| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_host_impl.h" | 5 #include "content/browser/frame_host/render_frame_host_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 #include "content/browser/renderer_host/input/input_router_impl.h" | 50 #include "content/browser/renderer_host/input/input_router_impl.h" |
| 51 #include "content/browser/renderer_host/input/timeout_monitor.h" | 51 #include "content/browser/renderer_host/input/timeout_monitor.h" |
| 52 #include "content/browser/renderer_host/media/media_devices_dispatcher_host.h" | 52 #include "content/browser/renderer_host/media/media_devices_dispatcher_host.h" |
| 53 #include "content/browser/renderer_host/render_process_host_impl.h" | 53 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 54 #include "content/browser/renderer_host/render_view_host_delegate.h" | 54 #include "content/browser/renderer_host/render_view_host_delegate.h" |
| 55 #include "content/browser/renderer_host/render_view_host_delegate_view.h" | 55 #include "content/browser/renderer_host/render_view_host_delegate_view.h" |
| 56 #include "content/browser/renderer_host/render_view_host_impl.h" | 56 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 57 #include "content/browser/renderer_host/render_widget_host_delegate.h" | 57 #include "content/browser/renderer_host/render_widget_host_delegate.h" |
| 58 #include "content/browser/renderer_host/render_widget_host_impl.h" | 58 #include "content/browser/renderer_host/render_widget_host_impl.h" |
| 59 #include "content/browser/renderer_host/render_widget_host_view_base.h" | 59 #include "content/browser/renderer_host/render_widget_host_view_base.h" |
| 60 #include "content/browser/resource_request_body_browser_utils.h" |
| 60 #include "content/browser/shared_worker/shared_worker_service_impl.h" | 61 #include "content/browser/shared_worker/shared_worker_service_impl.h" |
| 61 #include "content/browser/websockets/websocket_manager.h" | 62 #include "content/browser/websockets/websocket_manager.h" |
| 62 #include "content/browser/webui/url_data_manager_backend.h" | 63 #include "content/browser/webui/url_data_manager_backend.h" |
| 63 #include "content/browser/webui/web_ui_controller_factory_registry.h" | 64 #include "content/browser/webui/web_ui_controller_factory_registry.h" |
| 64 #include "content/browser/webui/web_ui_url_loader_factory.h" | 65 #include "content/browser/webui/web_ui_url_loader_factory.h" |
| 65 #include "content/common/accessibility_messages.h" | 66 #include "content/common/accessibility_messages.h" |
| 66 #include "content/common/associated_interface_provider_impl.h" | 67 #include "content/common/associated_interface_provider_impl.h" |
| 67 #include "content/common/associated_interface_registry_impl.h" | 68 #include "content/common/associated_interface_registry_impl.h" |
| 68 #include "content/common/associated_interfaces.mojom.h" | 69 #include "content/common/associated_interfaces.mojom.h" |
| 69 #include "content/common/content_security_policy/content_security_policy.h" | 70 #include "content/common/content_security_policy/content_security_policy.h" |
| (...skipping 2103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2173 TRACE_EVENT2("navigation", "RenderFrameHostImpl::OnBeginNavigation", | 2174 TRACE_EVENT2("navigation", "RenderFrameHostImpl::OnBeginNavigation", |
| 2174 "frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url", | 2175 "frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url", |
| 2175 common_params.url.possibly_invalid_spec()); | 2176 common_params.url.possibly_invalid_spec()); |
| 2176 | 2177 |
| 2177 CommonNavigationParams validated_params = common_params; | 2178 CommonNavigationParams validated_params = common_params; |
| 2178 GetProcess()->FilterURL(false, &validated_params.url); | 2179 GetProcess()->FilterURL(false, &validated_params.url); |
| 2179 | 2180 |
| 2180 BeginNavigationParams validated_begin_params = begin_params; | 2181 BeginNavigationParams validated_begin_params = begin_params; |
| 2181 GetProcess()->FilterURL(true, &validated_begin_params.searchable_form_url); | 2182 GetProcess()->FilterURL(true, &validated_begin_params.searchable_form_url); |
| 2182 | 2183 |
| 2183 if (!ValidateUploadParams(validated_params)) { | 2184 if (!CanReadRequestBody(GetSiteInstance(), validated_params.post_data)) { |
