Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(242)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 2973433003: Block redirects to renderer-debug urls. (Closed)
Patch Set: Addressed comments. Add CanRequestURL again. Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | content/browser/child_process_security_policy_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 779aa5b398a5868d21dd407cf5a658a7f22ca328..9a935795f7a6a5610310e025e0ac098c2f26e532 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -671,6 +671,21 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
!net::URLRequest::IsHandledURL(url);
}
+bool ChildProcessSecurityPolicyImpl::CanRedirectToURL(const GURL& url) {
+ if (!url.is_valid())
+ return false; // Can't redirect to invalid URLs.
+
+ const std::string& scheme = url.scheme();
+
+ if (IsPseudoScheme(scheme)) {
+ // Redirects to a pseudo scheme (about, javascript, view-source, ...) are
+ // not allowed. An exception is made for <about:blank> and its variations.
+ return url.IsAboutBlank();
+ }
+
+ return true;
+}
+
bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
const GURL& url) {
if (!url.is_valid())
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | content/browser/child_process_security_policy_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698