Block redirects to renderer-debug urls.

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
@@ skipping 653 matching lines @@
 
   // If the process can commit the URL, it can request it.
   if (CanCommitURL(child_id, url))
     return true;
 
   // Also allow URLs destined for ShellExecute and not the browser itself.
   return !GetContentClient()->browser()->IsHandledURL(url) &&
          !net::URLRequest::IsHandledURL(url);
 }
 
+bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) {
+  if (!url.is_valid())
+    return false;  // Can't redirect to invalid URLs.
+
+  const std::string& scheme = url.scheme();
+
+  if (IsPseudoScheme(scheme)) {
+    // Redirects to a pseudo scheme (about, javascript, view-source, ...) are
+    // not allowed. An exception is made for <about:blank> and its variations.
+    return url.IsAboutBlank();
+  }
+
+  // Note about redirects and some special URLs:

[clamy, 2017/07/12 14:19:57]

s/some/

[arthursonzogni, 2017/07/12 14:27:38]

Done.

+  // * data-url: Blocked by net::DataProtocolHandler::IsSafeRedirectTarget().
+  // * blob-url: Not necessary blocked, but a 'file not found' response will be

[clamy, 2017/07/12 14:19:56]

* Move the Depending... paragraph above this line.
* s/Not necessary blocked, but /If not blocked, (same for the filesystem part).

[arthursonzogni, 2017/07/12 14:27:38]

Done.

+  //             generated in net::BlobURLRequestJob::DidStart().
+  // * filesystem-url: Not necessary blocked and the response can be displayed.
+  //
+  // Depending on their inner origins and if the request is browser-initiated or
+  // renderer-initiated, blob-urls and filesystem-urls might get blocked by
+  // CanCommitURL or in DocumentLoader::RedirectReceived.
+
+  return true;
+}
+
 bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
                                                   const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't commit invalid URLs.
 
   const std::string& scheme = url.scheme();
 
   // Of all the pseudo schemes, only about:blank and about:srcdoc are allowed to
   // commit.
   if (IsPseudoScheme(scheme))
@@ skipping 466 matching lines @@
   return found;
 }
 
 void ChildProcessSecurityPolicyImpl::RemoveIsolatedOriginForTesting(
     const url::Origin& origin) {
   base::AutoLock lock(lock_);
   isolated_origins_.erase(origin);
 }
 
 }  // namespace content