OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights |
3 * reserved. | 3 * reserved. |
4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 4 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 5 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
6 * (http://www.torchmobile.com/) | 6 * (http://www.torchmobile.com/) |
7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 7 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 8 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 9 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
10 * Copyright (C) 2011 Google Inc. All rights reserved. | 10 * Copyright (C) 2011 Google Inc. All rights reserved. |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
82 #include "core/svg/graphics/SVGImage.h" | 82 #include "core/svg/graphics/SVGImage.h" |
83 #include "core/xml/parser/XMLDocumentParser.h" | 83 #include "core/xml/parser/XMLDocumentParser.h" |
84 #include "platform/InstanceCounters.h" | 84 #include "platform/InstanceCounters.h" |
85 #include "platform/PluginScriptForbiddenScope.h" | 85 #include "platform/PluginScriptForbiddenScope.h" |
86 #include "platform/ScriptForbiddenScope.h" | 86 #include "platform/ScriptForbiddenScope.h" |
87 #include "platform/UserGestureIndicator.h" | 87 #include "platform/UserGestureIndicator.h" |
88 #include "platform/instrumentation/tracing/TraceEvent.h" | 88 #include "platform/instrumentation/tracing/TraceEvent.h" |
89 #include "platform/loader/fetch/ResourceFetcher.h" | 89 #include "platform/loader/fetch/ResourceFetcher.h" |
90 #include "platform/loader/fetch/ResourceRequest.h" | 90 #include "platform/loader/fetch/ResourceRequest.h" |
91 #include "platform/network/HTTPParsers.h" | 91 #include "platform/network/HTTPParsers.h" |
92 #include "platform/network/NetworkUtils.h" | |
92 #include "platform/scroll/ScrollAnimatorBase.h" | 93 #include "platform/scroll/ScrollAnimatorBase.h" |
93 #include "platform/weborigin/SchemeRegistry.h" | 94 #include "platform/weborigin/SchemeRegistry.h" |
94 #include "platform/weborigin/SecurityOrigin.h" | 95 #include "platform/weborigin/SecurityOrigin.h" |
95 #include "platform/weborigin/SecurityPolicy.h" | 96 #include "platform/weborigin/SecurityPolicy.h" |
96 #include "platform/weborigin/Suborigin.h" | 97 #include "platform/weborigin/Suborigin.h" |
97 #include "platform/wtf/AutoReset.h" | 98 #include "platform/wtf/AutoReset.h" |
98 #include "platform/wtf/text/CString.h" | 99 #include "platform/wtf/text/CString.h" |
99 #include "platform/wtf/text/WTFString.h" | 100 #include "platform/wtf/text/WTFString.h" |
100 #include "public/platform/WebCachePolicy.h" | 101 #include "public/platform/WebCachePolicy.h" |
101 #include "public/platform/WebURLRequest.h" | 102 #include "public/platform/WebURLRequest.h" |
(...skipping 639 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
741 | 742 |
742 KURL url = request.GetResourceRequest().Url(); | 743 KURL url = request.GetResourceRequest().Url(); |
743 if (frame_->GetScriptController().ExecuteScriptIfJavaScriptURL(url, nullptr)) | 744 if (frame_->GetScriptController().ExecuteScriptIfJavaScriptURL(url, nullptr)) |
744 return false; | 745 return false; |
745 | 746 |
746 if (!request.OriginDocument()->GetSecurityOrigin()->CanDisplay(url)) { | 747 if (!request.OriginDocument()->GetSecurityOrigin()->CanDisplay(url)) { |
747 ReportLocalLoadFailed(frame_, url.ElidedString()); | 748 ReportLocalLoadFailed(frame_, url.ElidedString()); |
748 return false; | 749 return false; |
749 } | 750 } |
750 | 751 |
752 // Block renderer-initiated loads of data URLs in the top frame. If the mime | |
753 // type of the data URL is supported, the URL will eventually be rendered, so | |
754 // block it here. Otherwise, the load might be handled by a plugin or end up | |
755 // as a download, so allow it to let the embedder figure out what to do with | |
756 // it. | |
757 if (frame_->IsMainFrame() && | |
758 !request.GetResourceRequest().IsSameDocumentNavigation() && | |
759 !frame_->Client()->AllowContentInitiatedDataUrlNavigations( | |
dcheng
2017/04/15 01:09:38
Sorry, to follow up on my other question: would it
