Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/web_state/ui/crw_web_controller.mm

Issue 2761173002: Disallow JS execution on WebUI pages. (Closed)
Patch Set: Actually fixed ToolbarTestCase Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« ios/chrome/browser/ui/toolbar/toolbar_egtest.mm ('K') | « ios/web/public/test/web_view_interaction_test_util.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 The Chromium Authors. All rights reserved. 1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/ui/crw_web_controller.h" 5 #import "ios/web/web_state/ui/crw_web_controller.h"
6 6
7 #import <WebKit/WebKit.h> 7 #import <WebKit/WebKit.h>
8 8
9 #import <objc/runtime.h> 9 #import <objc/runtime.h>
10 #include <stddef.h> 10 #include <stddef.h>
(...skipping 2278 matching lines...) Expand 10 before | Expand all | Expand 10 after
2289 // |[_webView executeJavaScript:completionHandler:]| is not used here because 2289 // |[_webView executeJavaScript:completionHandler:]| is not used here because
2290 // it does not check that page is the same. 2290 // it does not check that page is the same.
2291 [self executeJavaScript:script completionHandler:nil]; 2291 [self executeJavaScript:script completionHandler:nil];
2292 [_injectedScriptManagers addObject:JSInjectionManagerClass]; 2292 [_injectedScriptManagers addObject:JSInjectionManagerClass];
2293 } 2293 }
2294 2294
2295 #pragma mark - 2295 #pragma mark -
2296 2296
2297 - (void)executeUserJavaScript:(NSString*)script 2297 - (void)executeUserJavaScript:(NSString*)script
2298 completionHandler:(web::JavaScriptResultBlock)completion { 2298 completionHandler:(web::JavaScriptResultBlock)completion {
2299 // For security reasons executing JavaScript on pages with app-specific URLs
lpromero 2017/03/23 12:43:48 Nit: Add a comma after "reasons".
Eugene But (OOO till 7-30) 2017/03/23 17:45:08 Done.
2300 // is not allowed, because those pages may have elevated privileges.
2301 GURL lastCommittedURL = self.webState->GetLastCommittedURL();
2302 if (web::GetWebClient()->IsAppSpecificURL(lastCommittedURL)) {
2303 if (completion) {
2304 dispatch_async(dispatch_get_main_queue(), ^{
2305 base::scoped_nsobject<NSError> error([[NSError alloc]
2306 initWithDomain:web::kJSEvaluationErrorDomain
2307 code:web::JS_EVALUATION_ERROR_CODE_NO_WEB_VIEW
2308 userInfo:nil]);
2309 completion(nil, error);
2310 });
2311 }
2312 return;
2313 }
2314
2299 [self setUserInteractionRegistered:YES]; 2315 [self setUserInteractionRegistered:YES];
2300 [self executeJavaScript:script completionHandler:completion]; 2316 [self executeJavaScript:script completionHandler:completion];
2301 } 2317 }
2302 2318
2303 - (BOOL)respondToMessage:(base::DictionaryValue*)message 2319 - (BOOL)respondToMessage:(base::DictionaryValue*)message
2304 userIsInteracting:(BOOL)userIsInteracting 2320 userIsInteracting:(BOOL)userIsInteracting
2305 originURL:(const GURL&)originURL { 2321 originURL:(const GURL&)originURL {
2306 std::string command; 2322 std::string command;
2307 if (!message->GetString("command", &command)) { 2323 if (!message->GetString("command", &command)) {
2308 DLOG(WARNING) << "JS message parameter not found: command"; 2324 DLOG(WARNING) << "JS message parameter not found: command";
(...skipping 2766 matching lines...) Expand 10 before | Expand all | Expand 10 after
5075 - (void)simulateLoadRequestWithURL:(const GURL&)URL { 5091 - (void)simulateLoadRequestWithURL:(const GURL&)URL {
5076 _lastRegisteredRequestURL = URL; 5092 _lastRegisteredRequestURL = URL;
5077 _loadPhase = web::LOAD_REQUESTED; 5093 _loadPhase = web::LOAD_REQUESTED;
5078 } 5094 }
5079 5095
5080 - (NSString*)referrerFromNavigationAction:(WKNavigationAction*)action { 5096 - (NSString*)referrerFromNavigationAction:(WKNavigationAction*)action {
5081 return [action.request valueForHTTPHeaderField:kReferrerHeaderName]; 5097 return [action.request valueForHTTPHeaderField:kReferrerHeaderName];
5082 } 5098 }
5083 5099
5084 @end 5100 @end
OLDNEW
« ios/chrome/browser/ui/toolbar/toolbar_egtest.mm ('K') | « ios/web/public/test/web_view_interaction_test_util.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('J')

Powered by Google App Engine
This is Rietveld 408576698