Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1222)

Side by Side Diff: third_party/WebKit/Source/web/WebFrameSerializer.cpp

Issue 2713663003: Do not serialize meta element containing Content-Security-Policy (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after
89 bool shouldIgnoreElement(const Element&) override; 89 bool shouldIgnoreElement(const Element&) override;
90 bool shouldIgnoreAttribute(const Element&, const Attribute&) override; 90 bool shouldIgnoreAttribute(const Element&, const Attribute&) override;
91 bool rewriteLink(const Element&, String& rewrittenLink) override; 91 bool rewriteLink(const Element&, String& rewrittenLink) override;
92 bool shouldSkipResourceWithURL(const KURL&) override; 92 bool shouldSkipResourceWithURL(const KURL&) override;
93 bool shouldSkipResource( 93 bool shouldSkipResource(
94 FrameSerializer::ResourceHasCacheControlNoStoreHeader) override; 94 FrameSerializer::ResourceHasCacheControlNoStoreHeader) override;
95 Vector<Attribute> getCustomAttributes(const Element&) override; 95 Vector<Attribute> getCustomAttributes(const Element&) override;
96 96
97 private: 97 private:
98 bool shouldIgnoreHiddenElement(const Element&); 98 bool shouldIgnoreHiddenElement(const Element&);
99 bool shouldIgnoreMetaElement(const Element&);
99 bool shouldIgnorePopupOverlayElement(const Element&); 100 bool shouldIgnorePopupOverlayElement(const Element&);
100 void getCustomAttributesForImageElement(const HTMLImageElement&, 101 void getCustomAttributesForImageElement(const HTMLImageElement&,
101 Vector<Attribute>*); 102 Vector<Attribute>*);
102 void getCustomAttributesForFormControlElement(const Element&, 103 void getCustomAttributesForFormControlElement(const Element&,
103 Vector<Attribute>*); 104 Vector<Attribute>*);
104 105
105 WebFrameSerializer::MHTMLPartsGenerationDelegate& m_webDelegate; 106 WebFrameSerializer::MHTMLPartsGenerationDelegate& m_webDelegate;
106 }; 107 };
107 108
108 MHTMLFrameSerializerDelegate::MHTMLFrameSerializerDelegate( 109 MHTMLFrameSerializerDelegate::MHTMLFrameSerializerDelegate(
109 WebFrameSerializer::MHTMLPartsGenerationDelegate& webDelegate) 110 WebFrameSerializer::MHTMLPartsGenerationDelegate& webDelegate)
110 : m_webDelegate(webDelegate) {} 111 : m_webDelegate(webDelegate) {}
111 112
112 bool MHTMLFrameSerializerDelegate::shouldIgnoreElement(const Element& element) { 113 bool MHTMLFrameSerializerDelegate::shouldIgnoreElement(const Element& element) {
113 if (shouldIgnoreHiddenElement(element)) 114 if (shouldIgnoreHiddenElement(element))
114 return true; 115 return true;
116 if (shouldIgnoreMetaElement(element))
117 return true;
115 if (m_webDelegate.removePopupOverlay() && 118 if (m_webDelegate.removePopupOverlay() &&
116 shouldIgnorePopupOverlayElement(element)) { 119 shouldIgnorePopupOverlayElement(element)) {
117 return true; 120 return true;
118 } 121 }
119 return false; 122 return false;
120 } 123 }
121 124
122 bool MHTMLFrameSerializerDelegate::shouldIgnoreHiddenElement( 125 bool MHTMLFrameSerializerDelegate::shouldIgnoreHiddenElement(
123 const Element& element) { 126 const Element& element) {
124 // Do not include elements that are are set to hidden without affecting layout 127 // Do not include elements that are are set to hidden without affecting layout
125 // by the page. For those elements that are hidden by default, they will not 128 // by the page. For those elements that are hidden by default, they will not
126 // be excluded: 129 // be excluded:
127 // 1) All elements that are head or part of head, including head, meta, style, 130 // 1) All elements that are head or part of head, including head, meta, style,
128 // link and etc. 131 // link and etc.
129 // 2) Some specific elements in body: meta, style, datalist, option and etc. 132 // 2) Some specific elements in body: meta, style, datalist, option and etc.
130 if (element.layoutObject()) 133 if (element.layoutObject())
131 return false; 134 return false;
132 if (isHTMLHeadElement(element) || isHTMLMetaElement(element) || 135 if (isHTMLHeadElement(element) || isHTMLMetaElement(element) ||
133 isHTMLStyleElement(element) || isHTMLDataListElement(element) || 136 isHTMLStyleElement(element) || isHTMLDataListElement(element) ||
134 isHTMLOptionElement(element)) { 137 isHTMLOptionElement(element)) {
135 return false; 138 return false;
136 } 139 }
137 Element* parent = element.parentElement(); 140 Element* parent = element.parentElement();
138 return parent && !isHTMLHeadElement(parent); 141 return parent && !isHTMLHeadElement(parent);
139 } 142 }
140 143
144 bool MHTMLFrameSerializerDelegate::shouldIgnoreMetaElement(
145 const Element& element) {
146 // Do not include meta elements that declare Content-Security-Policy
147 // directives. They should have already been enforced when the original
148 // document is loaded. Since only the rendered resources are encapsulated in
149 // the saved MHTML page, there is no need to carry the directives. If they
Mike West 2017/02/24 08:21:49 Hrm. I'm not sure I understand what this means. Fo
jianli 2017/02/24 21:38:19 For the page containing the above example code, th
150 // are still kept in the MHTML, child frames that are referred to using cid:
151 // scheme could be prevented from loading.
152 if (!isHTMLMetaElement(element))
153 return false;
154 if (!element.fastHasAttribute(HTMLNames::contentAttr))
155 return false;
156 const AtomicString& httpEquiv =
157 element.fastGetAttribute(HTMLNames::http_equivAttr);
158 return httpEquiv == "Content-Security-Policy";
159 }
160
141 bool MHTMLFrameSerializerDelegate::shouldIgnorePopupOverlayElement( 161 bool MHTMLFrameSerializerDelegate::shouldIgnorePopupOverlayElement(
142 const Element& element) { 162 const Element& element) {
143 // The element should be visible. 163 // The element should be visible.
144 LayoutBox* box = element.layoutBox(); 164 LayoutBox* box = element.layoutBox();
145 if (!box) 165 if (!box)
146 return false; 166 return false;
147 167
148 // The bounding box of the element should contain center point of the 168 // The bounding box of the element should contain center point of the
149 // viewport. 169 // viewport.
150 LocalDOMWindow* window = element.document().domWindow(); 170 LocalDOMWindow* window = element.document().domWindow();
(...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after
455 const WebString& baseTarget) { 475 const WebString& baseTarget) {
456 // TODO(yosin) We should call |FrameSerializer::baseTagDeclarationOf()|. 476 // TODO(yosin) We should call |FrameSerializer::baseTagDeclarationOf()|.
457 if (baseTarget.isEmpty()) 477 if (baseTarget.isEmpty())
458 return String("<base href=\".\">"); 478 return String("<base href=\".\">");
459 String baseString = "<base href=\".\" target=\"" + 479 String baseString = "<base href=\".\" target=\"" +
460 static_cast<const String&>(baseTarget) + "\">"; 480 static_cast<const String&>(baseTarget) + "\">";
461 return baseString; 481 return baseString;
462 } 482 }
463 483
464 } // namespace blink 484 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698