Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: ios/web/web_state/ui/crw_web_controller.mm

Issue 2761173002: Disallow JS execution on WebUI pages. (Closed)
Patch Set: Addressed review comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « ios/web/public/test/web_view_interaction_test_util.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 The Chromium Authors. All rights reserved. 1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "ios/web/web_state/ui/crw_web_controller.h" 5 #import "ios/web/web_state/ui/crw_web_controller.h"
6 6
7 #import <WebKit/WebKit.h> 7 #import <WebKit/WebKit.h>
8 8
9 #import <objc/runtime.h> 9 #import <objc/runtime.h>
10 #include <stddef.h> 10 #include <stddef.h>
(...skipping 2278 matching lines...) Expand 10 before | Expand all | Expand 10 after
2289 // |[_webView executeJavaScript:completionHandler:]| is not used here because 2289 // |[_webView executeJavaScript:completionHandler:]| is not used here because
2290 // it does not check that page is the same. 2290 // it does not check that page is the same.
2291 [self executeJavaScript:script completionHandler:nil]; 2291 [self executeJavaScript:script completionHandler:nil];
2292 [_injectedScriptManagers addObject:JSInjectionManagerClass]; 2292 [_injectedScriptManagers addObject:JSInjectionManagerClass];
2293 } 2293 }
2294 2294
2295 #pragma mark - 2295 #pragma mark -
2296 2296
2297 - (void)executeUserJavaScript:(NSString*)script 2297 - (void)executeUserJavaScript:(NSString*)script
2298 completionHandler:(web::JavaScriptResultBlock)completion { 2298 completionHandler:(web::JavaScriptResultBlock)completion {
2299 // For security reasons, executing JavaScript on pages with app-specific URLs
2300 // is not allowed, because those pages may have elevated privileges.
2301 GURL lastCommittedURL = self.webState->GetLastCommittedURL();
2302 if (web::GetWebClient()->IsAppSpecificURL(lastCommittedURL)) {
2303 if (completion) {
2304 dispatch_async(dispatch_get_main_queue(), ^{
2305 base::scoped_nsobject<NSError> error([[NSError alloc]
2306 initWithDomain:web::kJSEvaluationErrorDomain
2307 code:web::JS_EVALUATION_ERROR_CODE_NO_WEB_VIEW
2308 userInfo:nil]);
2309 completion(nil, error);
2310 });
2311 }
2312 return;
2313 }
2314
2299 [self setUserInteractionRegistered:YES]; 2315 [self setUserInteractionRegistered:YES];
2300 [self executeJavaScript:script completionHandler:completion]; 2316 [self executeJavaScript:script completionHandler:completion];
2301 } 2317 }
2302 2318
2303 - (BOOL)respondToMessage:(base::DictionaryValue*)message 2319 - (BOOL)respondToMessage:(base::DictionaryValue*)message
2304 userIsInteracting:(BOOL)userIsInteracting 2320 userIsInteracting:(BOOL)userIsInteracting
2305 originURL:(const GURL&)originURL { 2321 originURL:(const GURL&)originURL {
2306 std::string command; 2322 std::string command;
2307 if (!message->GetString("command", &command)) { 2323 if (!message->GetString("command", &command)) {
2308 DLOG(WARNING) << "JS message parameter not found: command"; 2324 DLOG(WARNING) << "JS message parameter not found: command";
(...skipping 2773 matching lines...) Expand 10 before | Expand all | Expand 10 after
5082 - (void)simulateLoadRequestWithURL:(const GURL&)URL { 5098 - (void)simulateLoadRequestWithURL:(const GURL&)URL {
5083 _lastRegisteredRequestURL = URL; 5099 _lastRegisteredRequestURL = URL;
5084 _loadPhase = web::LOAD_REQUESTED; 5100 _loadPhase = web::LOAD_REQUESTED;
5085 } 5101 }
5086 5102
5087 - (NSString*)referrerFromNavigationAction:(WKNavigationAction*)action { 5103 - (NSString*)referrerFromNavigationAction:(WKNavigationAction*)action {
5088 return [action.request valueForHTTPHeaderField:kReferrerHeaderName]; 5104 return [action.request valueForHTTPHeaderField:kReferrerHeaderName];
5089 } 5105 }
5090 5106
5091 @end 5107 @end
OLDNEW
« no previous file with comments | « ios/web/public/test/web_view_interaction_test_util.mm ('k') | ios/web/web_state/ui/crw_web_controller_unittest.mm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698