Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(222)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2837683002: Remove opener URLs from CreateNewWindowParams. (Closed)
Patch Set: Fix browsertest. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/security_exploit_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 2427 matching lines...) Expand 10 before | Expand all | Expand 10 after
2438 disposition, initial_rect, user_gesture); 2438 disposition, initial_rect, user_gesture);
2439 } 2439 }
2440 2440
2441 void RenderFrameHostImpl::CreateNewWindow( 2441 void RenderFrameHostImpl::CreateNewWindow(
2442 mojom::CreateNewWindowParamsPtr params, 2442 mojom::CreateNewWindowParamsPtr params,
2443 const CreateNewWindowCallback& callback) { 2443 const CreateNewWindowCallback& callback) {
2444 DCHECK_CURRENTLY_ON(BrowserThread::UI); 2444 DCHECK_CURRENTLY_ON(BrowserThread::UI);
2445 2445
2446 bool no_javascript_access = false; 2446 bool no_javascript_access = false;
2447 2447
2448 // Filter out URLs that this process cannot request.
2449 GetProcess()->FilterURL(false, &params->target_url);
2450
2448 // Ignore creation when sent from a frame that's not current or created. 2451 // Ignore creation when sent from a frame that's not current or created.
2449 bool can_create_window = 2452 bool can_create_window =
2450 frame_tree_node_->current_frame_host() == this && render_frame_created_ && 2453 frame_tree_node_->current_frame_host() == this && render_frame_created_ &&
2451 GetContentClient()->browser()->CanCreateWindow( 2454 GetContentClient()->browser()->CanCreateWindow(
2452 this, params->opener_url, params->opener_top_level_frame_url, 2455 this, last_committed_url(),
2453 params->opener_security_origin, params->window_container_type, 2456 frame_tree_node_->frame_tree()->GetMainFrame()->last_committed_url(),
2457 last_committed_origin_.GetURL(), params->window_container_type,
2454 params->target_url, params->referrer, params->frame_name, 2458 params->target_url, params->referrer, params->frame_name,
2455 params->disposition, *params->features, params->user_gesture, 2459 params->disposition, *params->features, params->user_gesture,
2456 params->opener_suppressed, &no_javascript_access); 2460 params->opener_suppressed, &no_javascript_access);
2457 2461
2458 mojom::CreateNewWindowReplyPtr reply = mojom::CreateNewWindowReply::New(); 2462 mojom::CreateNewWindowReplyPtr reply = mojom::CreateNewWindowReply::New();
2459 if (!can_create_window) { 2463 if (!can_create_window) {
2460 RunCreateWindowCompleteCallback(callback, std::move(reply), 2464 RunCreateWindowCompleteCallback(callback, std::move(reply),
2461 MSG_ROUTING_NONE, MSG_ROUTING_NONE, 2465 MSG_ROUTING_NONE, MSG_ROUTING_NONE,
2462 MSG_ROUTING_NONE, 0); 2466 MSG_ROUTING_NONE, 0);
2463 return; 2467 return;
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
2502 if (rdh) 2506 if (rdh)
2503 rdh->BlockRequestsForRoute(id); 2507 rdh->BlockRequestsForRoute(id);
2504 }, 2508 },
2505 GlobalFrameRoutingId(render_process_id, main_frame_route_id)); 2509 GlobalFrameRoutingId(render_process_id, main_frame_route_id));
2506 BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, 2510 BrowserThread::PostTask(BrowserThread::IO, FROM_HERE,
2507 block_requests_for_route); 2511 block_requests_for_route);
2508 } 2512 }
2509 2513
2510 DCHECK(IsRenderFrameLive()); 2514 DCHECK(IsRenderFrameLive());
2511 2515
2512 // Actually validate the params and create the window.
2513 mojom::CreateNewWindowParamsPtr validated_params(params.Clone());
2514 GetProcess()->FilterURL(false, &validated_params->target_url);
2515
2516 // TODO(nick): http://crbug.com/674307 |opener_url|, |opener_security_origin|,
2517 // and |opener_top_level_frame_url| should not be parameters; we can just use
2518 // last_committed_url(), etc. Of these, |opener_top_level_frame_url| is
2519 // particularly egregious, since an oopif isn't expected to know its top URL.
2520 GetProcess()->FilterURL(false, &validated_params->opener_url);
2521 GetProcess()->FilterURL(true, &validated_params->opener_security_origin);
2522
2523 delegate_->CreateNewWindow(this, render_view_route_id, main_frame_route_id, 2516 delegate_->CreateNewWindow(this, render_view_route_id, main_frame_route_id,
2524 main_frame_widget_route_id, *validated_params, 2517 main_frame_widget_route_id, *params,
2525 cloned_namespace.get()); 2518 cloned_namespace.get());
2526 2519
2527 // If we did not create a WebContents to host the renderer-created 2520 // If we did not create a WebContents to host the renderer-created
2528 // RenderFrame/RenderView/RenderWidget objects, make sure to send invalid 2521 // RenderFrame/RenderView/RenderWidget objects, make sure to send invalid
2529 // routing ids back to the renderer. 2522 // routing ids back to the renderer.
2530 if (main_frame_route_id != MSG_ROUTING_NONE) { 2523 if (main_frame_route_id != MSG_ROUTING_NONE) {
2531 bool succeeded = 2524 bool succeeded =
2532 RenderWidgetHost::FromID(render_process_id, 2525 RenderWidgetHost::FromID(render_process_id,
2533 main_frame_widget_route_id) != nullptr; 2526 main_frame_widget_route_id) != nullptr;
2534 if (!succeeded) { 2527 if (!succeeded) {
(...skipping 1258 matching lines...) Expand 10 before | Expand all | Expand 10 after
3793 } 3786 }
3794 3787
3795 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( 3788 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame(
3796 const std::string& interface_name, 3789 const std::string& interface_name,
3797 mojo::ScopedMessagePipeHandle pipe) { 3790 mojo::ScopedMessagePipeHandle pipe) {
3798 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); 3791 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe));
3799 } 3792 }
3800 #endif 3793 #endif
3801 3794
3802 } // namespace content 3795 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/browser/security_exploit_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698