meacer
2017/04/17 22:21:58
Quick update: I moved these to DecidePolicyForNavi
meacer
2017/04/19 00:05:54
Okay, I've been looking at this, and there are tes
| |
760 request.OriginDocument()->Url()) && | |
761 url.ProtocolIsData() && NetworkUtils::IsDataURLMimeTypeSupported(url)) { | |
762 ReportTopLevelNavigationFailed(frame_, url.ElidedString()); | |
763 return false; | |
764 } | |
765 | |
751 if (!request.Form() && request.FrameName().IsEmpty()) | 766 if (!request.Form() && request.FrameName().IsEmpty()) |
752 request.SetFrameName(frame_->GetDocument()->BaseTarget()); | 767 request.SetFrameName(frame_->GetDocument()->BaseTarget()); |
753 return true; | 768 return true; |
754 } | 769 } |
755 | 770 |
756 static bool ShouldNavigateTargetFrame(NavigationPolicy policy) { | 771 static bool ShouldNavigateTargetFrame(NavigationPolicy policy) { |
757 switch (policy) { | 772 switch (policy) { |
758 case kNavigationPolicyCurrentTab: | 773 case kNavigationPolicyCurrentTab: |
759 return true; | 774 return true; |
760 | 775 |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
980 void FrameLoader::ReportLocalLoadFailed(LocalFrame* frame, const String& url) { | 995 void FrameLoader::ReportLocalLoadFailed(LocalFrame* frame, const String& url) { |
981 DCHECK(!url.IsEmpty()); | 996 DCHECK(!url.IsEmpty()); |
982 if (!frame) | 997 if (!frame) |
983 return; | 998 return; |
984 | 999 |
985 frame->GetDocument()->AddConsoleMessage( | 1000 frame->GetDocument()->AddConsoleMessage( |
986 ConsoleMessage::Create(kSecurityMessageSource, kErrorMessageLevel, | 1001 ConsoleMessage::Create(kSecurityMessageSource, kErrorMessageLevel, |
987 "Not allowed to load local resource: " + url)); | 1002 "Not allowed to load local resource: " + url)); |
988 } | 1003 } |
989 | 1004 |
1005 void FrameLoader::ReportTopLevelNavigationFailed(LocalFrame* frame, | |
1006 const String& url) { | |
1007 DCHECK(!url.IsEmpty()); | |
1008 if (!frame) | |
dcheng
2017/04/19 11:59:49
Nit: just make this a non-static method (unlike Re
meacer
2017/04/21 01:31:21
This used to be called from outside FrameLoader bu
| |
1009 return; | |
1010 | |
1011 frame->GetDocument()->AddConsoleMessage(ConsoleMessage::Create( | |
1012 kSecurityMessageSource, kErrorMessageLevel, | |
1013 "Not allowed to top-level navigate to resource: " + url)); | |
1014 } | |
1015 | |
990 void FrameLoader::StopAllLoaders() { | 1016 void FrameLoader::StopAllLoaders() { |
991 if (frame_->GetDocument()->PageDismissalEventBeingDispatched() != | 1017 if (frame_->GetDocument()->PageDismissalEventBeingDispatched() != |
992 Document::kNoDismissal) | 1018 Document::kNoDismissal) |
993 return; | 1019 return; |
994 | 1020 |
995 // If this method is called from within this method, infinite recursion can | 1021 // If this method is called from within this method, infinite recursion can |
996 // occur (3442218). Avoid this. | 1022 // occur (3442218). Avoid this. |
997 if (in_stop_all_loaders_) | 1023 if (in_stop_all_loaders_) |
998 return; | 1024 return; |
999 | 1025 |
(...skipping 774 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1774 // TODO(japhet): This is needed because the browser process DCHECKs if the | 1800 // TODO(japhet): This is needed because the browser process DCHECKs if the |
1775 // first entry we commit in a new frame has replacement set. It's unclear | 1801 // first entry we commit in a new frame has replacement set. It's unclear |
1776 // whether the DCHECK is right, investigate removing this special case. | 1802 // whether the DCHECK is right, investigate removing this special case. |
1777 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && | 1803 bool replace_current_item = load_type == kFrameLoadTypeReplaceCurrentItem && |
1778 (!Opener() || !request.Url().IsEmpty()); | 1804 (!Opener() || !request.Url().IsEmpty()); |
1779 loader->SetReplacesCurrentHistoryItem(replace_current_item); | 1805 loader->SetReplacesCurrentHistoryItem(replace_current_item); |
1780 return loader; | 1806 return loader; |
1781 } | 1807 } |
1782 | 1808 |
1783 } // namespace blink | 1809 } // namespace blink |
OLD | NEW |