| OLD | NEW |
|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/browser_commands.h" | 5 #include "chrome/browser/ui/browser_commands.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
| 9 #include "base/prefs/pref_service.h" | 9 #include "base/prefs/pref_service.h" |
| 10 #include "base/strings/utf_string_conversions.h" | 10 #include "base/strings/utf_string_conversions.h" |
| (...skipping 1130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1141 | 1141 |
| 1142 void ViewSource(Browser* browser, WebContents* contents) { | 1142 void ViewSource(Browser* browser, WebContents* contents) { |
| 1143 DCHECK(contents); | 1143 DCHECK(contents); |
| 1144 | 1144 |
| 1145 // Use the last committed entry, since the pending entry hasn't loaded yet and | 1145 // Use the last committed entry, since the pending entry hasn't loaded yet and |
| 1146 // won't be copied into the cloned tab. | 1146 // won't be copied into the cloned tab. |
| 1147 NavigationEntry* entry = contents->GetController().GetLastCommittedEntry(); | 1147 NavigationEntry* entry = contents->GetController().GetLastCommittedEntry(); |
| 1148 if (!entry) | 1148 if (!entry) |
| 1149 return; | 1149 return; |
| 1150 | 1150 |
| 1151 // The URL "data:," is a special case, since Blink uses it when it wants to |
| 1152 // show a "blocked page" from its reflected XSS filter. When the XSS filter |
| 1153 // triggers, the current entry gets marked as containing an XSS, and then a |
| 1154 // new navigation to "data:," occurs on top of it. Showing that page in place |
| 1155 // of the "data:," URL permits examination of the cause of the reflection. |
| 1156 if (entry->GetURL() == GURL("data:,")) { |
| 1157 NavigationEntry* previous = contents->GetController().GetEntryAtOffset(-1); |
| 1158 if (previous && previous->GetXssDetected()) |
| 1159 entry = previous; |
| 1160 } |
| 1161 |
| 1151 ViewSource(browser, contents, entry->GetURL(), entry->GetPageState()); | 1162 ViewSource(browser, contents, entry->GetURL(), entry->GetPageState()); |
| 1152 } | 1163 } |
| 1153 | 1164 |
| 1154 void ViewSource(Browser* browser, | 1165 void ViewSource(Browser* browser, |
| 1155 WebContents* contents, | 1166 WebContents* contents, |
| 1156 const GURL& url, | 1167 const GURL& url, |
| 1157 const content::PageState& page_state) { | 1168 const content::PageState& page_state) { |
| 1158 content::RecordAction(UserMetricsAction("ViewSource")); | 1169 content::RecordAction(UserMetricsAction("ViewSource")); |
| 1159 DCHECK(contents); | 1170 DCHECK(contents); |
| 1160 | 1171 |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1266 browser->profile(), | 1277 browser->profile(), |
| 1267 browser->host_desktop_type())); | 1278 browser->host_desktop_type())); |
| 1268 app_browser->tab_strip_model()->AppendWebContents(contents, true); | 1279 app_browser->tab_strip_model()->AppendWebContents(contents, true); |
| 1269 | 1280 |
| 1270 contents->GetMutableRendererPrefs()->can_accept_load_drops = false; | 1281 contents->GetMutableRendererPrefs()->can_accept_load_drops = false; |
| 1271 contents->GetRenderViewHost()->SyncRendererPrefs(); | 1282 contents->GetRenderViewHost()->SyncRendererPrefs(); |
| 1272 app_browser->window()->Show(); | 1283 app_browser->window()->Show(); |
| 1273 } | 1284 } |
| 1274 | 1285 |
| 1275 } // namespace chrome | 1286 } // namespace chrome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 304313003:
Allow view-source of pages fully-blocked by Blink's XSS filter. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src