Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(934)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 2908433003: RenderFrameProxyHost::OnOpenURL needs to validate resource request body. (Closed)
Patch Set: Covering RenderFrameHostImpl as well and rearranging the test to pass on Android. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/cross_site_transfer_browsertest.cc ('K') | « content/browser/cross_site_transfer_browsertest.cc ('k') | content/browser/frame_host/render_frame_proxy_host.cc » ('j') | content/browser/resource_request_body_browser_utils.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 #include "content/browser/renderer_host/input/input_router_impl.h" 50 #include "content/browser/renderer_host/input/input_router_impl.h"
51 #include "content/browser/renderer_host/input/timeout_monitor.h" 51 #include "content/browser/renderer_host/input/timeout_monitor.h"
52 #include "content/browser/renderer_host/media/media_devices_dispatcher_host.h" 52 #include "content/browser/renderer_host/media/media_devices_dispatcher_host.h"
53 #include "content/browser/renderer_host/render_process_host_impl.h" 53 #include "content/browser/renderer_host/render_process_host_impl.h"
54 #include "content/browser/renderer_host/render_view_host_delegate.h" 54 #include "content/browser/renderer_host/render_view_host_delegate.h"
55 #include "content/browser/renderer_host/render_view_host_delegate_view.h" 55 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
56 #include "content/browser/renderer_host/render_view_host_impl.h" 56 #include "content/browser/renderer_host/render_view_host_impl.h"
57 #include "content/browser/renderer_host/render_widget_host_delegate.h" 57 #include "content/browser/renderer_host/render_widget_host_delegate.h"
58 #include "content/browser/renderer_host/render_widget_host_impl.h" 58 #include "content/browser/renderer_host/render_widget_host_impl.h"
59 #include "content/browser/renderer_host/render_widget_host_view_base.h" 59 #include "content/browser/renderer_host/render_widget_host_view_base.h"
60 #include "content/browser/resource_request_body_browser_utils.h"
60 #include "content/browser/shared_worker/shared_worker_service_impl.h" 61 #include "content/browser/shared_worker/shared_worker_service_impl.h"
61 #include "content/browser/websockets/websocket_manager.h" 62 #include "content/browser/websockets/websocket_manager.h"
62 #include "content/browser/webui/url_data_manager_backend.h" 63 #include "content/browser/webui/url_data_manager_backend.h"
63 #include "content/browser/webui/web_ui_controller_factory_registry.h" 64 #include "content/browser/webui/web_ui_controller_factory_registry.h"
64 #include "content/browser/webui/web_ui_url_loader_factory.h" 65 #include "content/browser/webui/web_ui_url_loader_factory.h"
65 #include "content/common/accessibility_messages.h" 66 #include "content/common/accessibility_messages.h"
66 #include "content/common/associated_interface_provider_impl.h" 67 #include "content/common/associated_interface_provider_impl.h"
67 #include "content/common/associated_interface_registry_impl.h" 68 #include "content/common/associated_interface_registry_impl.h"
68 #include "content/common/associated_interfaces.mojom.h" 69 #include "content/common/associated_interfaces.mojom.h"
69 #include "content/common/content_security_policy/content_security_policy.h" 70 #include "content/common/content_security_policy/content_security_policy.h"
(...skipping 1144 matching lines...) Expand 10 before | Expand all | Expand 10 after
1214 frame_tree_->RemoveFrame(frame_tree_node_); 1215 frame_tree_->RemoveFrame(frame_tree_node_);
1215 } 1216 }
1216 1217
1217 void RenderFrameHostImpl::OnFrameFocused() { 1218 void RenderFrameHostImpl::OnFrameFocused() {
1218 delegate_->SetFocusedFrame(frame_tree_node_, GetSiteInstance()); 1219 delegate_->SetFocusedFrame(frame_tree_node_, GetSiteInstance());
1219 } 1220 }
1220 1221
1221 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) { 1222 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) {
1222 GURL validated_url(params.url); 1223 GURL validated_url(params.url);
1223 GetProcess()->FilterURL(false, &validated_url); 1224 GetProcess()->FilterURL(false, &validated_url);
1225 if (!CanReadRequestBody(GetSiteInstance(), params.resource_request_body)) {
1226 bad_message::ReceivedBadMessage(GetProcess(),
1227 bad_message::RFH_ILLEGAL_UPLOAD_PARAMS);
Łukasz Anforowicz 2017/05/25 19:56:01 This reuses the bad_message flavour added yesterda
alexmos 2017/05/25 23:44:06 I think so. If we ever get a problem with a lot o
1228 return;
1229 }
1224 1230
1225 if (params.is_history_navigation_in_new_child) { 1231 if (params.is_history_navigation_in_new_child) {
1226 // Try to find a FrameNavigationEntry that matches this frame instead, based 1232 // Try to find a FrameNavigationEntry that matches this frame instead, based
1227 // on the frame's unique name. If this can't be found, fall back to the 1233 // on the frame's unique name. If this can't be found, fall back to the
1228 // default params using RequestOpenURL below. 1234 // default params using RequestOpenURL below.
1229 if (frame_tree_node_->navigator()->NavigateNewChildFrame(this, 1235 if (frame_tree_node_->navigator()->NavigateNewChildFrame(this,
1230 validated_url)) 1236 validated_url))
1231 return; 1237 return;
1232 } 1238 }
1233 1239
(...skipping 2821 matching lines...) Expand 10 before | Expand all | Expand 10 after
4055 } 4061 }
4056 4062
4057 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame( 4063 void RenderFrameHostImpl::ForwardGetInterfaceToRenderFrame(
4058 const std::string& interface_name, 4064 const std::string& interface_name,
4059 mojo::ScopedMessagePipeHandle pipe) { 4065 mojo::ScopedMessagePipeHandle pipe) {
4060 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe)); 4066 GetRemoteInterfaces()->GetInterface(interface_name, std::move(pipe));
4061 } 4067 }
4062 #endif 4068 #endif
4063 4069
4064 } // namespace content 4070 } // namespace content
OLDNEW
« content/browser/cross_site_transfer_browsertest.cc ('K') | « content/browser/cross_site_transfer_browsertest.cc ('k') | content/browser/frame_host/render_frame_proxy_host.cc » ('j') | content/browser/resource_request_body_browser_utils.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698