OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
9 #include "chrome/common/chrome_switches.h" | |
10 #include "chrome/common/render_messages.h" | 9 #include "chrome/common/render_messages.h" |
11 #include "chrome/common/url_constants.h" | 10 #include "chrome/common/url_constants.h" |
12 #include "content/public/renderer/document_state.h" | 11 #include "content/public/renderer/document_state.h" |
13 #include "content/public/renderer/navigation_state.h" | 12 #include "content/public/renderer/navigation_state.h" |
14 #include "content/public/renderer/render_frame.h" | 13 #include "content/public/renderer/render_frame.h" |
15 #include "content/public/renderer/render_view.h" | 14 #include "content/public/renderer/render_view.h" |
16 #include "third_party/WebKit/public/platform/WebPermissionCallbacks.h" | 15 #include "third_party/WebKit/public/platform/WebPermissionCallbacks.h" |
17 #include "third_party/WebKit/public/platform/WebURL.h" | 16 #include "third_party/WebKit/public/platform/WebURL.h" |
18 #include "third_party/WebKit/public/web/WebDataSource.h" | 17 #include "third_party/WebKit/public/web/WebDataSource.h" |
19 #include "third_party/WebKit/public/web/WebDocument.h" | 18 #include "third_party/WebKit/public/web/WebDocument.h" |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
143 } | 142 } |
144 } | 143 } |
145 NOTREACHED(); | 144 NOTREACHED(); |
146 return CONTENT_SETTING_DEFAULT; | 145 return CONTENT_SETTING_DEFAULT; |
147 } | 146 } |
148 | 147 |
149 } // namespace | 148 } // namespace |
150 | 149 |
151 ContentSettingsObserver::ContentSettingsObserver( | 150 ContentSettingsObserver::ContentSettingsObserver( |
152 content::RenderFrame* render_frame, | 151 content::RenderFrame* render_frame, |
153 extensions::Dispatcher* extension_dispatcher) | 152 extensions::Dispatcher* extension_dispatcher, |
| 153 bool should_whitelist) |
154 : content::RenderFrameObserver(render_frame), | 154 : content::RenderFrameObserver(render_frame), |
155 content::RenderFrameObserverTracker<ContentSettingsObserver>( | 155 content::RenderFrameObserverTracker<ContentSettingsObserver>( |
156 render_frame), | 156 render_frame), |
157 #if defined(ENABLE_EXTENSIONS) | 157 #if defined(ENABLE_EXTENSIONS) |
158 extension_dispatcher_(extension_dispatcher), | 158 extension_dispatcher_(extension_dispatcher), |
159 #endif | 159 #endif |
160 allow_displaying_insecure_content_(false), | 160 allow_displaying_insecure_content_(false), |
161 allow_running_insecure_content_(false), | 161 allow_running_insecure_content_(false), |
162 content_setting_rules_(NULL), | 162 content_setting_rules_(NULL), |
163 is_interstitial_page_(false), | 163 is_interstitial_page_(false), |
164 npapi_plugins_blocked_(false), | 164 npapi_plugins_blocked_(false), |
165 current_request_id_(0) { | 165 current_request_id_(0), |
| 166 should_whitelist_(should_whitelist) { |
166 ClearBlockedContentSettings(); | 167 ClearBlockedContentSettings(); |
167 render_frame->GetWebFrame()->setPermissionClient(this); | 168 render_frame->GetWebFrame()->setPermissionClient(this); |
168 | 169 |
169 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) { | 170 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) { |
170 // Copy all the settings from the main render frame to avoid race conditions | 171 // Copy all the settings from the main render frame to avoid race conditions |
171 // when initializing this data. See http://crbug.com/333308. | 172 // when initializing this data. See http://crbug.com/333308. |
172 ContentSettingsObserver* parent = ContentSettingsObserver::Get( | 173 ContentSettingsObserver* parent = ContentSettingsObserver::Get( |
173 render_frame->GetRenderView()->GetMainRenderFrame()); | 174 render_frame->GetRenderView()->GetMainRenderFrame()); |
