Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(785)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 2966203002: Avoid string copy of url.scheme() in ChildProcessSecurityPolicyImpl. (Closed)
Patch Set: Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index e8af7514fa820f1bcdcc40cd6c4cb44354dacbd6..779aa5b398a5868d21dd407cf5a658a7f22ca328 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -443,10 +443,12 @@ void ChildProcessSecurityPolicyImpl::GrantRequestURL(
if (!url.is_valid())
return; // Can't grant the capability to request invalid URLs.
- if (IsWebSafeScheme(url.scheme()))
+ const std::string& scheme = url.scheme();
+
+ if (IsWebSafeScheme(scheme))
return; // The scheme has already been whitelisted for every child process.
- if (IsPseudoScheme(url.scheme())) {
+ if (IsPseudoScheme(scheme)) {
return; // Can't grant the capability to request pseudo schemes.
}
@@ -462,7 +464,7 @@ void ChildProcessSecurityPolicyImpl::GrantRequestURL(
// When the child process has been commanded to request this scheme,
// we grant it the capability to request all URLs of that scheme.
- state->second->GrantScheme(url.scheme());
+ state->second->GrantScheme(scheme);
}
}
@@ -632,7 +634,9 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
if (!url.is_valid())
return false; // Can't request invalid URLs.
- if (IsPseudoScheme(url.scheme())) {
+ const std::string& scheme = url.scheme();
+
+ if (IsPseudoScheme(scheme)) {
// Every child process can request <about:blank>, <about:blank?foo>,
// <about:blank/#foo> and <about:srcdoc>.
if (url.IsAboutBlank() || url == kAboutSrcDocURL)
@@ -655,7 +659,7 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
CanCommitURL(child_id, GURL(origin.Serialize()));
}
- if (IsWebSafeScheme(url.scheme()))
+ if (IsWebSafeScheme(scheme))
return true;
// If the process can commit the URL, it can request it.
@@ -672,9 +676,11 @@ bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
if (!url.is_valid())
return false; // Can't commit invalid URLs.
+ const std::string& scheme = url.scheme();
+
// Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to
// commit.
- if (IsPseudoScheme(url.scheme()))
+ if (IsPseudoScheme(scheme))
return url == url::kAboutBlankURL || url == kAboutSrcDocURL;
// Blob and filesystem URLs require special treatment; validate the inner
@@ -701,7 +707,7 @@ bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
// site, so CanCommitURL will need to rely on explicit, per-process grants.
// Note how today, even with extension isolation, the line below does not
// enforce that http pages cannot commit in an extension process.
- if (base::ContainsKey(schemes_okay_to_commit_in_any_process_, url.scheme()))
+ if (base::ContainsKey(schemes_okay_to_commit_in_any_process_, scheme))
return true;
SecurityStateMap::iterator state = security_state_.find(child_id);
@@ -719,10 +725,12 @@ bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id,
if (!url.is_valid())
return false; // Can't set invalid URLs as origin headers.
+ const std::string& scheme = url.scheme();
+
// Suborigin URLs are a special case and are allowed to be an origin header.
- if (url.scheme() == url::kHttpSuboriginScheme ||
- url.scheme() == url::kHttpsSuboriginScheme) {
- DCHECK(IsPseudoScheme(url.scheme()));
+ if (scheme == url::kHttpSuboriginScheme ||
+ scheme == url::kHttpsSuboriginScheme) {
+ DCHECK(IsPseudoScheme(scheme));
return true;
}
@@ -740,8 +748,7 @@ bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id,
// document origin.
{
base::AutoLock lock(lock_);
- if (base::ContainsKey(schemes_okay_to_appear_as_origin_headers_,
- url.scheme()))
+ if (base::ContainsKey(schemes_okay_to_appear_as_origin_headers_, scheme))
return true;
}
return false;
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698