Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/Frame.cpp

Issue 2621043002: Add UserCounter for Top Navigation in sandbox (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/UseCounter.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> 2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org>
3 * 1999 Lars Knoll <knoll@kde.org> 3 * 1999 Lars Knoll <knoll@kde.org>
4 * 1999 Antti Koivisto <koivisto@kde.org> 4 * 1999 Antti Koivisto <koivisto@kde.org>
5 * 2000 Simon Hausmann <hausmann@kde.org> 5 * 2000 Simon Hausmann <hausmann@kde.org>
6 * 2000 Stefan Schimanski <1Stein@gmx.de> 6 * 2000 Stefan Schimanski <1Stein@gmx.de>
7 * 2001 George Staikos <staikos@kde.org> 7 * 2001 George Staikos <staikos@kde.org>
8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All 8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All
9 * rights reserved. 9 * rights reserved.
10 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> 10 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com>
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
154 // be doing something more general instead? 154 // be doing something more general instead?
155 if (isLocalActiveOrigin && ancestorSecurityOrigin->isLocal()) 155 if (isLocalActiveOrigin && ancestorSecurityOrigin->isLocal())
156 return true; 156 return true;
157 } 157 }
158 158
159 return false; 159 return false;
160 } 160 }
161 161
162 bool Frame::canNavigate(const Frame& targetFrame) { 162 bool Frame::canNavigate(const Frame& targetFrame) {
163 String errorReason; 163 String errorReason;
164 bool isAllowedNavigation = 164 const bool isAllowedNavigation =
165 canNavigateWithoutFramebusting(targetFrame, errorReason); 165 canNavigateWithoutFramebusting(targetFrame, errorReason);
166 const bool sandboxed = securityContext()->getSandboxFlags() != SandboxNone;
167 const bool hasUserGesture =
168 isLocalFrame() ? toLocalFrame(this)->document()->hasReceivedUserGesture()
169 : false;
166 170
171 // Top navigation in sandbox with or w/o 'allow-top-navigation'.
172 if (targetFrame != this && sandboxed && targetFrame == tree().top()) {
173 UseCounter::count(&targetFrame, UseCounter::TopNavInSandbox);
174 if (!hasUserGesture) {
175 UseCounter::count(&targetFrame,
176 UseCounter::TopNavInSandboxWithoutGesture);
177 }
178 }
179
180 // Top navigation w/o sandbox or in sandbox with 'allow-top-navigation'.
167 if (targetFrame != this && 181 if (targetFrame != this &&
168 !securityContext()->isSandboxed(SandboxTopNavigation) && 182 !securityContext()->isSandboxed(SandboxTopNavigation) &&
169 targetFrame == tree().top()) { 183 targetFrame == tree().top()) {
170 DEFINE_STATIC_LOCAL(EnumerationHistogram, framebustHistogram, 184 DEFINE_STATIC_LOCAL(EnumerationHistogram, framebustHistogram,
171 ("WebCore.Framebust", 4)); 185 ("WebCore.Framebust", 4));
172 const unsigned userGestureBit = 0x1; 186 const unsigned userGestureBit = 0x1;
173 const unsigned allowedBit = 0x2; 187 const unsigned allowedBit = 0x2;
174 unsigned framebustParams = 0; 188 unsigned framebustParams = 0;
175 UseCounter::count(&targetFrame, UseCounter::TopNavigationFromSubFrame); 189 UseCounter::count(&targetFrame, UseCounter::TopNavigationFromSubFrame);
176 bool hasUserGesture = 190
177 isLocalFrame()
178 ? toLocalFrame(this)->document()->hasReceivedUserGesture()
179 : false;
180 if (hasUserGesture) 191 if (hasUserGesture)
181 framebustParams |= userGestureBit; 192 framebustParams |= userGestureBit;
193 if (sandboxed) { // Sandboxed with 'allow-top-navigation'.
194 UseCounter::count(&targetFrame, UseCounter::TopNavInSandboxWithPerm);
195 if (!hasUserGesture) {
196 UseCounter::count(&targetFrame,
197 UseCounter::TopNavInSandboxWithPermButNoGesture);
198 }
199 }
200
182 if (isAllowedNavigation) 201 if (isAllowedNavigation)
183 framebustParams |= allowedBit; 202 framebustParams |= allowedBit;
184 framebustHistogram.count(framebustParams); 203 framebustHistogram.count(framebustParams);
185 if (hasUserGesture || isAllowedNavigation) 204 if (hasUserGesture || isAllowedNavigation)
186 return true; 205 return true;
187 // Frame-busting used to be generally allowed in most situations, but may 206 // Frame-busting used to be generally allowed in most situations, but may
188 // now blocked if the document initiating the navigation has never received 207 // now blocked if the document initiating the navigation has never received
189 // a user gesture. 208 // a user gesture.
190 if (!RuntimeEnabledFeatures:: 209 if (!RuntimeEnabledFeatures::
191 framebustingNeedsSameOriginOrUserGestureEnabled()) { 210 framebustingNeedsSameOriginOrUserGestureEnabled()) {
(...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after
355 374
356 ASSERT(page()); 375 ASSERT(page());
357 376
358 if (m_owner) 377 if (m_owner)
359 m_owner->setContentFrame(*this); 378 m_owner->setContentFrame(*this);
360 else 379 else
361 page()->setMainFrame(this); 380 page()->setMainFrame(this);
362 } 381 }
363 382
364 } // namespace blink 383 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/frame/UseCounter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698