third_party/WebKit/Source/core/loader/FrameLoader.cpp - Issue 2702503002: Block renderer-initiated main frame navigations to data URLs

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)

Patch Set: Re-block data to data navigations, rebase, address nasko comments Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

index 0e912d0ee3572277b017634eef4b7a51279c924d..cc7009b0f0e0c02320298c4977e281855a80874d 100644

--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

@@ -743,6 +743,17 @@ bool FrameLoader::prepareRequestForThisFrame(FrameLoadRequest& request) {

return false;

}

+ // Block content-initiated, top-frame navigations to data URLs.

+ if (m_frame->isMainFrame() &&

+ !request.resourceRequest().isSameDocumentNavigation() &&

+ !m_frame->client()->allowInsecureDataUrlNavigations(

+ request.originDocument()->url()) &&

+ !request.originDocument()->getSecurityOrigin()->canNavigateInTopFrame(

+ url)) {

+ reportTopLevelNavigationFailed(m_frame, url.elidedString());

+ return false;

+ }

if (!request.form() && request.frameName().isEmpty())

request.setFrameName(m_frame->document()->baseTarget());

return true;

@@ -979,6 +990,17 @@ void FrameLoader::reportLocalLoadFailed(LocalFrame* frame, const String& url) {

"Not allowed to load local resource: " + url));

}

+void FrameLoader::reportTopLevelNavigationFailed(LocalFrame* frame,

+ const String& url) {

+ DCHECK(!url.isEmpty());

+ if (!frame)

+ return;

+ frame->document()->addConsoleMessage(ConsoleMessage::create(

+ SecurityMessageSource, ErrorMessageLevel,

+ "Not allowed to top-level navigate to resource: " + url));

void FrameLoader::stopAllLoaders() {

if (m_frame->document()->pageDismissalEventBeingDispatched() !=

Document::NoDismissal)