Chromium Code Reviews Chromium Code Reviews
Issue 2869423002:
PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_host_impl.h" | 5 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 112 #include "mojo/public/cpp/bindings/strong_binding.h" | 112 #include "mojo/public/cpp/bindings/strong_binding.h" |
| 113 #include "mojo/public/cpp/system/data_pipe.h" | 113 #include "mojo/public/cpp/system/data_pipe.h" |
| 114 #include "services/service_manager/public/cpp/connector.h" | 114 #include "services/service_manager/public/cpp/connector.h" |
| 115 #include "services/service_manager/public/cpp/interface_provider.h" | 115 #include "services/service_manager/public/cpp/interface_provider.h" |
| 116 #include "third_party/WebKit/public/platform/WebFeaturePolicy.h" | 116 #include "third_party/WebKit/public/platform/WebFeaturePolicy.h" |
| 117 #include "ui/accessibility/ax_tree.h" | 117 #include "ui/accessibility/ax_tree.h" |
| 118 #include "ui/accessibility/ax_tree_id_registry.h" | 118 #include "ui/accessibility/ax_tree_id_registry.h" |
| 119 #include "ui/accessibility/ax_tree_update.h" | 119 #include "ui/accessibility/ax_tree_update.h" |
| 120 #include "ui/gfx/geometry/quad_f.h" | 120 #include "ui/gfx/geometry/quad_f.h" |
| 121 #include "url/gurl.h" | 121 #include "url/gurl.h" |
| 122 #include "url/origin.h" | |
| 122 | 123 |
| 123 #if defined(OS_ANDROID) | 124 #if defined(OS_ANDROID) |
| 124 #include "content/browser/android/java_interfaces_impl.h" | 125 #include "content/browser/android/java_interfaces_impl.h" |
| 125 #include "content/browser/frame_host/render_frame_host_android.h" | 126 #include "content/browser/frame_host/render_frame_host_android.h" |
| 126 #include "content/browser/media/android/media_player_renderer.h" | 127 #include "content/browser/media/android/media_player_renderer.h" |
| 127 #include "content/public/browser/android/java_interfaces.h" | 128 #include "content/public/browser/android/java_interfaces.h" |
| 128 #include "media/base/audio_renderer_sink.h" | 129 #include "media/base/audio_renderer_sink.h" |
| 129 #include "media/base/video_renderer_sink.h" | 130 #include "media/base/video_renderer_sink.h" |
| 130 #include "media/mojo/services/mojo_renderer_service.h" // nogncheck | 131 #include "media/mojo/services/mojo_renderer_service.h" // nogncheck |
| 131 #endif | 132 #endif |
| (...skipping 834 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 966 // process should be ignored until the next commit. | 967 // process should be ignored until the next commit. |
| 967 set_nav_entry_id(0); | 968 set_nav_entry_id(0); |
| 968 } | 969 } |
| 969 | 970 |
| 970 void RenderFrameHostImpl::ReportContentSecurityPolicyViolation( | 971 void RenderFrameHostImpl::ReportContentSecurityPolicyViolation( |
| 971 const CSPViolationParams& violation_params) { | 972 const CSPViolationParams& violation_params) { |
| 972 Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_, | 973 Send(new FrameMsg_ReportContentSecurityPolicyViolation(routing_id_, |
| 973 violation_params)); | 974 violation_params)); |
| 974 } | 975 } |
| 975 | 976 |
| 977 void RenderFrameHostImpl::SanitizeDataForUseInCspViolation( | |
| 978 GURL* blocked_url, | |
| 979 SourceLocation* source_location, | |
| 980 bool is_redirect, | |
| 981 CSPDirective::Name directive) const { | |
| 982 DCHECK(blocked_url); | |
| 983 DCHECK(source_location); | |
| 984 GURL source_location_url(source_location->url); | |
| 985 | |
| 986 // The main goal of this is to avoid leaking informations between potentially | |
|
alexmos
2017/05/16 05:56:48
nit: s/informations/information/
arthursonzogni
2017/05/16 12:48:44
Done.
| |
| 987 // separate renderers, in the event of one of them being compromised. | |
| 988 // See https://crbug.com/633306. | |
| 989 bool sanitize_blocked_url = true; | |
| 990 bool sanitize_source_location = true; | |
| 991 | |
| 992 // There is no need to sanitize data when it is same-origin with the current | |
| 993 // url of the renderer. | |
| 994 if (url::Origin(*blocked_url).IsSameOriginWith(last_committed_origin_)) | |
| 995 sanitize_blocked_url = false; | |
| 996 if (url::Origin(source_location_url).IsSameOriginWith(last_committed_origin_)) | |
| 997 sanitize_source_location = false; | |
| 998 | |
| 999 // When a renderer tries to do a form submission, it already knows the url of | |
| 1000 // the blocked url, except when it is redirected. | |
| 1001 if (!is_redirect && directive == CSPDirective::FormAction) | |
| 1002 sanitize_blocked_url = false; | |
| 1003 | |
| 1004 if (sanitize_blocked_url) | |
| 1005 *blocked_url = blocked_url->GetOrigin(); | |
| 1006 if (sanitize_source_location) { | |
| 1007 *source_location = | |
| 1008 SourceLocation(source_location_url.GetOrigin().spec(), 0u, 0u); | |
| 1009 } | |
| 1010 } | |
| 1011 | |
| 976 bool RenderFrameHostImpl::SchemeShouldBypassCSP( | 1012 bool RenderFrameHostImpl::SchemeShouldBypassCSP( |
| 977 const base::StringPiece& scheme) { | 1013 const base::StringPiece& scheme) { |
| 978 // Blink uses its SchemeRegistry to check if a scheme should be bypassed. | 1014 // Blink uses its SchemeRegistry to check if a scheme should be bypassed. |
| 979 // It can't be used on the browser process. It is used for two things: | 1015 // It can't be used on the browser process. It is used for two things: |
| 980 // 1) Bypassing the "chrome-extension" scheme when chrome is built with the | 1016 // 1) Bypassing the "chrome-extension" scheme when chrome is built with the |
| 981 // extensions support. | 1017 // extensions support. |
| 982 // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8. | 1018 // 2) Bypassing arbitrary scheme for testing purpose only in blink and in V8. |
| 983 // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the | 1019 // TODO(arthursonzogni): url::GetBypassingCSPScheme() is used instead of the |
| 984 // blink::SchemeRegistry. It contains 1) but not 2). | 1020 // blink::SchemeRegistry. It contains 1) but not 2). |
| 985 const auto& bypassing_schemes = url::GetCSPBypassingSchemes(); | 1021 const auto& bypassing_schemes = url::GetCSPBypassingSchemes(); |
| (...skipping 2927 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3913 } | 3949 } |
| 3914 | 3950 |
| 3915 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( | 3951 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( |
| 3916 const std::string& interface_name, | 3952 const std::string& interface_name, |
| 3917 mojo::ScopedMessagePipeHandle pipe) { | 3953 mojo::ScopedMessagePipeHandle pipe) { |
| 3918 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); | 3954 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); |
| 3919 } | 3955 } |
| 3920 #endif | 3956 #endif |
| 3921 | 3957 |
| 3922 } // namespace content | 3958 } // namespace content |
| OLD | NEW |
