| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
| 3 * reserved. | 3 * reserved. |
| 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
| 6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
| 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
| (...skipping 725 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 736 | 736 |
| 737 KURL url = request.resourceRequest().url(); | 737 KURL url = request.resourceRequest().url(); |
| 738 if (m_frame->script().executeScriptIfJavaScriptURL(url, nullptr)) | 738 if (m_frame->script().executeScriptIfJavaScriptURL(url, nullptr)) |
| 739 return false; | 739 return false; |
| 740 | 740 |
| 741 if (!request.originDocument()->getSecurityOrigin()->canDisplay(url)) { | 741 if (!request.originDocument()->getSecurityOrigin()->canDisplay(url)) { |
| 742 reportLocalLoadFailed(m_frame, url.elidedString()); | 742 reportLocalLoadFailed(m_frame, url.elidedString()); |
| 743 return false; | 743 return false; |
| 744 } | 744 } |
| 745 | 745 |
| 746 // Block content-initiated, top-frame navigations to data URLs. |
| 747 if (m_frame->isMainFrame() && |
| 748 !request.resourceRequest().isSameDocumentNavigation() && |
| 749 !m_frame->client()->allowContentInitiatedDataUrlNavigations( |
| 750 request.originDocument()->url()) && |
| 751 !request.originDocument()->getSecurityOrigin()->canNavigateInTopFrame( |
| 752 url)) { |
| 753 reportTopLevelNavigationFailed(m_frame, url.elidedString()); |
| 754 return false; |
| 755 } |
| 756 |
| 746 if (!request.form() && request.frameName().isEmpty()) | 757 if (!request.form() && request.frameName().isEmpty()) |
| 747 request.setFrameName(m_frame->document()->baseTarget()); | 758 request.setFrameName(m_frame->document()->baseTarget()); |
| 748 return true; | 759 return true; |
| 749 } | 760 } |
| 750 | 761 |
| 751 static bool shouldNavigateTargetFrame(NavigationPolicy policy) { | 762 static bool shouldNavigateTargetFrame(NavigationPolicy policy) { |
| 752 switch (policy) { | 763 switch (policy) { |
| 753 case NavigationPolicyCurrentTab: | 764 case NavigationPolicyCurrentTab: |
| 754 return true; | 765 return true; |
| 755 | 766 |
| (...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 972 void FrameLoader::reportLocalLoadFailed(LocalFrame* frame, const String& url) { | 983 void FrameLoader::reportLocalLoadFailed(LocalFrame* frame, const String& url) { |
| 973 DCHECK(!url.isEmpty()); | 984 DCHECK(!url.isEmpty()); |
| 974 if (!frame) | 985 if (!frame) |
| 975 return; | 986 return; |
| 976 | 987 |
| 977 frame->document()->addConsoleMessage( | 988 frame->document()->addConsoleMessage( |
| 978 ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, | 989 ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, |
| 979 "Not allowed to load local resource: " + url)); | 990 "Not allowed to load local resource: " + url)); |
| 980 } | 991 } |
| 981 | 992 |
| 993 void FrameLoader::reportTopLevelNavigationFailed(LocalFrame* frame, |
| 994 const String& url) { |
| 995 DCHECK(!url.isEmpty()); |
| 996 if (!frame) |
| 997 return; |
| 998 |
| 999 frame->document()->addConsoleMessage(ConsoleMessage::create( |
| 1000 SecurityMessageSource, ErrorMessageLevel, |
| 1001 "Not allowed to top-level navigate to resource: " + url)); |
| 1002 } |
| 1003 |
| 982 void FrameLoader::stopAllLoaders() { | 1004 void FrameLoader::stopAllLoaders() { |
| 983 if (m_frame->document()->pageDismissalEventBeingDispatched() != | 1005 if (m_frame->document()->pageDismissalEventBeingDispatched() != |
| 984 Document::NoDismissal) | 1006 Document::NoDismissal) |
| 985 return; | 1007 return; |
| 986 | 1008 |
| 987 // If this method is called from within this method, infinite recursion can | 1009 // If this method is called from within this method, infinite recursion can |
| 988 // occur (3442218). Avoid this. | 1010 // occur (3442218). Avoid this. |
| 989 if (m_inStopAllLoaders) | 1011 if (m_inStopAllLoaders) |
| 990 return; | 1012 return; |
| 991 | 1013 |
| (...skipping 759 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1751 // TODO(japhet): This is needed because the browser process DCHECKs if the | 1773 // TODO(japhet): This is needed because the browser process DCHECKs if the |
| 1752 // first entry we commit in a new frame has replacement set. It's unclear | 1774 // first entry we commit in a new frame has replacement set. It's unclear |
| 1753 // whether the DCHECK is right, investigate removing this special case. | 1775 // whether the DCHECK is right, investigate removing this special case. |
| 1754 bool replaceCurrentItem = loadType == FrameLoadTypeReplaceCurrentItem && | 1776 bool replaceCurrentItem = loadType == FrameLoadTypeReplaceCurrentItem && |
| 1755 (!opener() || !request.url().isEmpty()); | 1777 (!opener() || !request.url().isEmpty()); |
| 1756 loader->setReplacesCurrentHistoryItem(replaceCurrentItem); | 1778 loader->setReplacesCurrentHistoryItem(replaceCurrentItem); |
| 1757 return loader; | 1779 return loader; |
| 1758 } | 1780 } |
| 1759 | 1781 |
| 1760 } // namespace blink | 1782 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
