Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(355)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/renderer_context_menu/render_view_context_menu.cc

Issue 438283002: Sanitize referrer in context menus. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Change SerializedNavigationEntry::Sanitize and add extra check. Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/referrer_policy_browsertest.cc ('k') | chrome/test/data/referrer_policy/referrer-policy-start.html » ('j') | components/sessions/serialized_navigation_entry.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/renderer_context_menu/render_view_context_menu.h" 5 #include "chrome/browser/renderer_context_menu/render_view_context_menu.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <set> 8 #include <set>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 1516 matching lines...) Expand 10 before | Expand all | Expand 10 after
1527 NEW_WINDOW, content::PAGE_TRANSITION_LINK); 1527 NEW_WINDOW, content::PAGE_TRANSITION_LINK);
1528 break; 1528 break;
1529 1529
1530 case IDC_CONTENT_CONTEXT_OPENLINKOFFTHERECORD: 1530 case IDC_CONTENT_CONTEXT_OPENLINKOFFTHERECORD:
1531 OpenURL(params_.link_url, GURL(), OFF_THE_RECORD, 1531 OpenURL(params_.link_url, GURL(), OFF_THE_RECORD,
1532 content::PAGE_TRANSITION_LINK); 1532 content::PAGE_TRANSITION_LINK);
1533 break; 1533 break;
1534 1534
1535 case IDC_CONTENT_CONTEXT_SAVELINKAS: { 1535 case IDC_CONTENT_CONTEXT_SAVELINKAS: {
1536 RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU); 1536 RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU);
1537 const GURL& referrer = 1537 const GURL& url = params_.link_url;
1538 const GURL& referring_url =
1538 params_.frame_url.is_empty() ? params_.page_url : params_.frame_url; 1539 params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;
1539 const GURL& url = params_.link_url; 1540 content::Referrer referrer = content::Referrer::SanitizeForRequest(
1541 url,
1542 content::Referrer(referring_url.GetAsReferrer(),
1543 params_.referrer_policy));
1540 DownloadManager* dlm = 1544 DownloadManager* dlm =
1541 BrowserContext::GetDownloadManager(browser_context_); 1545 BrowserContext::GetDownloadManager(browser_context_);
1542 scoped_ptr<DownloadUrlParameters> dl_params( 1546 scoped_ptr<DownloadUrlParameters> dl_params(
1543 DownloadUrlParameters::FromWebContents(source_web_contents_, url)); 1547 DownloadUrlParameters::FromWebContents(source_web_contents_, url));
1544 dl_params->set_referrer( 1548 dl_params->set_referrer(referrer);
1545 content::Referrer(referrer, params_.referrer_policy));
1546 dl_params->set_referrer_encoding(params_.frame_charset); 1549 dl_params->set_referrer_encoding(params_.frame_charset);
1547 dl_params->set_suggested_name(params_.suggested_filename); 1550 dl_params->set_suggested_name(params_.suggested_filename);
1548 dl_params->set_prompt(true); 1551 dl_params->set_prompt(true);
1549 dlm->DownloadUrl(dl_params.Pass()); 1552 dlm->DownloadUrl(dl_params.Pass());
1550 break; 1553 break;
1551 } 1554 }
1552 1555
1553 case IDC_CONTENT_CONTEXT_SAVEAVAS: 1556 case IDC_CONTENT_CONTEXT_SAVEAVAS:
1554 case IDC_CONTENT_CONTEXT_SAVEIMAGEAS: { 1557 case IDC_CONTENT_CONTEXT_SAVEIMAGEAS: {
1555 if (params_.media_type == WebContextMenuData::MediaTypeCanvas) { 1558 if (params_.media_type == WebContextMenuData::MediaTypeCanvas) {
1556 source_web_contents_->GetRenderViewHost()->SaveImageAt( 1559 source_web_contents_->GetRenderViewHost()->SaveImageAt(
1557 params_.x, params_.y); 1560 params_.x, params_.y);
1558 } else { 1561 } else {
1559 // TODO(zino): We can use SaveImageAt() like a case of canvas. 1562 // TODO(zino): We can use SaveImageAt() like a case of canvas.
