Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(261)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/navigation_handle_impl.cc

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)
Patch Set: Cleanup Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/data_url_navigation_throttle.cc ('K') | « content/browser/frame_host/navigation_handle_impl.h ('k') | content/browser/web_contents/web_contents_impl_browsertest.cc » ('j') | content/public/browser/navigation_handle.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/navigation_handle_impl.cc
diff --git a/content/browser/frame_host/navigation_handle_impl.cc b/content/browser/frame_host/navigation_handle_impl.cc
index c20e6bd5656d752813bcb5d31c12cdcbdc862b7e..a66a7dde5b154707a3e71dd89a371826bdcc8fc7 100644
--- a/content/browser/frame_host/navigation_handle_impl.cc
+++ b/content/browser/frame_host/navigation_handle_impl.cc
@@ -13,6 +13,7 @@
#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/devtools/render_frame_devtools_agent_host.h"
#include "content/browser/frame_host/ancestor_throttle.h"
+#include "content/browser/frame_host/data_url_navigation_throttle.h"
#include "content/browser/frame_host/debug_urls.h"
#include "content/browser/frame_host/frame_tree_node.h"
#include "content/browser/frame_host/mixed_content_navigation_throttle.h"
@@ -282,6 +283,10 @@ bool NavigationHandleImpl::HasCommitted() {
return state_ == DID_COMMIT || state_ == DID_COMMIT_ERROR_PAGE;
}
+bool NavigationHandleImpl::IsDownload() {
+ return is_download_;
+}
+
bool NavigationHandleImpl::IsErrorPage() {
return state_ == DID_COMMIT_ERROR_PAGE;
}
@@ -660,14 +665,6 @@ void NavigationHandleImpl::DidCommitNavigation(
} else {
state_ = DID_COMMIT;
}
-
- if (url_.SchemeIs(url::kDataScheme) && IsInMainFrame() &&
- IsRendererInitiated()) {
- GetRenderFrameHost()->AddMessageToConsole(
- CONSOLE_MESSAGE_LEVEL_WARNING,
- "Upcoming versions will block content-initiated top frame navigations "
- "to data: URLs. For more information, see https://goo.gl/BaZAea.");
- }
}
void NavigationHandleImpl::Transfer() {
@@ -927,6 +924,9 @@ void NavigationHandleImpl::RegisterNavigationThrottles() {
if (ancestor_throttle)
throttles_.push_back(std::move(ancestor_throttle));
+ throttles_to_register.push_back(
+ DataUrlNavigationThrottle::CreateThrottleForNavigation(this));
nasko 2017/03/28 19:58:01 Do we want this to be run after mixed content and
meacer 2017/03/30 20:43:55 Didn't really think about that as I was just appen
+
throttles_.insert(throttles_.begin(),
std::make_move_iterator(throttles_to_register.begin()),
std::make_move_iterator(throttles_to_register.end()));
« content/browser/frame_host/data_url_navigation_throttle.cc ('K') | « content/browser/frame_host/navigation_handle_impl.h ('k') | content/browser/web_contents/web_contents_impl_browsertest.cc » ('j') | content/public/browser/navigation_handle.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698