Chromium Code Reviews Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/navigation_handle_impl.h" | 5 #include "content/browser/frame_host/navigation_handle_impl.h" |
| 6 | 6 |
| 7 #include <iterator> | 7 #include <iterator> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "content/browser/appcache/appcache_navigation_handle.h" | 10 #include "content/browser/appcache/appcache_navigation_handle.h" |
| 11 #include "content/browser/appcache/appcache_service_impl.h" | 11 #include "content/browser/appcache/appcache_service_impl.h" |
| 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" | 12 #include "content/browser/browsing_data/clear_site_data_throttle.h" |
| 13 #include "content/browser/child_process_security_policy_impl.h" | 13 #include "content/browser/child_process_security_policy_impl.h" |
| 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" | 14 #include "content/browser/devtools/render_frame_devtools_agent_host.h" |
| 15 #include "content/browser/frame_host/ancestor_throttle.h" | 15 #include "content/browser/frame_host/ancestor_throttle.h" |
| 16 #include "content/browser/frame_host/data_url_navigation_throttle.h" | |
| 16 #include "content/browser/frame_host/debug_urls.h" | 17 #include "content/browser/frame_host/debug_urls.h" |
| 17 #include "content/browser/frame_host/form_submission_throttle.h" | 18 #include "content/browser/frame_host/form_submission_throttle.h" |
| 18 #include "content/browser/frame_host/frame_tree_node.h" | 19 #include "content/browser/frame_host/frame_tree_node.h" |
| 19 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" | 20 #include "content/browser/frame_host/mixed_content_navigation_throttle.h" |
| 20 #include "content/browser/frame_host/navigation_controller_impl.h" | 21 #include "content/browser/frame_host/navigation_controller_impl.h" |
| 21 #include "content/browser/frame_host/navigation_entry_impl.h" | 22 #include "content/browser/frame_host/navigation_entry_impl.h" |
| 22 #include "content/browser/frame_host/navigator.h" | 23 #include "content/browser/frame_host/navigator.h" |
| 23 #include "content/browser/frame_host/navigator_delegate.h" | 24 #include "content/browser/frame_host/navigator_delegate.h" |
| 24 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 25 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 25 #include "content/browser/service_worker/service_worker_context_wrapper.h" | 26 #include "content/browser/service_worker/service_worker_context_wrapper.h" |
| (...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 283 | 284 |
| 284 net::HttpResponseInfo::ConnectionInfo | 285 net::HttpResponseInfo::ConnectionInfo |
| 285 NavigationHandleImpl::GetConnectionInfo() { | 286 NavigationHandleImpl::GetConnectionInfo() { |
| 286 return connection_info_; | 287 return connection_info_; |
| 287 } | 288 } |
| 288 | 289 |
| 289 bool NavigationHandleImpl::HasCommitted() { | 290 bool NavigationHandleImpl::HasCommitted() { |
| 290 return state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE; | 291 return state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE; |
| 291 } | 292 } |
| 292 | 293 |
| 294 bool NavigationHandleImpl::IsDownload() { | |
| 295 return is_download_; | |
| 296 } | |
| 297 | |
| 293 bool NavigationHandleImpl::IsErrorPage() { | 298 bool NavigationHandleImpl::IsErrorPage() { |
| 294 return state_ == DID_COMMIT_ERROR_PAGE; | 299 return state_ == DID_COMMIT_ERROR_PAGE; |
| 295 } | 300 } |
| 296 | 301 |
| 297 bool NavigationHandleImpl::HasSubframeNavigationEntryCommitted() { | 302 bool NavigationHandleImpl::HasSubframeNavigationEntryCommitted() { |
| 298 DCHECK(!IsInMainFrame()); | 303 DCHECK(!IsInMainFrame()); |
| 299 DCHECK(state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE); | 304 DCHECK(state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE); |
| 300 return subframe_entry_committed_; | 305 return subframe_entry_committed_; |
| 301 } | 306 } |
| 302 | 307 |
| (...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 673 subframe_entry_committed_ = navigation_entry_committed; | 678 subframe_entry_committed_ = navigation_entry_committed; |
| 674 | 679 |
| 675 // If an error page reloads, net_error_code might be 200 but we still want to | 680 // If an error page reloads, net_error_code might be 200 but we still want to |
| 676 // count it as an error page. | 681 // count it as an error page. |
| 677 if (params.base_url.spec() == kUnreachableWebDataURL || | 682 if (params.base_url.spec() == kUnreachableWebDataURL || |
| 678 net_error_code_ != net::OK) { | 683 net_error_code_ != net::OK) { |
| 679 state_ = DID_COMMIT_ERROR_PAGE; | 684 state_ = DID_COMMIT_ERROR_PAGE; |
| 680 } else { | 685 } else { |
| 681 state_ = DID_COMMIT; | 686 state_ = DID_COMMIT; |
| 682 } | 687 } |
| 683 | |
| 684 if (url_.SchemeIs(url::kDataScheme) && IsInMainFrame() && | |
