Index: content/browser/child_process_security_policy_impl.cc |
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc |
index e8af7514fa820f1bcdcc40cd6c4cb44354dacbd6..66fc5c421ba7dffacddca875d74bb9b3d6d1a781 100644 |
--- a/content/browser/child_process_security_policy_impl.cc |
+++ b/content/browser/child_process_security_policy_impl.cc |
@@ -667,6 +667,25 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
!net::URLRequest::IsHandledURL(url); |
} |
+bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) { |
Charlie Reis
2017/07/07 17:12:59
It makes me nervous to be doing a narrower version
clamy
2017/07/10 12:29:19
The issue is that we need to block redirects to re
Charlie Reis
2017/07/10 21:16:21
I'm happy with where we ended up. I think there's
|
+ if (!url.is_valid()) |
+ return false; // Can't redirect to invalid URLs. |
+ |
+ const std::string& scheme = url.scheme(); |
+ |
+ if (IsPseudoScheme(scheme)) { |
+ // Redirects to a pseudo scheme (about, javascript, view-source, ...) are |
+ // not allowed. An exception is made for <about:blank> and its variations. |
+ return url.IsAboutBlank(); |
+ } |
+ |
+ // Redirects to blob-url or filesystem-url are not allowed. |
+ if (url.SchemeIsBlob() || url.SchemeIsFileSystem()) |
+ return false; |
+ |
+ return IsWebSafeScheme(scheme); |
Charlie Reis
2017/07/07 17:12:59
We're basically skipping the CanCommitURL and IsHa
clamy
2017/07/10 12:29:19
As explained above, we can't really use the proces
Charlie Reis
2017/07/10 21:16:21
Sure. If we need to, we can tighten it in a separ
|
+} |
+ |
bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
const GURL& url) { |
if (!url.is_valid()) |