Block renderer-initiated main frame navigations to data URLs

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

 /*
  * Copyright (C) 2007 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1.  Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  * 2.  Redistributions in binary form must reproduce the above copyright
@@ skipping 10 matching lines @@
  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "platform/weborigin/SecurityOrigin.h"
 
+#include <memory>
 #include "platform/RuntimeEnabledFeatures.h"
+#include "platform/network/NetworkUtils.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/KnownPorts.h"
 #include "platform/weborigin/SchemeRegistry.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "platform/weborigin/URLSecurityOriginMap.h"
 #include "url/url_canon.h"
 #include "url/url_canon_ip.h"
 #include "wtf/HexNumber.h"
 #include "wtf/NotFound.h"
 #include "wtf/PtrUtil.h"
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/StringBuilder.h"
 #include "wtf/text/StringUTF8Adaptor.h"
-#include <memory>
 
 namespace blink {
 
 const int InvalidPort = 0;
 const int MaxAllowedPort = 65535;
 
 static URLSecurityOriginMap* s_urlOriginMap = 0;
 
 static SecurityOrigin* getOriginFromMap(const KURL& url) {
   if (s_urlOriginMap)
@@ skipping 277 matching lines @@
     return m_protocol == protocol ||
            SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
   if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
     return canLoadLocalResources() ||
            SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
   return true;
 }
 
+bool SecurityOrigin::canNavigateInTopFrame(const KURL& url) const {

[dcheng, 2017/04/12 23:51:24]

Will this be called eventually?

[meacer, 2017/04/13 18:06:36]

It's called from FrameLoader.cpp (line 751).

+  if (m_universalAccess)
+    return true;
+
+  if (url.protocolIsData()) {
+    // Block content-initiated loads of data URLs in the top frame. If the mime
+    // type is supported, the URL will eventually be rendered, so block it here.
+    // Otherwise, the load might be handled by a plugin or end up as a download,
+    // so allow it here to let the embedder figure out what to do with it.
+    AtomicString mimetype;
+    bool isSupportedMimeType = false;
+    if (NetworkUtils::getDataURLMimeType(url, mimetype, &isSupportedMimeType) &&
+        isSupportedMimeType) {
+      return false;
+    }
+  }
+  return true;
+}
+
 bool SecurityOrigin::isPotentiallyTrustworthy() const {
   ASSERT(m_protocol != "data");
   if (isUnique())
     return m_isUniqueOriginPotentiallyTrustworthy;
 
   if (SchemeRegistry::shouldTreatURLSchemeAsSecure(m_protocol) || isLocal() ||
       isLocalhost())
     return true;
 
   if (SecurityPolicy::isOriginWhiteListedTrustworthy(*this))
@@ skipping 265 matching lines @@
         utf8.data(), url::Component(0, utf8.length()), &canonOutput, &outHost);
   } else {
     *success = url::CanonicalizeHost(host.characters16(),
                                      url::Component(0, host.length()),
                                      &canonOutput, &outHost);
   }
   return String::fromUTF8(canonOutput.data(), canonOutput.length());
 }
 
 }  // namespace blink