content/browser/frame_host/render_frame_host_impl.cc - Issue 2869423002: PlzNavigate: Do not disclose urls between cross-origin renderers.

Unified Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2869423002: PlzNavigate: Do not disclose urls between cross-origin renderers. (Closed)

Patch Set: Applying suggestions. Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« content/browser/frame_host/render_frame_host_impl.h ('K') | « content/browser/frame_host/render_frame_host_impl.h ('k') | content/common/content_security_policy/content_security_policy.cc » ('j') | content/common/content_security_policy/content_security_policy.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/frame_host/render_frame_host_impl.cc

diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc

index 2f7909aa9f906ebdb243e26e6322a4379a535aad..5a204b2ae7dc04454f56f49c8978dc3244be350e 100644

--- a/content/browser/frame_host/render_frame_host_impl.cc

+++ b/content/browser/frame_host/render_frame_host_impl.cc

@@ -119,6 +119,7 @@

#include "ui/accessibility/ax_tree_update.h"

#include "ui/gfx/geometry/quad_f.h"

#include "url/gurl.h"

+#include "url/origin.h"

#if defined(OS_ANDROID)

#include "content/browser/android/java_interfaces_impl.h"

@@ -973,6 +974,41 @@ void RenderFrameHostImpl::ReportContentSecurityPolicyViolation(

violation_params));

}

+void RenderFrameHostImpl::SanitizeDataForUseInCspViolation(

+ GURL* blocked_url,

+ SourceLocation* source_location,

+ bool is_redirect,

+ CSPDirective::Name directive) const {

+ DCHECK(blocked_url);

+ DCHECK(source_location);

+ GURL source_location_url(source_location->url);

+ // The main goal of this is to avoid leaking informations between potentially

alexmos 2017/05/16 05:56:48 nit: s/informations/information/

arthursonzogni 2017/05/16 12:48:44 Done.

+ // separate renderers, in the event of one of them being compromised.

+ // See https://crbug.com/633306.

+ bool sanitize_blocked_url = true;

+ bool sanitize_source_location = true;

+ // There is no need to sanitize data when it is same-origin with the current

+ // url of the renderer.

+ if (url::Origin(*blocked_url).IsSameOriginWith(last_committed_origin_))

+ sanitize_blocked_url = false;

+ if (url::Origin(source_location_url).IsSameOriginWith(last_committed_origin_))

+ sanitize_source_location = false;

+ // When a renderer tries to do a form submission, it already knows the url of

+ // the blocked url, except when it is redirected.

+ if (!is_redirect && directive == CSPDirective::FormAction)

+ sanitize_blocked_url = false;

+ if (sanitize_blocked_url)

+ *blocked_url = blocked_url->GetOrigin();

+ if (sanitize_source_location) {

+ *source_location =

+ SourceLocation(source_location_url.GetOrigin().spec(), 0u, 0u);

+ }

bool RenderFrameHostImpl::SchemeShouldBypassCSP(

const base::StringPiece& scheme) {

// Blink uses its SchemeRegistry to check if a scheme should be bypassed.