| 685 IsRendererInitiated()) { | |
| 686 GetRenderFrameHost()->AddMessageToConsole( | |
| 687 CONSOLE_MESSAGE_LEVEL_WARNING, | |
| 688 "Upcoming versions will block content-initiated top frame navigations " | |
| 689 "to data: URLs. For more information, see https://goo.gl/BaZAea."); | |
| 690 } | |
| 691 } | 688 } |
| 692 | 689 |
| 693 void NavigationHandleImpl::Transfer() { | 690 void NavigationHandleImpl::Transfer() { |
| 694 DCHECK(!IsBrowserSideNavigationEnabled()); | 691 DCHECK(!IsBrowserSideNavigationEnabled()); |
| 695 // This is an actual transfer. Inform the NavigationResourceThrottle. This | 692 // This is an actual transfer. Inform the NavigationResourceThrottle. This |
| 696 // will allow to mark the URLRequest as transferring. When it is marked as | 693 // will allow to mark the URLRequest as transferring. When it is marked as |
| 697 // transferring, the URLRequest can no longer be cancelled by its original | 694 // transferring, the URLRequest can no longer be cancelled by its original |
| 698 // RenderFrame. Instead it will persist until being picked up by the transfer | 695 // RenderFrame. Instead it will persist until being picked up by the transfer |
| 699 // RenderFrame, even if the original RenderFrame is destroyed. | 696 // RenderFrame, even if the original RenderFrame is destroyed. |
| 700 // Note: |transfer_callback_| can be null in unit tests. | 697 // Note: |transfer_callback_| can be null in unit tests. |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 922 // Register the navigation throttles. The vector returned by | 919 // Register the navigation throttles. The vector returned by |
| 923 // CreateThrottlesForNavigation is not assigned to throttles_ directly because | 920 // CreateThrottlesForNavigation is not assigned to throttles_ directly because |
| 924 // it would overwrite any throttles previously added with | 921 // it would overwrite any throttles previously added with |
| 925 // RegisterThrottleForTesting. | 922 // RegisterThrottleForTesting. |
| 926 // TODO(carlosk, arthursonzogni): should simplify this to either use | 923 // TODO(carlosk, arthursonzogni): should simplify this to either use |
| 927 // |throttles_| directly (except for the case described above) or | 924 // |throttles_| directly (except for the case described above) or |
| 928 // |throttles_to_register| for registering all throttles. | 925 // |throttles_to_register| for registering all throttles. |
| 929 std::vector<std::unique_ptr<NavigationThrottle>> throttles_to_register = | 926 std::vector<std::unique_ptr<NavigationThrottle>> throttles_to_register = |
| 930 GetDelegate()->CreateThrottlesForNavigation(this); | 927 GetDelegate()->CreateThrottlesForNavigation(this); |
| 931 | 928 |
| 929 // Check for top-frame, content-initiated navigations to data URLs. This is | |
|
nasko
2017/03/30 23:15:45
nit: s/content-initiated/renderer-initiated/, s/to
meacer
2017/04/05 22:33:28
Done.
| |
| 930 // done first as it may block the top frame navigation altogether. | |
| 931 std::unique_ptr<NavigationThrottle> data_url_navigation_throttle = | |
| 932 DataUrlNavigationThrottle::CreateThrottleForNavigation(this); | |
| 933 if (data_url_navigation_throttle) | |
| 934 throttles_to_register.push_back(std::move(data_url_navigation_throttle)); | |
| 935 | |
| 932 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = | 936 std::unique_ptr<content::NavigationThrottle> ancestor_throttle = |
| 933 content::AncestorThrottle::MaybeCreateThrottleFor(this); | 937 content::AncestorThrottle::MaybeCreateThrottleFor(this); |
| 934 if (ancestor_throttle) | 938 if (ancestor_throttle) |
| 935 throttles_.push_back(std::move(ancestor_throttle)); | 939 throttles_.push_back(std::move(ancestor_throttle)); |
| 936 | 940 |
| 937 std::unique_ptr<content::NavigationThrottle> form_submission_throttle = | 941 std::unique_ptr<content::NavigationThrottle> form_submission_throttle = |
| 938 content::FormSubmissionThrottle::MaybeCreateThrottleFor(this); | 942 content::FormSubmissionThrottle::MaybeCreateThrottleFor(this); |
| 939 if (form_submission_throttle) | 943 if (form_submission_throttle) |
| 940 throttles_.push_back(std::move(form_submission_throttle)); | 944 throttles_.push_back(std::move(form_submission_throttle)); |
| 941 | 945 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 982 if (node->current_url().EqualsIgnoringRef(url_)) { | 986 if (node->current_url().EqualsIgnoringRef(url_)) { |
| 983 if (found_self_reference) | 987 if (found_self_reference) |
| 984 return true; | 988 return true; |
| 985 found_self_reference = true; | 989 found_self_reference = true; |
| 986 } | 990 } |
| 987 } | 991 } |
| 988 return false; | 992 return false; |
| 989 } | 993 } |
| 990 | 994 |
| 991 } // namespace content | 995 } // namespace content |
| OLD | NEW |
