content/browser/frame_host/navigation_handle_impl.cc - Issue 2528813002: Fix Self-Referencing OOPIF Infinite Loop

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/frame_host/navigation_handle_impl.cc

Issue 2528813002: Fix Self-Referencing OOPIF Infinite Loop (Closed)

Patch Set: refactor allowedToLoadFrame conditional Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/browser/frame_host/navigation_handle_impl.h ('k') | content/browser/frame_host/render_frame_host_manager_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/frame_host/navigation_handle_impl.cc

diff --git a/content/browser/frame_host/navigation_handle_impl.cc b/content/browser/frame_host/navigation_handle_impl.cc

index 74e0b202c6f005ffc79bb32c909b01bb847c83f2..655aa5bce847c9fbc2feb8af2a010cbaa615ee15 100644

--- a/content/browser/frame_host/navigation_handle_impl.cc

+++ b/content/browser/frame_host/navigation_handle_impl.cc

@@ -509,6 +509,12 @@ void NavigationHandleImpl::WillStartRequest(

state_ = WILL_SEND_REQUEST;

complete_callback_ = callback;

+ if (IsSelfReferentialURL()) {

+ state_ = CANCELING;

+ RunCompleteCallback(NavigationThrottle::CANCEL);

+ return;

+ }

RegisterNavigationThrottles();

if (IsBrowserSideNavigationEnabled())

@@ -551,6 +557,12 @@ void NavigationHandleImpl::WillRedirectRequest(

state_ = WILL_REDIRECT_REQUEST;

complete_callback_ = callback;

+ if (IsSelfReferentialURL()) {

+ state_ = CANCELING;

+ RunCompleteCallback(NavigationThrottle::CANCEL);

+ return;

+ }

// Notify each throttle of the request.

NavigationThrottle::ThrottleCheckResult result = CheckWillRedirectRequest();

@@ -889,4 +901,29 @@ void NavigationHandleImpl::RegisterNavigationThrottles() {

std::make_move_iterator(throttles_to_register.end()));

}

+bool NavigationHandleImpl::IsSelfReferentialURL() {

+ // about: URLs should be exempted since they are reserved for other purposes

+ // and cannot be the source of infinite recursion. See

+ // https://crbug.com/341858 .

+ if (url_.SchemeIs("about"))

+ return false;

+ // Browser-triggered navigations should be exempted.

+ if (!is_renderer_initiated_)

+ return false;

+ // We allow one level of self-reference because some sites depend on that,

+ // but we don't allow more than one.

+ bool found_self_reference = false;

+ for (const FrameTreeNode* node = frame_tree_node_->parent(); node;

+ node = node->parent()) {

+ if (node->current_url().EqualsIgnoringRef(url_)) {

+ if (found_self_reference)

+ return true;

+ found_self_reference = true;

+ }

+ return false;

} // namespace content