Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1279)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp

Issue 392993005: Custom handlers should throw SecurityError exception if the URL's origin differs from the document'… (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed review comments Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « LayoutTests/navigatorcontentutils/unregister-protocol-handler-expected.txt ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
diff --git a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
index 9e06b5af6e3a73d2f29e2a43ace267b702434267..6cefc67d74829aba0a8174017b2b6851622e36ac 100644
--- a/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
+++ b/Source/modules/navigatorcontentutils/NavigatorContentUtils.cpp
@@ -68,7 +68,7 @@ static void initProtocolHandlerWhitelist()
protocolWhitelist->add(protocols[i]);
}
-static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, ExceptionState& exceptionState)
+static bool verifyCustomHandlerURL(const Document& document, const String& url, ExceptionState& exceptionState)
{
// The specification requires that it is a SyntaxError if the "%s" token is
// not present.
@@ -84,6 +84,7 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep
String newURL = url;
newURL.remove(index, WTF_ARRAY_LENGTH(token) - 1);
+ KURL baseURL = document.baseURL();
KURL kurl(baseURL, newURL);
if (kurl.isEmpty() || !kurl.isValid()) {
@@ -91,6 +92,12 @@ static bool verifyCustomHandlerURL(const KURL& baseURL, const String& url, Excep
return false;
}
+ // The specification says that the API throws SecurityError exception if the URL's origin differs from the document's origin.
+ if (!document.securityOrigin()->canRequest(kurl)) {
+ exceptionState.throwSecurityError("Can only register custom handler in the document's origin.");
+ return false;
+ }
+
return true;
}
@@ -149,15 +156,16 @@ void NavigatorContentUtils::registerProtocolHandler(Navigator& navigator, const
if (!navigator.frame())
return;
- ASSERT(navigator.frame()->document());
- KURL baseURL = navigator.frame()->document()->baseURL();
+ Document* document = navigator.frame()->document();
+ ASSERT(document);
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+ if (!verifyCustomHandlerURL(*document, url, exceptionState))
return;
if (!verifyCustomHandlerScheme(scheme, exceptionState))
return;
+ KURL baseURL = document->baseURL();
gyuyoung-inactive 2014/07/21 00:30:20 Should we use "baseURL" local variable ? This loca
ASSERT(navigator.frame()->page());
NavigatorContentUtils::from(*navigator.frame()->page())->client()->registerProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url), title);
}
@@ -193,14 +201,13 @@ String NavigatorContentUtils::isProtocolHandlerRegistered(Navigator& navigator,
if (document->activeDOMObjectsAreStopped())
return declined;
- KURL baseURL = document->baseURL();
-
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+ if (!verifyCustomHandlerURL(*document, url, exceptionState))
return declined;
if (!verifyCustomHandlerScheme(scheme, exceptionState))
return declined;
+ KURL baseURL = document->baseURL();
ASSERT(navigator.frame()->page());
return customHandlersStateString(NavigatorContentUtils::from(*navigator.frame()->page())->client()->isProtocolHandlerRegistered(scheme, baseURL, KURL(ParsedURLString, url)));
}
@@ -210,15 +217,16 @@ void NavigatorContentUtils::unregisterProtocolHandler(Navigator& navigator, cons
if (!navigator.frame())
return;
- ASSERT(navigator.frame()->document());
- KURL baseURL = navigator.frame()->document()->baseURL();
+ Document* document = navigator.frame()->document();
+ ASSERT(document);
- if (!verifyCustomHandlerURL(baseURL, url, exceptionState))
+ if (!verifyCustomHandlerURL(*document, url, exceptionState))
return;
if (!verifyCustomHandlerScheme(scheme, exceptionState))
return;
+ KURL baseURL = document->baseURL();
gyuyoung-inactive 2014/07/21 00:30:20 ditto.
ASSERT(navigator.frame()->page());
NavigatorContentUtils::from(*navigator.frame()->page())->client()->unregisterProtocolHandler(scheme, baseURL, KURL(ParsedURLString, url));
}
« no previous file with comments | « LayoutTests/navigatorcontentutils/unregister-protocol-handler-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698