Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/navigation_controller_impl.cc

Issue 372403002: Allow "cross-origin" navigations from about:blank in AreURLsInPageNavigation (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: +TODOs Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/navigation_controller_impl.h" 5 #include "content/browser/frame_host/navigation_controller_impl.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/debug/trace_event.h" 9 #include "base/debug/trace_event.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
116 // The one thing we do know is that cross-origin navigations will *never* be 116 // The one thing we do know is that cross-origin navigations will *never* be
117 // in-page. Therefore, trust the renderer if the URLs are on the same origin, 117 // in-page. Therefore, trust the renderer if the URLs are on the same origin,
118 // and assume the renderer is malicious if a cross-origin navigation claims to 118 // and assume the renderer is malicious if a cross-origin navigation claims to
119 // be in-page. 119 // be in-page.
120 bool AreURLsInPageNavigation(const GURL& existing_url, 120 bool AreURLsInPageNavigation(const GURL& existing_url,
121 const GURL& new_url, 121 const GURL& new_url,
122 bool renderer_says_in_page, 122 bool renderer_says_in_page,
123 RenderFrameHost* rfh) { 123 RenderFrameHost* rfh) {
124 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences(); 124 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences();
125 bool is_same_origin = existing_url.is_empty() || 125 bool is_same_origin = existing_url.is_empty() ||
126 // TODO(japhet): We should only permit navigations
127 // originating from about:blank to be in-page if the
128 // about:blank is the first document that frame loaded.
129 // We don't have sufficient information to identify
130 // that case at the moment, so always allow about:blank
131 // for now.
132 existing_url == GURL(url::kAboutBlankURL) ||
126 existing_url.GetOrigin() == new_url.GetOrigin() || 133 existing_url.GetOrigin() == new_url.GetOrigin() ||
127 !prefs.web_security_enabled; 134 !prefs.web_security_enabled;
128 if (!is_same_origin && renderer_says_in_page) 135 if (!is_same_origin && renderer_says_in_page)
129 rfh->GetProcess()->ReceivedBadMessage(); 136 rfh->GetProcess()->ReceivedBadMessage();
130 return is_same_origin && renderer_says_in_page; 137 return is_same_origin && renderer_says_in_page;
131 } 138 }
132 139
133 // Determines whether or not we should be carrying over a user agent override 140 // Determines whether or not we should be carrying over a user agent override
134 // between two NavigationEntries. 141 // between two NavigationEntries.
135 bool ShouldKeepOverride(const NavigationEntry* last_entry) { 142 bool ShouldKeepOverride(const NavigationEntry* last_entry) {
(...skipping 1639 matching lines...) Expand 10 before | Expand all | Expand 10 after
1775 } 1782 }
1776 } 1783 }
1777 } 1784 }
1778 1785
1779 void NavigationControllerImpl::SetGetTimestampCallbackForTest( 1786 void NavigationControllerImpl::SetGetTimestampCallbackForTest(
1780 const base::Callback<base::Time()>& get_timestamp_callback) { 1787 const base::Callback<base::Time()>& get_timestamp_callback) {
1781 get_timestamp_callback_ = get_timestamp_callback; 1788 get_timestamp_callback_ = get_timestamp_callback;
1782 } 1789 }
1783 1790
1784 } // namespace content 1791 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698