Block renderer-initiated main frame navigations to data URLs

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp

Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
index d7c0ccb1c6342a0800288451fa01992ed5f4c2aa..ead2a717b3492d7a3664d0a77e461034977d0977 100644
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp
@@ -28,7 +28,9 @@
 
 #include "platform/weborigin/SecurityOrigin.h"
 
+#include <memory>
 #include "platform/RuntimeEnabledFeatures.h"
+#include "platform/network/NetworkUtils.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/KnownPorts.h"
 #include "platform/weborigin/SchemeRegistry.h"
@@ -42,7 +44,6 @@
 #include "wtf/StdLibExtras.h"
 #include "wtf/text/StringBuilder.h"
 #include "wtf/text/StringUTF8Adaptor.h"
-#include <memory>
 
 namespace blink {
 
@@ -340,6 +341,25 @@ bool SecurityOrigin::canDisplay(const KURL& url) const {
   return true;
 }
 
+bool SecurityOrigin::canNavigateInTopFrame(const KURL& url) const {
+  if (m_universalAccess)
+    return true;
+
+  if (url.protocol() == "data") {
+    // Block content-initiated loads of data URLs in the top frame. If the mime
+    // type is supported, the URL will eventually be rendered, so block it here.
+    // Otherwise, the load might be handled by a plugin or end up as a download,
+    // so allow it here to let the embedder figure out what to do with it.
+    AtomicString mimetype;
+    bool isSupportedMimeType = false;
+    if (NetworkUtils::getDataURLMimeType(url, mimetype, &isSupportedMimeType) &&
+        isSupportedMimeType) {
+      return false;
+    }
+  }
+  return true;
+}
+
 bool SecurityOrigin::isPotentiallyTrustworthy() const {
   ASSERT(m_protocol != "data");
   if (isUnique())