Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(21)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 2644133002: Do not sanitize about:blank/#foo & about:blank?foo (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/common/navigation_params.cc » ('j') | content/public/common/url_constants.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 3c207c2c185162d81e83cfdc34138da57563d56f..226af1ab37190c7d002ab7a1f24cd3cb599eca12 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -23,6 +23,7 @@
#include "content/public/browser/render_process_host.h"
#include "content/public/common/bindings_policy.h"
#include "content/public/common/url_constants.h"
+#include "content/public/common/url_utils.h"
#include "net/base/filename_util.h"
#include "net/url_request/url_request.h"
#include "storage/browser/fileapi/file_permission_policy.h"
@@ -626,8 +627,9 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
return false; // Can't request invalid URLs.
if (IsPseudoScheme(url.scheme())) {
- // Every child process can request <about:blank> and <about:srcdoc>.
- if (url == url::kAboutBlankURL || url == kAboutSrcDocURL)
+ // Every child process can request <about:blank>, <about:blank?foo>,
+ // <about:blank/#foo> and <about:srcdoc>.
+ if (IsAboutBlankURL(url) || url == kAboutSrcDocURL)
return true;
// URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
// requestable by any child process. Also, this case covers
« no previous file with comments | « no previous file | content/common/navigation_params.cc » ('j') | content/public/common/url_constants.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698