Index: content/browser/child_process_security_policy_impl.cc |
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc |
index 779aa5b398a5868d21dd407cf5a658a7f22ca328..9a935795f7a6a5610310e025e0ac098c2f26e532 100644 |
--- a/content/browser/child_process_security_policy_impl.cc |
+++ b/content/browser/child_process_security_policy_impl.cc |
@@ -671,6 +671,21 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
!net::URLRequest::IsHandledURL(url); |
} |
+bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) { |
+ if (!url.is_valid()) |
+ return false; // Can't redirect to invalid URLs. |
+ |
+ const std::string& scheme = url.scheme(); |
+ |
+ if (IsPseudoScheme(scheme)) { |
+ // Redirects to a pseudo scheme (about, javascript, view-source, ...) are |
+ // not allowed. An exception is made for <about:blank> and its variations. |
+ return url.IsAboutBlank(); |
+ } |
+ |
+ return true; |
+} |
+ |
bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id, |
const GURL& url) { |
if (!url.is_valid()) |