Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/Frame.cpp

Issue 2645733002: Add an 'allow-top-navigation-with-user-interaction' sandbox flag. (Closed)
Patch Set: Fix the tests finally! Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/SandboxFlags.cpp ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/frame/Frame.cpp
diff --git a/third_party/WebKit/Source/core/frame/Frame.cpp b/third_party/WebKit/Source/core/frame/Frame.cpp
index d259c5d72b7450a82a4d6534d673f801fab881a1..b9731fff21bfd2b679f3641b2dc96ffc35b8bb0e 100644
--- a/third_party/WebKit/Source/core/frame/Frame.cpp
+++ b/third_party/WebKit/Source/core/frame/Frame.cpp
@@ -48,6 +48,7 @@
#include "core/page/Page.h"
#include "platform/Histogram.h"
#include "platform/InstanceCounters.h"
+#include "platform/UserGestureIndicator.h"
#include "platform/feature_policy/FeaturePolicy.h"
#include "platform/network/ResourceError.h"
@@ -284,15 +285,32 @@ bool Frame::canNavigateWithoutFramebusting(const Frame& targetFrame,
return false;
}
- // Top navigation is forbidden unless opted-in. allow-top-navigation
- // will also skips origin checks.
+ // Top navigation is forbidden unless opted-in. allow-top-navigation or
+ // allow-top-navigation-with-user-activation will also skips origin checks.
if (targetFrame == tree().top()) {
- if (securityContext()->isSandboxed(SandboxTopNavigation)) {
+ if (securityContext()->isSandboxed(SandboxTopNavigation) &&
+ securityContext()->isSandboxed(
+ SandboxTopNavigationWithUserActivation)) {
+ // TODO(binlu): To add "or 'allow-top-navigation-with-user-activation'"
+ // to the reason below, once the new flag is shipped.
reason =
"The frame attempting navigation of the top-level window is "
"sandboxed, but the 'allow-top-navigation' flag is not set.";
return false;
}
+ if (securityContext()->isSandboxed(SandboxTopNavigation) &&
+ !securityContext()->isSandboxed(
+ SandboxTopNavigationWithUserActivation) &&
+ !UserGestureIndicator::processingUserGesture()) {
+ // With only 'allow-top-navigation-with-user-activation' (but not
+ // 'allow-top-navigation'), top navigation requires a user gesture.
+ reason =
+ "The frame attempting navigation of the top-level window is "
+ "sandboxed with the 'allow-top-navigation-with-user-activation' "
+ "flag, but has no user activation (aka gesture). See "
+ "https://www.chromestatus.com/feature/5629582019395584.";
+ return false;
+ }
return true;
}
}
« no previous file with comments | « third_party/WebKit/Source/core/dom/SandboxFlags.cpp ('k') | third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698