Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
index d7c0ccb1c6342a0800288451fa01992ed5f4c2aa..ead2a717b3492d7a3664d0a77e461034977d0977 100644 |
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
@@ -28,7 +28,9 @@ |
#include "platform/weborigin/SecurityOrigin.h" |
+#include <memory> |
#include "platform/RuntimeEnabledFeatures.h" |
+#include "platform/network/NetworkUtils.h" |
#include "platform/weborigin/KURL.h" |
#include "platform/weborigin/KnownPorts.h" |
#include "platform/weborigin/SchemeRegistry.h" |
@@ -42,7 +44,6 @@ |
#include "wtf/StdLibExtras.h" |
#include "wtf/text/StringBuilder.h" |
#include "wtf/text/StringUTF8Adaptor.h" |
-#include <memory> |
namespace blink { |
@@ -340,6 +341,25 @@ bool SecurityOrigin::canDisplay(const KURL& url) const { |
return true; |
} |
+bool SecurityOrigin::canNavigateInTopFrame(const KURL& url) const { |
+ if (m_universalAccess) |
+ return true; |
+ |
+ if (url.protocol() == "data") { |
kinuko
2017/04/07 07:52:34
nit: protocolIsData()
meacer
2017/04/11 01:08:51
Done.
|
+ // Block content-initiated loads of data URLs in the top frame. If the mime |
+ // type is supported, the URL will eventually be rendered, so block it here. |
+ // Otherwise, the load might be handled by a plugin or end up as a download, |
+ // so allow it here to let the embedder figure out what to do with it. |
+ AtomicString mimetype; |
+ bool isSupportedMimeType = false; |
+ if (NetworkUtils::getDataURLMimeType(url, mimetype, &isSupportedMimeType) && |
+ isSupportedMimeType) { |
+ return false; |
+ } |
+ } |
+ return true; |
+} |
+ |
bool SecurityOrigin::isPotentiallyTrustworthy() const { |
ASSERT(m_protocol != "data"); |
if (isUnique()) |