Avoid string copy of url.scheme() in ChildProcessSecurityPolicyImpl.

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
@@ skipping 425 matching lines @@
 
   return base::ContainsKey(pseudo_schemes_, scheme);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantRequestURL(
     int child_id, const GURL& url) {
 
   if (!url.is_valid())
     return;  // Can't grant the capability to request invalid URLs.
 
-  if (IsWebSafeScheme(url.scheme()))
+  const std::string& scheme = url.scheme();
+
+  if (IsWebSafeScheme(scheme))
     return;  // The scheme has already been whitelisted for every child process.
 
-  if (IsPseudoScheme(url.scheme())) {
+  if (IsPseudoScheme(scheme)) {
     return;  // Can't grant the capability to request pseudo schemes.
   }
 
   if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) {
     return;  // Don't grant blanket access to blob: or filesystem: schemes.
   }
 
   {
     base::AutoLock lock(lock_);
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return;
 
     // When the child process has been commanded to request this scheme,
     // we grant it the capability to request all URLs of that scheme.
-    state->second->GrantScheme(url.scheme());
+    state->second->GrantScheme(scheme);
   }
 }
 
 void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
     int child_id,
     const GURL& url) {
   if (!url.SchemeIs(url::kFileScheme))
     return;
 
   {
@@ skipping 149 matching lines @@
     return;
 
   state->second->RevokeReadRawCookies();
 }
 
 bool ChildProcessSecurityPolicyImpl::CanRequestURL(
     int child_id, const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't request invalid URLs.
 
-  if (IsPseudoScheme(url.scheme())) {
+  const std::string& scheme = url.scheme();
+
+  if (IsPseudoScheme(scheme)) {
     // Every child process can request <about:blank>, <about:blank?foo>,
     // <about:blank/#foo> and <about:srcdoc>.
     if (url.IsAboutBlank() || url == kAboutSrcDocURL)
       return true;
     // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
     // requestable by any child process.  Also, this case covers
     // <javascript:...>, which should be handled internally by the process and
     // not kicked up to the browser.
     return false;
   }
 
   // Blob and filesystem URLs require special treatment, since they embed an
   // inner origin.
   if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) {
     if (IsMalformedBlobUrl(url))
       return false;
 
     url::Origin origin(url);
     return origin.unique() || IsWebSafeScheme(origin.scheme()) ||
            CanCommitURL(child_id, GURL(origin.Serialize()));
   }
 
-  if (IsWebSafeScheme(url.scheme()))
+  if (IsWebSafeScheme(scheme))
     return true;
 
   // If the process can commit the URL, it can request it.
   if (CanCommitURL(child_id, url))
     return true;
 
   // Also allow URLs destined for ShellExecute and not the browser itself.
   return !GetContentClient()->browser()->IsHandledURL(url) &&
          !net::URLRequest::IsHandledURL(url);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
                                                   const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't commit invalid URLs.
 
+  const std::string& scheme = url.scheme();
+
   // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to
   // commit.
-  if (IsPseudoScheme(url.scheme()))
+  if (IsPseudoScheme(scheme))
     return url == url::kAboutBlankURL || url == kAboutSrcDocURL;
 
   // Blob and filesystem URLs require special treatment; validate the inner
   // origin they embed.
   if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) {
     if (IsMalformedBlobUrl(url))
       return false;
 
     url::Origin origin(url);
     return origin.unique() || CanCommitURL(child_id, GURL(origin.Serialize()));
   }
 
   {
     base::AutoLock lock(lock_);
 
     // Most schemes can commit in any process. Note that we check
     // schemes_okay_to_commit_in_any_process_ here, which is stricter than
     // IsWebSafeScheme().
     //
     // TODO(creis, nick): https://crbug.com/515309: in generalized Site
     // Isolation and/or --site-per-process, there will be no such thing as a
     // scheme that is okay to commit in any process. Instead, an URL from a site
     // that is isolated may only be committed in a process dedicated to that
     // site, so CanCommitURL will need to rely on explicit, per-process grants.
     // Note how today, even with extension isolation, the line below does not
     // enforce that http pages cannot commit in an extension process.
-    if (base::ContainsKey(schemes_okay_to_commit_in_any_process_, url.scheme()))
+    if (base::ContainsKey(schemes_okay_to_commit_in_any_process_, scheme))
       return true;
 
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return false;
 
     // Otherwise, we consult the child process's security state to see if it is
     // allowed to commit the URL.
     return state->second->CanCommitURL(url);
   }
 }
 
 bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id,
                                                           const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't set invalid URLs as origin headers.
 
+  const std::string& scheme = url.scheme();
+
   // Suborigin URLs are a special case and are allowed to be an origin header.
-  if (url.scheme() == url::kHttpSuboriginScheme ||
-      url.scheme() == url::kHttpsSuboriginScheme) {
-    DCHECK(IsPseudoScheme(url.scheme()));
+  if (scheme == url::kHttpSuboriginScheme ||
+      scheme == url::kHttpsSuboriginScheme) {
+    DCHECK(IsPseudoScheme(scheme));
     return true;
   }
 
   // about:srcdoc cannot be used as an origin
   if (url == kAboutSrcDocURL)
     return false;
 
   // If this process can commit |url|, it can use |url| as an origin for
   // outbound requests.
   if (CanCommitURL(child_id, url))
     return true;
 
   // Allow schemes which may come from scripts executing in isolated worlds;
   // XHRs issued by such scripts reflect the script origin rather than the
   // document origin.
   {
     base::AutoLock lock(lock_);
-    if (base::ContainsKey(schemes_okay_to_appear_as_origin_headers_,
-                          url.scheme()))
+    if (base::ContainsKey(schemes_okay_to_appear_as_origin_headers_, scheme))
       return true;
   }
   return false;
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                                  const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
@@ skipping 388 matching lines @@
   return found;
 }
 
 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting(
     const url::Origin& origin) {
   base::AutoLock lock(lock_);
   isolated_origins_.erase(origin);
 }
 
 }  // namespace content