Chromium Code Reviews Chromium Code Reviews
Issue 76303002:
CSP: Check <param> element values against the document's CSP before loading. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2000 Stefan Schimanski (1Stein@gmx.de) | 4 * (C) 2000 Stefan Schimanski (1Stein@gmx.de) |
| 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011 Apple Inc. All rights reserved. | 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011 Apple Inc. All rights reserved. |
| 6 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 6 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 260 } | 260 } |
| 261 | 261 |
| 262 // FIXME: This should be unified with HTMLEmbedElement::updateWidget and | 262 // FIXME: This should be unified with HTMLEmbedElement::updateWidget and |
| 263 // moved down into HTMLPluginElement.cpp | 263 // moved down into HTMLPluginElement.cpp |
| 264 void HTMLObjectElement::updateWidget(PluginCreationOption pluginCreationOption) | 264 void HTMLObjectElement::updateWidget(PluginCreationOption pluginCreationOption) |
| 265 { | 265 { |
| 266 ASSERT(!renderEmbeddedObject()->showsUnavailablePluginIndicator()); | 266 ASSERT(!renderEmbeddedObject()->showsUnavailablePluginIndicator()); |
| 267 ASSERT(needsWidgetUpdate()); | 267 ASSERT(needsWidgetUpdate()); |
| 268 setNeedsWidgetUpdate(false); | 268 setNeedsWidgetUpdate(false); |
| 269 // FIXME: This should ASSERT isFinishedParsingChildren() instead. | 269 // FIXME: This should ASSERT isFinishedParsingChildren() instead. |
| 270 if (!isFinishedParsingChildren()) | 270 if (!isFinishedParsingChildren()) { |
| 271 dispatchErrorEvent(); | |
| 271 return; | 272 return; |
| 273 } | |
| 272 | 274 |
| 273 // FIXME: I'm not sure it's ever possible to get into updateWidget during a | 275 // FIXME: I'm not sure it's ever possible to get into updateWidget during a |
| 274 // removal, but just in case we should avoid loading the frame to prevent | 276 // removal, but just in case we should avoid loading the frame to prevent |
| 275 // security bugs. | 277 // security bugs. |
| 276 if (!SubframeLoadingDisabler::canLoadFrame(*this)) | 278 if (!SubframeLoadingDisabler::canLoadFrame(*this)) { |
| 279 dispatchErrorEvent(); | |
| 277 return; | 280 return; |
| 281 } | |
| 278 | 282 |
| 279 String url = this->url(); | 283 String url = this->url(); |
| 280 String serviceType = m_serviceType; | 284 String serviceType = m_serviceType; |
| 281 | 285 |
| 282 // FIXME: These should be joined into a PluginParameters class. | 286 // FIXME: These should be joined into a PluginParameters class. |
| 283 Vector<String> paramNames; | 287 Vector<String> paramNames; |
| 284 Vector<String> paramValues; | 288 Vector<String> paramValues; |
| 285 parametersForPlugin(paramNames, paramValues, url, serviceType); | 289 parametersForPlugin(paramNames, paramValues, url, serviceType); |
| 286 | 290 |
| 287 // Note: url is modified above by parametersForPlugin. | 291 // Note: url is modified above by parametersForPlugin. |
| 288 if (!allowedToLoadFrameURL(url)) | 292 if (!allowedToLoadFrameURL(url)) { |
| 293 dispatchErrorEvent(); | |
| 289 return; | 294 return; |
| 295 } | |
| 290 | 296 |
| 291 bool fallbackContent = hasFallbackContent(); | 297 bool fallbackContent = hasFallbackContent(); |
| 292 renderEmbeddedObject()->setHasFallbackContent(fallbackContent); | 298 renderEmbeddedObject()->setHasFallbackContent(fallbackContent); |
| 293 | 299 |
| 294 // FIXME: It's sadness that we have this special case here. | 300 // FIXME: It's sadness that we have this special case here. |
| 295 // See http://trac.webkit.org/changeset/25128 and | 301 // See http://trac.webkit.org/changeset/25128 and |
| 296 // plugins/netscape-plugin-setwindow-size.html | 302 // plugins/netscape-plugin-setwindow-size.html |
| 297 if (pluginCreationOption == CreateOnlyNonNetscapePlugins && wouldLoadAsNetsc apePlugin(url, serviceType)) { | 303 if (pluginCreationOption == CreateOnlyNonNetscapePlugins && wouldLoadAsNetsc apePlugin(url, serviceType)) { |
| 298 // Ensure updateWidget() is called again during layout to create the Net scape plug-in. | 304 // Ensure updateWidget() is called again during layout to create the Net scape plug-in. |
| 299 setNeedsWidgetUpdate(true); | 305 setNeedsWidgetUpdate(true); |
| 300 return; | 306 return; |
| 301 } | 307 } |
| 302 | 308 |
| 303 RefPtr<HTMLObjectElement> protect(this); // beforeload and plugin loading ca n make arbitrary DOM mutations. | 309 RefPtr<HTMLObjectElement> protect(this); // beforeload and plugin loading ca n make arbitrary DOM mutations. |
| 304 bool beforeLoadAllowedLoad = dispatchBeforeLoadEvent(url); | 310 bool beforeLoadAllowedLoad = dispatchBeforeLoadEvent(url); |
| 305 if (!renderer()) // Do not load the plugin if beforeload removed this elemen t or its renderer. | 311 if (!renderer()) // Do not load the plugin if beforeload removed this elemen t or its renderer. |
| 306 return; | 312 return; |
| 307 | 313 |
| 308 bool success = beforeLoadAllowedLoad && hasValidClassId() && requestObject(u rl, serviceType, paramNames, paramValues); | 314 bool success = beforeLoadAllowedLoad && hasValidClassId() && requestObject(u rl, serviceType, paramNames, paramValues); |
| 309 if (!success && fallbackContent) | 315 if (!success) { |
|
Tom Sepez
2013/11/19 17:54:22
nit: not sure having the local |success| buys us a
Mike West
2013/11/19 18:35:06
Yeah, not anymore. I'll fold those in.
| |
| 310 renderFallbackContent(); | 316 dispatchErrorEvent(); |
| 317 if (fallbackContent) | |
| 318 renderFallbackContent(); | |
| 319 } | |
| 311 } | 320 } |
| 312 | 321 |
| 313 bool HTMLObjectElement::rendererIsNeeded(const RenderStyle& style) | 322 bool HTMLObjectElement::rendererIsNeeded(const RenderStyle& style) |
| 314 { | 323 { |
| 315 // FIXME: This check should not be needed, detached documents never render! | 324 // FIXME: This check should not be needed, detached documents never render! |
| 316 if (!document().frame()) | 325 if (!document().frame()) |
| 317 return false; | 326 return false; |
| 318 return HTMLPlugInElement::rendererIsNeeded(style); | 327 return HTMLPlugInElement::rendererIsNeeded(style); |
| 319 } | 328 } |
| 320 | 329 |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 443 { | 452 { |
| 444 return FormAssociatedElement::form(); | 453 return FormAssociatedElement::form(); |
| 445 } | 454 } |
| 446 | 455 |
| 447 bool HTMLObjectElement::isInteractiveContent() const | 456 bool HTMLObjectElement::isInteractiveContent() const |
| 448 { | 457 { |
| 449 return fastHasAttribute(usemapAttr); | 458 return fastHasAttribute(usemapAttr); |
| 450 } | 459 } |
| 451 | 460 |
| 452 } | 461 } |
| OLD | NEW |