174 allow_displaying_insecure_content_ = | 175 allow_displaying_insecure_content_ = |
175 parent->allow_displaying_insecure_content_; | 176 parent->allow_displaying_insecure_content_; |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
305 GURL(frame->top()->document().securityOrigin().toString()))); | 306 GURL(frame->top()->document().securityOrigin().toString()))); |
306 } | 307 } |
307 | 308 |
308 bool ContentSettingsObserver::allowImage(bool enabled_per_settings, | 309 bool ContentSettingsObserver::allowImage(bool enabled_per_settings, |
309 const WebURL& image_url) { | 310 const WebURL& image_url) { |
310 bool allow = enabled_per_settings; | 311 bool allow = enabled_per_settings; |
311 if (enabled_per_settings) { | 312 if (enabled_per_settings) { |
312 if (is_interstitial_page_) | 313 if (is_interstitial_page_) |
313 return true; | 314 return true; |
314 | 315 |
315 if (IsWhitelistedForContentSettings(render_frame())) | 316 if (IsWhitelistedForContentSettings()) |
316 return true; | 317 return true; |
317 | 318 |
318 if (content_setting_rules_) { | 319 if (content_setting_rules_) { |
319 GURL secondary_url(image_url); | 320 GURL secondary_url(image_url); |
320 allow = | 321 allow = |
321 GetContentSettingFromRules(content_setting_rules_->image_rules, | 322 GetContentSettingFromRules(content_setting_rules_->image_rules, |
322 render_frame()->GetWebFrame(), | 323 render_frame()->GetWebFrame(), |
323 secondary_url) != CONTENT_SETTING_BLOCK; | 324 secondary_url) != CONTENT_SETTING_BLOCK; |
324 } | 325 } |
325 } | 326 } |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
363 // |IsWhitelistedForContentSettings|; if there is only the default rule | 364 // |IsWhitelistedForContentSettings|; if there is only the default rule |
364 // allowing all scripts, it's quicker this way. | 365 // allowing all scripts, it's quicker this way. |
365 bool allow = true; | 366 bool allow = true; |
366 if (content_setting_rules_) { | 367 if (content_setting_rules_) { |
367 ContentSetting setting = GetContentSettingFromRules( | 368 ContentSetting setting = GetContentSettingFromRules( |
368 content_setting_rules_->script_rules, | 369 content_setting_rules_->script_rules, |
369 frame, | 370 frame, |
370 GURL(frame->document().securityOrigin().toString())); | 371 GURL(frame->document().securityOrigin().toString())); |
371 allow = setting != CONTENT_SETTING_BLOCK; | 372 allow = setting != CONTENT_SETTING_BLOCK; |
372 } | 373 } |
373 allow = allow || IsWhitelistedForContentSettings(render_frame()); | 374 allow = allow || IsWhitelistedForContentSettings(); |
374 | 375 |
375 cached_script_permissions_[frame] = allow; | 376 cached_script_permissions_[frame] = allow; |
376 return allow; | 377 return allow; |
377 } | 378 } |
378 | 379 |
379 bool ContentSettingsObserver::allowScriptFromSource( | 380 bool ContentSettingsObserver::allowScriptFromSource( |
380 bool enabled_per_settings, | 381 bool enabled_per_settings, |
381 const blink::WebURL& script_url) { | 382 const blink::WebURL& script_url) { |
382 if (!enabled_per_settings) | 383 if (!enabled_per_settings) |
383 return false; | 384 return false; |
384 if (is_interstitial_page_) | 385 if (is_interstitial_page_) |
385 return true; | 386 return true; |
386 | 387 |
387 bool allow = true; | 388 bool allow = true; |
388 if (content_setting_rules_) { | 389 if (content_setting_rules_) { |
389 ContentSetting setting = | 390 ContentSetting setting = |
390 GetContentSettingFromRules(content_setting_rules_->script_rules, | 391 GetContentSettingFromRules(content_setting_rules_->script_rules, |
391 render_frame()->GetWebFrame(), | 392 render_frame()->GetWebFrame(), |
392 GURL(script_url)); | 393 GURL(script_url)); |
393 allow = setting != CONTENT_SETTING_BLOCK; | 394 allow = setting != CONTENT_SETTING_BLOCK; |
