Index: content/browser/frame_host/data_url_navigation_throttle.cc |
diff --git a/content/browser/frame_host/data_url_navigation_throttle.cc b/content/browser/frame_host/data_url_navigation_throttle.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..7239196c5f53e018919193b5a37c64d98f5f01c4 |
--- /dev/null |
+++ b/content/browser/frame_host/data_url_navigation_throttle.cc |
@@ -0,0 +1,77 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/browser/frame_host/data_url_navigation_throttle.h" |
+ |
+#include "base/memory/ptr_util.h" |
+#include "base/strings/stringprintf.h" |
+#include "content/browser/frame_host/frame_tree.h" |
+#include "content/browser/frame_host/frame_tree_node.h" |
+#include "content/browser/frame_host/navigation_handle_impl.h" |
+#include "content/public/browser/navigation_handle.h" |
+#include "content/public/browser/render_frame_host.h" |
+#include "content/public/common/console_message_level.h" |
+#include "url/url_constants.h" |
+ |
+namespace content { |
+ |
+namespace { |
+const char kConsoleError[] = |
+ "Not allowed to top-level navigate to resource: %s"; |
+ |
+bool MayBlockDataUrlNavigation(NavigationHandle* navigation_handle) { |
+ // TODO(meacer): This doesn't properly handle window.open calls. |
+ // - For standard mime types (html, image etc), this is only a |
+ // problem if PlzNavigate is enabled because otherwise checks |
+ // are done in the renderer. |
+ // - For mime types handled by plugins (e.g. PDF), this is a |
+ // problem for both PlzNavigate and non-PlzNavigate as there |
+ // are no renderer side checks. |
+ // Proper implementation is blocked on crbug.com/651895. |
+ NavigationHandleImpl* handle = |
+ static_cast<NavigationHandleImpl*>(navigation_handle); |
+ RenderFrameHost* top_frame = |
+ handle->frame_tree_node()->frame_tree()->root()->current_frame_host(); |
+ return handle->GetURL().SchemeIs(url::kDataScheme) && |
+ handle->IsInMainFrame() && handle->IsRendererInitiated() && |
+ !top_frame->GetLastCommittedURL().SchemeIs(url::kDataScheme); |
+} |
+} |
+ |
+DataUrlNavigationThrottle::DataUrlNavigationThrottle( |
+ NavigationHandle* navigation_handle) |
+ : NavigationThrottle(navigation_handle) {} |
+ |
+DataUrlNavigationThrottle::~DataUrlNavigationThrottle() {} |
+ |
+NavigationThrottle::ThrottleCheckResult |
+DataUrlNavigationThrottle::WillProcessResponse() { |
+ if (MayBlockDataUrlNavigation(navigation_handle()) && |
nasko
2017/03/30 23:15:45
Why do you need to call this method here? If it fa
meacer
2017/04/05 22:33:28
Done, only checking for download here.
|
+ !navigation_handle()->IsDownload()) { |
+ RenderFrameHost* top_frame = |
+ static_cast<NavigationHandleImpl*>(navigation_handle()) |
+ ->frame_tree_node() |
+ ->frame_tree() |
+ ->root() |
+ ->current_frame_host(); |
+ top_frame->AddMessageToConsole( |
+ CONSOLE_MESSAGE_LEVEL_ERROR, |
+ base::StringPrintf(kConsoleError, |
+ navigation_handle()->GetURL().spec().c_str())); |
+ return CANCEL; |
+ } |
+ return PROCEED; |
+} |
+ |
+// static |
+std::unique_ptr<NavigationThrottle> |
+DataUrlNavigationThrottle::CreateThrottleForNavigation( |
+ NavigationHandle* navigation_handle) { |
+ return MayBlockDataUrlNavigation(navigation_handle) |
+ ? base::WrapUnique( |
+ new DataUrlNavigationThrottle(navigation_handle)) |
+ : nullptr; |
+} |
+ |
+} // namespace content |