return false;
637 } 637 }
638 638
639 // Blob and filesystem URLs require special treatment, since they embed an 639 // Blob and filesystem URLs require special treatment, since they embed an
640 // inner origin. 640 // inner origin.
(...skipping 18 matching lines...) Expand all
659 !net::URLRequest::IsHandledURL(url); 659 !net::URLRequest::IsHandledURL(url);
660 } 660 }
661 661
662 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, 662 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
663 const GURL& url) { 663 const GURL& url) {
664 if (!url.is_valid()) 664 if (!url.is_valid())
665 return false; // Can't commit invalid URLs. 665 return false; // Can't commit invalid URLs.
666 666
667 // Of all the pseudo schemes, only about:blank is allowed to commit. 667 // Of all the pseudo schemes, only about:blank is allowed to commit.
668 if (IsPseudoScheme(url.scheme())) 668 if (IsPseudoScheme(url.scheme()))
669 return base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL); 669 return url == url::kAboutBlankURL;
670 670
671 // Blob and filesystem URLs require special treatment; validate the inner 671 // Blob and filesystem URLs require special treatment; validate the inner
672 // origin they embed. 672 // origin they embed.
673 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) { 673 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) {
674 if (IsMalformedBlobUrl(url)) 674 if (IsMalformedBlobUrl(url))
675 return false; 675 return false;
676 676
677 url::Origin origin(url); 677 url::Origin origin(url);
678 return origin.unique() || CanCommitURL(child_id, GURL(origin.Serialize())); 678 return origin.unique() || CanCommitURL(child_id, GURL(origin.Serialize()));
679 } 679 }
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after
993 base::AutoLock lock(lock_); 993 base::AutoLock lock(lock_);
994 994
995 SecurityStateMap::iterator state = security_state_.find(child_id); 995 SecurityStateMap::iterator state = security_state_.find(child_id);
996 if (state == security_state_.end()) 996 if (state == security_state_.end())
997 return false; 997 return false;
998 998
999 return state->second->can_send_midi_sysex(); 999 return state->second->can_send_midi_sysex();
1000 } 1000 }
1001 1001
1002 } // namespace content 1002 } // namespace content
OLDNEW
« chrome/browser/history/history_utils.cc ('K') | « content/browser/android/web_contents_observer_proxy.cc ('k') | content/browser/frame_host/frame_tree_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698