| Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| index fd31c7bb45871c054a182fb7c16e5c39aa1fb9fa..4b1ac8afe3230143fd2f54f0d533f85fb685a5d1 100644
|
| --- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp
|
| @@ -991,6 +991,13 @@ bool FrameLoader::prepareRequestForThisFrame(FrameLoadRequest& request) {
|
| return false;
|
| }
|
|
|
| + if (m_frame->isMainFrame() &&
|
| + !request.originDocument()->getSecurityOrigin()->canNavigateInTopFrame(
|
| + url)) {
|
| + reportTopLevelNavigationFailed(m_frame, url.elidedString());
|
| + return false;
|
| + }
|
| +
|
| if (!request.form() && request.frameName().isEmpty())
|
| request.setFrameName(m_frame->document()->baseTarget());
|
| return true;
|
| @@ -1232,6 +1239,17 @@ void FrameLoader::reportLocalLoadFailed(LocalFrame* frame, const String& url) {
|
| "Not allowed to load local resource: " + url));
|
| }
|
|
|
| +void FrameLoader::reportTopLevelNavigationFailed(LocalFrame* frame,
|
| + const String& url) {
|
| + DCHECK(!url.isEmpty());
|
| + if (!frame)
|
| + return;
|
| +
|
| + frame->document()->addConsoleMessage(ConsoleMessage::create(
|
| + SecurityMessageSource, ErrorMessageLevel,
|
| + "Not allowed to top-level navigate to resource: " + url));
|
| +}
|
| +
|
| void FrameLoader::stopAllLoaders() {
|
| if (m_frame->document()->pageDismissalEventBeingDispatched() !=
|
| Document::NoDismissal)
|
|
|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
