Chromium Code Reviews Chromium Code Reviews
Issue 888563003:
<webview>: Navigate to about:blank if attempting to navigate to bad URL (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/guest_view/web_view/web_view_guest.h" | 5 #include "extensions/browser/guest_view/web_view/web_view_guest.h" |
| 6 | 6 |
| 7 #include "base/message_loop/message_loop.h" | 7 #include "base/message_loop/message_loop.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "content/public/browser/browser_context.h" | 10 #include "content/public/browser/browser_context.h" |
| (...skipping 861 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 872 // This will block the embedder trying to load unwanted schemes, e.g. | 872 // This will block the embedder trying to load unwanted schemes, e.g. |
| 873 // chrome://settings. | 873 // chrome://settings. |
| 874 bool scheme_is_blocked = | 874 bool scheme_is_blocked = |
| 875 (!content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( | 875 (!content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( |
| 876 url.scheme()) && | 876 url.scheme()) && |
| 877 !url.SchemeIs(url::kAboutScheme)) || | 877 !url.SchemeIs(url::kAboutScheme)) || |
| 878 url.SchemeIs(url::kJavaScriptScheme); | 878 url.SchemeIs(url::kJavaScriptScheme); |
| 879 if (scheme_is_blocked || !url.is_valid()) { | 879 if (scheme_is_blocked || !url.is_valid()) { |
| 880 LoadAbort(true /* is_top_level */, url, | 880 LoadAbort(true /* is_top_level */, url, |
| 881 net::ErrorToShortString(net::ERR_ABORTED)); | 881 net::ErrorToShortString(net::ERR_ABORTED)); |
| 882 NavigateGuest("about:blank", true /* force_navigation */); | |
|
lazyboy
2015/02/03 09:07:46
s/"about:blank"/kAboutBlankURL
| |
| 882 return; | 883 return; |
| 883 } | 884 } |
| 884 if (!force_navigation && (src_ == url)) | 885 if (!force_navigation && (src_ == url)) |
| 885 return; | 886 return; |
| 886 | 887 |
| 887 GURL validated_url(url); | 888 GURL validated_url(url); |
| 888 web_contents()->GetRenderProcessHost()->FilterURL(false, &validated_url); | 889 web_contents()->GetRenderProcessHost()->FilterURL(false, &validated_url); |
| 889 // As guests do not swap processes on navigation, only navigations to | 890 // As guests do not swap processes on navigation, only navigations to |
| 890 // normal web URLs are supported. No protocol handlers are installed for | 891 // normal web URLs are supported. No protocol handlers are installed for |
| 891 // other schemes (e.g., WebUI or extensions), and no permissions or bindings | 892 // other schemes (e.g., WebUI or extensions), and no permissions or bindings |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1213 WebViewGuest::From(owner_web_contents()->GetRenderProcessHost()->GetID(), | 1214 WebViewGuest::From(owner_web_contents()->GetRenderProcessHost()->GetID(), |
| 1214 new_window_instance_id); | 1215 new_window_instance_id); |
| 1215 if (!guest) | 1216 if (!guest) |
| 1216 return; | 1217 return; |
| 1217 | 1218 |
| 1218 if (!allow) | 1219 if (!allow) |
| 1219 guest->Destroy(); | 1220 guest->Destroy(); |
| 1220 } | 1221 } |
| 1221 | 1222 |
| 1222 } // namespace extensions | 1223 } // namespace extensions |
| OLD | NEW |
