Chromium Code Reviews Chromium Code Reviews
Issue 303793003:
Make mixed content checking and CSP aware of RemoteFrames (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/csp/CSPDirectiveList.h" | 6 #include "core/frame/csp/CSPDirectiveList.h" |
| 7 | 7 |
| 8 #include "core/frame/LocalFrame.h" | 8 #include "core/frame/LocalFrame.h" |
| 9 #include "platform/ParsingUtilities.h" | 9 #include "platform/ParsingUtilities.h" |
| 10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u rl) const | 85 bool CSPDirectiveList::checkSource(SourceListDirective* directive, const KURL& u rl) const |
| 86 { | 86 { |
| 87 return !directive || directive->allows(url); | 87 return !directive || directive->allows(url); |
| 88 } | 88 } |
| 89 | 89 |
| 90 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame * frame) const | 90 bool CSPDirectiveList::checkAncestors(SourceListDirective* directive, LocalFrame * frame) const |
| 91 { | 91 { |
| 92 if (!frame || !directive) | 92 if (!frame || !directive) |
| 93 return true; | 93 return true; |
| 94 | 94 |
| 95 for (LocalFrame* current = frame->tree().parent(); current; current = curren t->tree().parent()) { | 95 for (Frame* current = frame->tree().parent(); current; current = current->tr ee().parent()) { |
| 96 if (!directive->allows(current->document()->url())) | 96 // FIXME: To make this work for out-of-process iframes, we need to propa gate URL information of ancestor frames across processes. |
| 97 if (!current->isLocalFrame() || !directive->allows(toLocalFrame(current) ->document()->url())) | |
|
Mike West
2014/05/29 09:47:41
This will block loading any page that sets a frame
kenrb
2014/05/29 13:38:41
RemoteFrames will only be used behind a flag until
| |
| 97 return false; | 98 return false; |
| 98 } | 99 } |
| 99 return true; | 100 return true; |
| 100 } | 101 } |
| 101 | 102 |
| 102 bool CSPDirectiveList::checkMediaType(MediaListDirective* directive, const Strin g& type, const String& typeAttribute) const | 103 bool CSPDirectiveList::checkMediaType(MediaListDirective* directive, const Strin g& type, const String& typeAttribute) const |
| 103 { | 104 { |
| 104 if (!directive) | 105 if (!directive) |
| 105 return true; | 106 return true; |
| 106 if (typeAttribute.isEmpty() || typeAttribute.stripWhiteSpace() != type) | 107 if (typeAttribute.isEmpty() || typeAttribute.stripWhiteSpace() != type) |
| (...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 670 else | 671 else |
| 671 m_policy->reportUnsupportedDirective(name); | 672 m_policy->reportUnsupportedDirective(name); |
| 672 } else { | 673 } else { |
| 673 m_policy->reportUnsupportedDirective(name); | 674 m_policy->reportUnsupportedDirective(name); |
| 674 } | 675 } |
| 675 } | 676 } |
| 676 | 677 |
| 677 | 678 |
| 678 } // namespace WebCore | 679 } // namespace WebCore |
| 679 | 680 |
| OLD | NEW |
