Chromium Code Reviews Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_handle_impl.h" | 5 #include "content/browser/frame_host/navigation_handle_impl.h" |
| 6 | 6 |
| 7 #include <iterator> | 7 #include <iterator> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| 11 #include "content/browser/appcache/appcache_service_impl.h" | 11 #include "content/browser/appcache/appcache_service_impl.h" |
| 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" | 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" |
| 13 #include "content/browser/child_process_security_policy_impl.h" | 13 #include "content/browser/child_process_security_policy_impl.h" |
| 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" | 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" |
| 15 #include "content/browser/frame_host/ancestor_throttle.h" | 15 #include "content/browser/frame_host/ancestor_throttle.h" |
| 16 #include "content/browser/frame_host/data_url_navigation_throttle.h" | |
| 16 #include "content/browser/frame_host/debug_urls.h" | 17 #include "content/browser/frame_host/debug_urls.h" |
| 17 #include "content/browser/frame_host/frame_tree_node.h" | 18 #include "content/browser/frame_host/frame_tree_node.h" |
| 18 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" | 19 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" |
| 19 #include "content/browser/frame_host/navigation_controller_impl.h" | 20 #include "content/browser/frame_host/navigation_controller_impl.h" |
| 20 #include "content/browser/frame_host/navigation_entry_impl.h" | 21 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 21 #include "content/browser/frame_host/navigator.h" | 22 #include "content/browser/frame_host/navigator.h" |
| 22 #include "content/browser/frame_host/navigator_delegate.h" | 23 #include "content/browser/frame_host/navigator_delegate.h" |
| 23 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 24 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 24 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 25 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
| 25 #include "content/browser/service_worker/service_worker_navigation_handle.h" | 26 #include "content/browser/service_worker/service_worker_navigation_handle.h" |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 275 | 276 |
| 276 net::HttpResponseInfo::ConnectionInfo | 277 net::HttpResponseInfo::ConnectionInfo |
| 277 NavigationHandleImpl::GetConnectionInfo() { | 278 NavigationHandleImpl::GetConnectionInfo() { |
| 278 return connection_info_; | 279 return connection_info_; |
| 279 } | 280 } |
| 280 | 281 |
| 281 bool NavigationHandleImpl::HasCommitted() { | 282 bool NavigationHandleImpl::HasCommitted() { |
| 282 return state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE; | 283 return state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE; |
| 283 } | 284 } |
| 284 | 285 |
| 286 bool NavigationHandleImpl::IsDownload() { | |
| 287 return is_download_; | |
| 288 } | |
| 289 | |
| 285 bool NavigationHandleImpl::IsErrorPage() { | 290 bool NavigationHandleImpl::IsErrorPage() { |
| 286 return state_ == DID_COMMIT_ERROR_PAGE; | 291 return state_ == DID_COMMIT_ERROR_PAGE; |
| 287 } | 292 } |
| 288 | 293 |
| 289 bool NavigationHandleImpl::DidReplaceEntry() { | 294 bool NavigationHandleImpl::DidReplaceEntry() { |
| 290 DCHECK(state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE); | 295 DCHECK(state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE); |
| 291 return did_replace_entry_; | 296 return did_replace_entry_; |
| 292 } | 297 } |
| 293 | 298 |
| 294 bool NavigationHandleImpl::ShouldUpdateHistory() { | 299 bool NavigationHandleImpl::ShouldUpdateHistory() { |
| (...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 653 navigation_type_ = navigation_type; | 658 navigation_type_ = navigation_type; |
| 654 | 659 |
| 655 // If an error page reloads, net_error_code might be 200 but we still want to | 660 // If an error page reloads, net_error_code might be 200 but we still want to |
| 656 // count it as an error page. | 661 // count it as an error page. |
| 657 if (params.base_url.spec() == kUnreachableWebDataURL || | 662 if (params.base_url.spec() == kUnreachableWebDataURL || |
| 658 net_error_code_ != net::OK) { | 663 net_error_code_ != net::OK) { |
| 659 state_ = DID_COMMIT_ERROR_PAGE; | 664 state_ = DID_COMMIT_ERROR_PAGE; |
