Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
index d7c0ccb1c6342a0800288451fa01992ed5f4c2aa..d98756b3ea5c71ff5c94be1f7a0e1b44a6008228 100644 |
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
@@ -28,7 +28,9 @@ |
#include "platform/weborigin/SecurityOrigin.h" |
+#include <memory> |
#include "platform/RuntimeEnabledFeatures.h" |
+#include "platform/network/NetworkUtils.h" |
#include "platform/weborigin/KURL.h" |
#include "platform/weborigin/KnownPorts.h" |
#include "platform/weborigin/SchemeRegistry.h" |
@@ -42,7 +44,6 @@ |
#include "wtf/StdLibExtras.h" |
#include "wtf/text/StringBuilder.h" |
#include "wtf/text/StringUTF8Adaptor.h" |
-#include <memory> |
namespace blink { |
@@ -340,6 +341,25 @@ bool SecurityOrigin::canDisplay(const KURL& url) const { |
return true; |
} |
+bool SecurityOrigin::canNavigateInTopFrame(const KURL& url) const { |
dcheng
2017/04/12 23:51:24
Will this be called eventually?
meacer
2017/04/13 18:06:36
It's called from FrameLoader.cpp (line 751).
|
+ if (m_universalAccess) |
+ return true; |
+ |
+ if (url.protocolIsData()) { |
+ // Block content-initiated loads of data URLs in the top frame. If the mime |
+ // type is supported, the URL will eventually be rendered, so block it here. |
+ // Otherwise, the load might be handled by a plugin or end up as a download, |
+ // so allow it here to let the embedder figure out what to do with it. |
+ AtomicString mimetype; |
+ bool isSupportedMimeType = false; |
+ if (NetworkUtils::getDataURLMimeType(url, mimetype, &isSupportedMimeType) && |
+ isSupportedMimeType) { |
+ return false; |
+ } |
+ } |
+ return true; |
+} |
+ |
bool SecurityOrigin::isPotentiallyTrustworthy() const { |
ASSERT(m_protocol != "data"); |
if (isUnique()) |