Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(9)

Side by Side Diff: third_party/WebKit/Source/core/loader/BaseFetchContext.cpp

Issue 2895953002: Update dangling markup mitigations. (Closed)
Patch Set: Test. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/loader/BaseFetchContext.h" 5 #include "core/loader/BaseFetchContext.h"
6 6
7 #include "core/dom/ExecutionContext.h" 7 #include "core/dom/ExecutionContext.h"
8 #include "core/frame/ContentSettingsClient.h" 8 #include "core/frame/ContentSettingsClient.h"
9 #include "core/frame/Settings.h" 9 #include "core/frame/Settings.h"
10 #include "core/inspector/ConsoleMessage.h" 10 #include "core/inspector/ConsoleMessage.h"
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after
283 CountDeprecation( 283 CountDeprecation(
284 UseCounter::kRequestedSubresourceWithEmbeddedCredentials); 284 UseCounter::kRequestedSubresourceWithEmbeddedCredentials);
285 // TODO(mkwst): Remove the runtime-enabled check in M59: 285 // TODO(mkwst): Remove the runtime-enabled check in M59:
286 // https://www.chromestatus.com/feature/5669008342777856 286 // https://www.chromestatus.com/feature/5669008342777856
287 if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled()) 287 if (RuntimeEnabledFeatures::blockCredentialedSubresourcesEnabled())
288 return ResourceRequestBlockedReason::kOrigin; 288 return ResourceRequestBlockedReason::kOrigin;
289 } 289 }
290 } 290 }
291 291
292 // Check for mixed content. We do this second-to-last so that when folks block 292 // Check for mixed content. We do this second-to-last so that when folks block
293 // mixed content with a CSP policy, they don't get a warning. They'll still 293 // mixed content via CSP, they don't get a mixed content warning, but a CSP
294 // get a warning in the console about CSP blocking the load. 294 // warning instead.
295 if (ShouldBlockFetchByMixedContentCheck(resource_request, url, 295 if (ShouldBlockFetchByMixedContentCheck(resource_request, url,
296 reporting_policy)) 296 reporting_policy))
297 return ResourceRequestBlockedReason::kMixedContent; 297 return ResourceRequestBlockedReason::kMixedContent;
298 298
299 if (url.WhitespaceRemoved()) { 299 if (url.PotentiallyDanglingMarkup() && url.ProtocolIsInHTTPFamily()) {
300 CountDeprecation(UseCounter::kCanRequestURLHTTPContainingNewline); 300 CountDeprecation(UseCounter::kCanRequestURLHTTPContainingNewline);
301 if (url.ProtocolIsInHTTPFamily()) { 301 if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled())
302 if (RuntimeEnabledFeatures::restrictCanRequestURLCharacterSetEnabled()) 302 return ResourceRequestBlockedReason::kOther;
303 return ResourceRequestBlockedReason::kOther;
304 } else {
305 CountUsage(UseCounter::kCanRequestURLNonHTTPContainingNewline);
306 }
307 } 303 }
308 304
309 // Let the client have the final say into whether or not the load should 305 // Let the client have the final say into whether or not the load should
310 // proceed. 306 // proceed.
311 if (GetSubresourceFilter() && type != Resource::kMainResource && 307 if (GetSubresourceFilter() && type != Resource::kMainResource &&
312 type != Resource::kImportResource) { 308 type != Resource::kImportResource) {
313 if (!GetSubresourceFilter()->AllowLoad( 309 if (!GetSubresourceFilter()->AllowLoad(
314 url, resource_request.GetRequestContext(), reporting_policy)) { 310 url, resource_request.GetRequestContext(), reporting_policy)) {
315 return ResourceRequestBlockedReason::kSubresourceFilter; 311 return ResourceRequestBlockedReason::kSubresourceFilter;
316 } 312 }
317 } 313 }
318 314
319 return ResourceRequestBlockedReason::kNone; 315 return ResourceRequestBlockedReason::kNone;
320 } 316 }
321 317
322 DEFINE_TRACE(BaseFetchContext) { 318 DEFINE_TRACE(BaseFetchContext) {
323 visitor->Trace(execution_context_); 319 visitor->Trace(execution_context_);
324 FetchContext::Trace(visitor); 320 FetchContext::Trace(visitor);
325 } 321 }
326 322
327 } // namespace blink 323 } // namespace blink
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698