1560 RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU); 1563 RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU);
1561 const GURL& referrer = 1564 const GURL& url = params_.src_url;
1565 const GURL& referring_url =
1562 params_.frame_url.is_empty() ? params_.page_url : params_.frame_url; 1566 params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;
1563 const GURL& url = params_.src_url; 1567 content::Referrer referrer = content::Referrer::SanitizeForRequest(
1564 source_web_contents_->SaveFrame(url, content::Referrer( 1568 url,
1565 referrer, params_.referrer_policy)); 1569 content::Referrer(referring_url.GetAsReferrer(),
1570 params_.referrer_policy));
1571 source_web_contents_->SaveFrame(url, referrer);
1566 } 1572 }
1567 break; 1573 break;
1568 } 1574 }
1569 1575
1570 case IDC_CONTENT_CONTEXT_COPYLINKLOCATION: 1576 case IDC_CONTENT_CONTEXT_COPYLINKLOCATION:
1571 WriteURLToClipboard(params_.unfiltered_link_url); 1577 WriteURLToClipboard(params_.unfiltered_link_url);
1572 break; 1578 break;
1573 1579
1574 case IDC_CONTENT_CONTEXT_COPYIMAGELOCATION: 1580 case IDC_CONTENT_CONTEXT_COPYIMAGELOCATION:
1575 case IDC_CONTENT_CONTEXT_COPYAVLOCATION: 1581 case IDC_CONTENT_CONTEXT_COPYAVLOCATION:
(...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after
1967 kMaxSelectionTextLength, 1973 kMaxSelectionTextLength,
1968 gfx::WORD_BREAK); 1974 gfx::WORD_BREAK);
1969 } 1975 }
1970 1976
1971 // Controller functions -------------------------------------------------------- 1977 // Controller functions --------------------------------------------------------
1972 1978
1973 void RenderViewContextMenu::OpenURL( 1979 void RenderViewContextMenu::OpenURL(
1974 const GURL& url, const GURL& referring_url, 1980 const GURL& url, const GURL& referring_url,
1975 WindowOpenDisposition disposition, 1981 WindowOpenDisposition disposition,
1976 content::PageTransition transition) { 1982 content::PageTransition transition) {
1977 content::Referrer referrer(referring_url.GetAsReferrer(), 1983 content::Referrer referrer = content::Referrer::SanitizeForRequest(
1978 params_.referrer_policy); 1984 url,
1985 content::Referrer(referring_url.GetAsReferrer(),
1986 params_.referrer_policy));
1979 1987
1980 if (params_.link_url == url && disposition != OFF_THE_RECORD) 1988 if (params_.link_url == url && disposition != OFF_THE_RECORD)
1981 params_.custom_context.link_followed = url; 1989 params_.custom_context.link_followed = url;
1982 1990
1983 WebContents* new_contents = source_web_contents_->OpenURL(OpenURLParams( 1991 WebContents* new_contents = source_web_contents_->OpenURL(OpenURLParams(
1984 url, referrer, disposition, transition, false)); 1992 url, referrer, disposition, transition, false));
1985 if (!new_contents) 1993 if (!new_contents)
1986 return; 1994 return;
1987 1995
1988 RetargetingDetails details; 1996 RetargetingDetails details;
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
2035 source_web_contents_->GetRenderViewHost()-> 2043 source_web_contents_->GetRenderViewHost()->
2036 ExecuteMediaPlayerActionAtLocation(location, action); 2044 ExecuteMediaPlayerActionAtLocation(location, action);
2037 } 2045 }
2038 2046
2039 void RenderViewContextMenu::PluginActionAt( 2047 void RenderViewContextMenu::PluginActionAt(
2040 const gfx::Point& location, 2048 const gfx::Point& location,
2041 const WebPluginAction& action) { 2049 const WebPluginAction& action) {
2042 source_web_contents_->GetRenderViewHost()-> 2050 source_web_contents_->GetRenderViewHost()->
2043 ExecutePluginActionAtLocation(location, action); 2051 ExecutePluginActionAtLocation(location, action);
2044 } 2052 }
OLDNEW
« no previous file with comments | « chrome/browser/referrer_policy_browsertest.cc ('k') | chrome/test/data/referrer_policy/referrer-policy-start.html » ('j') | components/sessions/serialized_navigation_entry.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698