394 } | 395 } |
395 return allow || IsWhitelistedForContentSettings(render_frame()); | 396 return allow || IsWhitelistedForContentSettings(); |
396 } | 397 } |
397 | 398 |
398 bool ContentSettingsObserver::allowStorage(bool local) { | 399 bool ContentSettingsObserver::allowStorage(bool local) { |
399 WebFrame* frame = render_frame()->GetWebFrame(); | 400 WebFrame* frame = render_frame()->GetWebFrame(); |
400 if (frame->document().securityOrigin().isUnique() || | 401 if (frame->document().securityOrigin().isUnique() || |
401 frame->top()->document().securityOrigin().isUnique()) | 402 frame->top()->document().securityOrigin().isUnique()) |
402 return false; | 403 return false; |
403 bool result = false; | 404 bool result = false; |
404 | 405 |
405 StoragePermissionsKey key( | 406 StoragePermissionsKey key( |
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
667 return NULL; | 668 return NULL; |
668 | 669 |
669 const std::string extension_id = origin.host().utf8().data(); | 670 const std::string extension_id = origin.host().utf8().data(); |
670 if (!extension_dispatcher_->IsExtensionActive(extension_id)) | 671 if (!extension_dispatcher_->IsExtensionActive(extension_id)) |
671 return NULL; | 672 return NULL; |
672 | 673 |
673 return extension_dispatcher_->extensions()->GetByID(extension_id); | 674 return extension_dispatcher_->extensions()->GetByID(extension_id); |
674 } | 675 } |
675 #endif | 676 #endif |
676 | 677 |
677 bool ContentSettingsObserver::IsWhitelistedForContentSettings( | 678 bool ContentSettingsObserver::IsWhitelistedForContentSettings() const { |
678 content::RenderFrame* frame) { | 679 if (should_whitelist_) |
679 // Whitelist Instant processes. | |
680 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kInstantProcess)) | |
681 return true; | 680 return true; |
682 | 681 |
683 // Whitelist ftp directory listings, as they require JavaScript to function | 682 // Whitelist ftp directory listings, as they require JavaScript to function |
684 // properly. | 683 // properly. |
685 if (frame->IsFTPDirectoryListing()) | 684 if (render_frame()->IsFTPDirectoryListing()) |
686 return true; | 685 return true; |
687 | 686 |
688 WebFrame* web_frame = frame->GetWebFrame(); | 687 WebFrame* web_frame = render_frame()->GetWebFrame(); |
689 return IsWhitelistedForContentSettings(web_frame->document().securityOrigin(), | 688 return IsWhitelistedForContentSettings(web_frame->document().securityOrigin(), |
690 web_frame->document().url()); | 689 web_frame->document().url()); |
691 } | 690 } |
692 | 691 |
693 bool ContentSettingsObserver::IsWhitelistedForContentSettings( | 692 bool ContentSettingsObserver::IsWhitelistedForContentSettings( |
694 const WebSecurityOrigin& origin, | 693 const WebSecurityOrigin& origin, |
695 const GURL& document_url) { | 694 const GURL& document_url) { |
696 if (document_url == GURL(content::kUnreachableWebDataURL)) | 695 if (document_url == GURL(content::kUnreachableWebDataURL)) |
697 return true; | 696 return true; |
698 | 697 |
(...skipping 18 matching lines...) Expand all Loading... |
717 | 716 |
718 // If the scheme is file:, an empty file name indicates a directory listing, | 717 // If the scheme is file:, an empty file name indicates a directory listing, |
719 // which requires JavaScript to function properly. | 718 // which requires JavaScript to function properly. |
720 if (EqualsASCII(origin.protocol(), url::kFileScheme)) { | 719 if (EqualsASCII(origin.protocol(), url::kFileScheme)) { |
721 return document_url.SchemeIs(url::kFileScheme) && | 720 return document_url.SchemeIs(url::kFileScheme) && |
722 document_url.ExtractFileName().empty(); | 721 document_url.ExtractFileName().empty(); |
723 } | 722 } |
724 | 723 |
725 return false; | 724 return false; |
726 } | 725 } |
OLD | NEW |