| 2184 bad_message::ReceivedBadMessage(GetProcess(), | 2185 bad_message::ReceivedBadMessage(GetProcess(), |
| 2185 bad_message::RFH_ILLEGAL_UPLOAD_PARAMS); | 2186 bad_message::RFH_ILLEGAL_UPLOAD_PARAMS); |
| 2186 return; | 2187 return; |
| 2187 } | 2188 } |
| 2188 | 2189 |
| 2189 if (waiting_for_init_) { | 2190 if (waiting_for_init_) { |
| 2190 pendinging_navigate_ = base::MakeUnique<PendingNavigation>( | 2191 pendinging_navigate_ = base::MakeUnique<PendingNavigation>( |
| 2191 validated_params, validated_begin_params); | 2192 validated_params, validated_begin_params); |
| 2192 return; | 2193 return; |
| 2193 } | 2194 } |
| (...skipping 1767 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3961 | 3962 |
| 3962 last_committed_site_url_ = site_url; | 3963 last_committed_site_url_ = site_url; |
| 3963 | 3964 |
| 3964 if (!last_committed_site_url_.is_empty()) { | 3965 if (!last_committed_site_url_.is_empty()) { |
| 3965 RenderProcessHostImpl::AddFrameWithSite( | 3966 RenderProcessHostImpl::AddFrameWithSite( |
| 3966 frame_tree_node_->navigator()->GetController()->GetBrowserContext(), | 3967 frame_tree_node_->navigator()->GetController()->GetBrowserContext(), |
| 3967 GetProcess(), last_committed_site_url_); | 3968 GetProcess(), last_committed_site_url_); |
| 3968 } | 3969 } |
| 3969 } | 3970 } |
| 3970 | 3971 |
| 3971 bool RenderFrameHostImpl::ValidateUploadParams( | |
| 3972 const CommonNavigationParams& common_params) { | |
| 3973 if (!common_params.post_data.get()) | |
| 3974 return true; | |
| 3975 | |
| 3976 // Check if the renderer is permitted to upload the requested files. | |
| 3977 const std::vector<ResourceRequestBodyImpl::Element>* uploads = | |
| 3978 common_params.post_data->elements(); | |
| 3979 std::vector<ResourceRequestBodyImpl::Element>::const_iterator iter; | |
| 3980 ChildProcessSecurityPolicyImpl* security_policy = | |
| 3981 ChildProcessSecurityPolicyImpl::GetInstance(); | |
| 3982 for (iter = uploads->begin(); iter != uploads->end(); ++iter) { | |
| 3983 if (iter->type() == ResourceRequestBodyImpl::Element::TYPE_FILE && | |
| 3984 !security_policy->CanReadFile(GetProcess()->GetID(), iter->path())) { | |
| 3985 return false; | |
| 3986 } | |
| 3987 if (iter->type() == | |
| 3988 ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM) { | |
| 3989 StoragePartition* storage_partition = BrowserContext::GetStoragePartition( | |
| 3990 GetSiteInstance()->GetBrowserContext(), GetSiteInstance()); | |
| 3991 storage::FileSystemURL url = | |
| 3992 storage_partition->GetFileSystemContext()->CrackURL( | |
| 3993 iter->filesystem_url()); | |
| 3994 if (!security_policy->CanReadFileSystemFile(GetProcess()->GetID(), url)) | |
| 3995 return false; | |
| 3996 } | |
| 3997 } | |
| 3998 return true; | |
| 3999 } | |
| 4000 | |
| 4001 #if defined(OS_ANDROID) | 3972 #if defined(OS_ANDROID) |
| 4002 | 3973 |
| 4003 class RenderFrameHostImpl::JavaInterfaceProvider | 3974 class RenderFrameHostImpl::JavaInterfaceProvider |
| 4004 : public service_manager::mojom::InterfaceProvider { | 3975 : public service_manager::mojom::InterfaceProvider { |
| 4005 public: | 3976 public: |
| 4006 using BindCallback = | 3977 using BindCallback = |
| 4007 base::Callback<void(const std::string&, mojo::ScopedMessagePipeHandle)>; | 3978 base::Callback<void(const std::string&, mojo::ScopedMessagePipeHandle)>; |
| 4008 | 3979 |
| 4009 JavaInterfaceProvider( | 3980 JavaInterfaceProvider( |
| 4010 const BindCallback& bind_callback, | 3981 const BindCallback& bind_callback, |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4055 } | 4026 } |
| 4056 | 4027 |
| 4057 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( | 4028 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( |
| 4058 const std::string& interface_name, | 4029 const std::string& interface_name, |
| 4059 mojo::ScopedMessagePipeHandle pipe) { | 4030 mojo::ScopedMessagePipeHandle pipe) { |
| 4060 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); | 4031 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); |
| 4061 } | 4032 } |
| 4062 #endif | 4033 #endif |
| 4063 | 4034 |
| 4064 } // namespace content | 4035 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2905763002:
Deduplicating CanReadRequestBody code. (Closed)
