Chromium Code Reviews Chromium Code Reviews
Issue 2973433003:
Block redirects to renderer-debug urls. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 649 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 660 | 660 |
| 661 // If the process can commit the URL, it can request it. | 661 // If the process can commit the URL, it can request it. |
| 662 if (CanCommitURL(child_id, url)) | 662 if (CanCommitURL(child_id, url)) |
| 663 return true; | 663 return true; |
| 664 | 664 |
| 665 // Also allow URLs destined for ShellExecute and not the browser itself. | 665 // Also allow URLs destined for ShellExecute and not the browser itself. |
| 666 return !GetContentClient()->browser()->IsHandledURL(url) && | 666 return !GetContentClient()->browser()->IsHandledURL(url) && |
| 667 !net::URLRequest::IsHandledURL(url); | 667 !net::URLRequest::IsHandledURL(url); |
| 668 } | 668 } |
| 669 | 669 |
| 670 bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) { | |
| 671 if (!url.is_valid()) | |
| 672 return false; // Can't redirect to invalid URLs. | |
| 673 | |
| 674 if (IsPseudoScheme(url.scheme())) { | |
|
Charlie Harrison
2017/07/05 13:52:31
nit:
const std::string& scheme = url.scheme() and
arthursonzogni
2017/07/05 14:52:19
In this case, for consistency, the same thing shou
| |
| 675 // Redirects to a pseudo scheme (about, javascript, view-source, ...) are | |
| 676 // not allowed. An exception is made for <about:blank> and its variations. | |
| 677 return url.IsAboutBlank(); | |
| 678 } | |
| 679 | |
| 680 // Redirects to blob-url or filesystem-url are not allowed. | |
| 681 if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) | |
| 682 return false; | |
| 683 | |
| 684 return IsWebSafeScheme(url.scheme()); | |
| 685 } | |
| 686 | |
| 670 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, | 687 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
| 671 const GURL& url) { | 688 const GURL& url) { |
| 672 if (!url.is_valid()) | 689 if (!url.is_valid()) |
| 673 return false; // Can't commit invalid URLs. | 690 return false; // Can't commit invalid URLs. |
| 674 | 691 |
| 675 // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to | 692 // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to |
| 676 // commit. | 693 // commit. |
| 677 if (IsPseudoScheme(url.scheme())) | 694 if (IsPseudoScheme(url.scheme())) |
| 678 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; | 695 return url == url::kAboutBlankURL || url == kAboutSrcDocURL; |
| 679 | 696 |
| (...skipping 463 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1143 return found; | 1160 return found; |
| 1144 } | 1161 } |
| 1145 | 1162 |
| 1146 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( | 1163 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting( |
| 1147 const url::Origin& origin) { | 1164 const url::Origin& origin) { |
| 1148 base::AutoLock lock(lock_); | 1165 base::AutoLock lock(lock_); |
| 1149 isolated_origins_.erase(origin); | 1166 isolated_origins_.erase(origin); |
| 1150 } | 1167 } |
| 1151 | 1168 |
| 1152 } // namespace content | 1169 } // namespace content |
| OLD | NEW |
