Chromium Code Reviews Chromium Code Reviews
Issue 438283002:
Sanitize referrer in context menus. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/sessions/serialized_navigation_entry.h" | 5 #include "components/sessions/serialized_navigation_entry.h" |
| 6 | 6 |
| 7 #include "base/pickle.h" | 7 #include "base/pickle.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "content/public/browser/favicon_status.h" | 9 #include "content/public/browser/favicon_status.h" |
| 10 #include "content/public/browser/navigation_controller.h" | 10 #include "content/public/browser/navigation_controller.h" |
| (...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 505 for (std::vector<SerializedNavigationEntry>::const_iterator | 505 for (std::vector<SerializedNavigationEntry>::const_iterator |
| 506 it = navigations.begin(); it != navigations.end(); ++it) { | 506 it = navigations.begin(); it != navigations.end(); ++it) { |
| 507 entries.push_back( | 507 entries.push_back( |
| 508 it->ToNavigationEntry(page_id, browser_context).release()); | 508 it->ToNavigationEntry(page_id, browser_context).release()); |
| 509 ++page_id; | 509 ++page_id; |
| 510 } | 510 } |
| 511 return entries; | 511 return entries; |
| 512 } | 512 } |
| 513 | 513 |
| 514 void SerializedNavigationEntry::Sanitize() { | 514 void SerializedNavigationEntry::Sanitize() { |
| 515 // Store original referrer so we can later see whether it was actually | 515 content::Referrer new_referrer = |
| 516 // changed during sanitization, and we need to strip the referrer from the | 516 content::Referrer::SanitizeForRequest(virtual_url_, referrer_); |
| 517 // page state as well. | |
| 518 content::Referrer old_referrer = referrer_; | |
| 519 | 517 |
| 520 if (!referrer_.url.SchemeIsHTTPOrHTTPS()) | 518 // No need to compare the policy, as it doesn't change during |
| 521 referrer_ = content::Referrer(); | 519 // sanitization. If there has been a change, the referrer needs to be |
| 522 switch (referrer_.policy) { | 520 // stripped from the page state as well. |
| 523 case blink::WebReferrerPolicyNever: | 521 if (referrer_.url != new_referrer.url) { |
| 524 referrer_.url = GURL(); | |
| 525 break; | |
| 526 case blink::WebReferrerPolicyAlways: | |
| 527 break; | |
| 528 case blink::WebReferrerPolicyOrigin: | |
| 529 referrer_.url = referrer_.url.GetWithEmptyPath(); | |
| 530 break; | |
| 531 case blink::WebReferrerPolicyDefault: | |
| 532 // Fall through. | |
| 533 default: | |
| 534 referrer_.policy = blink::WebReferrerPolicyDefault; | |
| 535 if (referrer_.url.SchemeIsSecure() && !virtual_url_.SchemeIsSecure()) | |
| 536 referrer_.url = GURL(); | |
| 537 } | |
| 538 | |
| 539 if (referrer_.url != old_referrer.url || | |
| 540 referrer_.policy != old_referrer.policy) { | |
| 541 referrer_ = content::Referrer(); | 522 referrer_ = content::Referrer(); |
|
nasko
2014/08/05 14:27:58
Should this be totally cleared or should the sanit
jochen (gone - plz use gerrit)
2014/08/05 15:16:56
here totally clearing is fine.
| |
| 542 page_state_ = page_state_.RemoveReferrer(); | 523 page_state_ = page_state_.RemoveReferrer(); |
| 543 } | 524 } |
| 544 } | 525 } |
| 545 | 526 |
| 546 } // namespace sessions | 527 } // namespace sessions |
| OLD | NEW |