| 660 } else { | 665 } else { |
| 661 state_ = DID_COMMIT; | 666 state_ = DID_COMMIT; |
| 662 } | 667 } |
| 663 | |
| 664 if (url_.SchemeIs(url::kDataScheme) && IsInMainFrame() && | |
| 665 IsRendererInitiated()) { | |
| 666 GetRenderFrameHost()->AddMessageToConsole( | |
| 667 CONSOLE_MESSAGE_LEVEL_WARNING, | |
| 668 "Upcoming versions will block content-initiated top frame navigations " | |
| 669 "to data: URLs. For more information, see https://goo.gl/BaZAea."); | |
| 670 } | |
| 671 } | 668 } |
| 672 | 669 |
| 673 void NavigationHandleImpl::Transfer() { | 670 void NavigationHandleImpl::Transfer() { |
| 674 DCHECK(!IsBrowserSideNavigationEnabled()); | 671 DCHECK(!IsBrowserSideNavigationEnabled()); |
| 675 // This is an actual transfer. Inform the NavigationResourceThrottle. This | 672 // This is an actual transfer. Inform the NavigationResourceThrottle. This |
| 676 // will allow to mark the URLRequest as transferring. When it is marked as | 673 // will allow to mark the URLRequest as transferring. When it is marked as |
| 677 // transferring, the URLRequest can no longer be cancelled by its original | 674 // transferring, the URLRequest can no longer be cancelled by its original |
| 678 // RenderFrame. Instead it will persist until being picked up by the transfer | 675 // RenderFrame. Instead it will persist until being picked up by the transfer |
| 679 // RenderFrame, even if the original RenderFrame is destroyed. | 676 // RenderFrame, even if the original RenderFrame is destroyed. |
| 680 // Note: |transfer_callback_| can be null in unit tests. | 677 // Note: |transfer_callback_| can be null in unit tests. |
| (...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 920 std::unique_ptr<NavigationThrottle> clear_site_data_throttle = | 917 std::unique_ptr<NavigationThrottle> clear_site_data_throttle = |
| 921 ClearSiteDataThrottle::CreateThrottleForNavigation(this); | 918 ClearSiteDataThrottle::CreateThrottleForNavigation(this); |
| 922 if (clear_site_data_throttle) | 919 if (clear_site_data_throttle) |
| 923 throttles_to_register.push_back(std::move(clear_site_data_throttle)); | 920 throttles_to_register.push_back(std::move(clear_site_data_throttle)); |
| 924 | 921 |
| 925 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = | 922 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = |
| 926 content::AncestorThrottle::MaybeCreateThrottleFor(this); | 923 content::AncestorThrottle::MaybeCreateThrottleFor(this); |
| 927 if (ancestor_throttle) | 924 if (ancestor_throttle) |
| 928 throttles_.push_back(std::move(ancestor_throttle)); | 925 throttles_.push_back(std::move(ancestor_throttle)); |
| 929 | 926 |
| 927 throttles_to_register.push_back( | |
| 928 DataUrlNavigationThrottle::CreateThrottleForNavigation(this)); | |
|
nasko
2017/03/28 19:58:01
Do we want this to be run after mixed content and
meacer
2017/03/30 20:43:55
Didn't really think about that as I was just appen
| |
| 929 | |
| 930 throttles_.insert(throttles_.begin(), | 930 throttles_.insert(throttles_.begin(), |
| 931 std::make_move_iterator(throttles_to_register.begin()), | 931 std::make_move_iterator(throttles_to_register.begin()), |
| 932 std::make_move_iterator(throttles_to_register.end())); | 932 std::make_move_iterator(throttles_to_register.end())); |
| 933 } | 933 } |
| 934 | 934 |
| 935 bool NavigationHandleImpl::IsSelfReferentialURL() { | 935 bool NavigationHandleImpl::IsSelfReferentialURL() { |
| 936 // about: URLs should be exempted since they are reserved for other purposes | 936 // about: URLs should be exempted since they are reserved for other purposes |
| 937 // and cannot be the source of infinite recursion. See | 937 // and cannot be the source of infinite recursion. See |
| 938 // https://crbug.com/341858 . | 938 // https://crbug.com/341858 . |
| 939 if (url_.SchemeIs("about")) | 939 if (url_.SchemeIs("about")) |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 951 if (node->current_url().EqualsIgnoringRef(url_)) { | 951 if (node->current_url().EqualsIgnoringRef(url_)) { |
| 952 if (found_self_reference) | 952 if (found_self_reference) |
| 953 return true; | 953 return true; |
| 954 found_self_reference = true; | 954 found_self_reference = true; |
| 955 } | 955 } |
| 956 } | 956 } |
| 957 return false; | 957 return false; |
| 958 } | 958 } |
| 959 | 959 |
| 960 } // namespace content | 960 } // namespace content |
| OLD | NEW |
