Index: third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
diff --git a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
index 14cc844e8339dc8ef4b2448d578680f3841a8567..4282ed667212a6090205f8ebdb10932ce6c8ba6c 100644 |
--- a/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
+++ b/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp |
@@ -30,6 +30,7 @@ |
#include <memory> |
#include "platform/RuntimeEnabledFeatures.h" |
+#include "platform/network/NetworkUtils.h" |
#include "platform/weborigin/KURL.h" |
#include "platform/weborigin/KnownPorts.h" |
#include "platform/weborigin/SchemeRegistry.h" |
@@ -336,6 +337,20 @@ bool SecurityOrigin::CanDisplay(const KURL& url) const { |
return true; |
} |
+bool SecurityOrigin::CanNavigateInTopFrame(const KURL& url) const { |
+ if (universal_access_) |
dcheng
2017/04/15 00:11:24
I assume this exception is required for layout tes
meacer
2017/04/15 00:53:53
As we discussed offline, it's not required for lay
|
+ return true; |
+ |
+ // Block content-initiated loads of data URLs in the top frame. If the mime |
+ // type is supported, the URL will eventually be rendered, so block it here. |
+ // Otherwise, the load might be handled by a plugin or end up as a download, |
+ // so allow it to let the embedder figure out what to do with it. |
+ if (url.ProtocolIsData() && NetworkUtils::IsDataURLMimeTypeSupported(url)) { |
+ return false; |
+ } |
+ return true; |
+} |
+ |
bool SecurityOrigin::IsPotentiallyTrustworthy() const { |
ASSERT(protocol_ != "data"); |
if (IsUnique()) |