Chromium Code Reviews Chromium Code Reviews
Issue 898613004:
Sanitize referrers before we create them (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/extension_web_ui.h" | 5 #include "chrome/browser/extensions/extension_web_ui.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 73 if (Profile::FromBrowserContext(web_contents->GetBrowserContext()) != profile) | 73 if (Profile::FromBrowserContext(web_contents->GetBrowserContext()) != profile) |
| 74 return; | 74 return; |
| 75 | 75 |
| 76 GURL url = web_contents->GetURL(); | 76 GURL url = web_contents->GetURL(); |
| 77 if (!url.SchemeIs(content::kChromeUIScheme) || url.host() != page) | 77 if (!url.SchemeIs(content::kChromeUIScheme) || url.host() != page) |
| 78 return; | 78 return; |
| 79 | 79 |
| 80 // Don't use Reload() since |url| isn't the same as the internal URL that | 80 // Don't use Reload() since |url| isn't the same as the internal URL that |
| 81 // NavigationController has. | 81 // NavigationController has. |
| 82 web_contents->GetController().LoadURL( | 82 web_contents->GetController().LoadURL( |
| 83 url, content::Referrer(url, blink::WebReferrerPolicyDefault), | 83 url, content::Referrer::SanitizeForRequest( |
|
Mike West
2015/02/09 11:07:38
Nit: Might be worth creating a static helper that
jochen (gone - plz use gerrit)
2015/02/09 12:00:02
dunno, I'd be surprised if the Referrer ctor is no
| |
| 84 url, content::Referrer(url, blink::WebReferrerPolicyDefault)), | |
| 84 ui::PAGE_TRANSITION_RELOAD, std::string()); | 85 ui::PAGE_TRANSITION_RELOAD, std::string()); |
| 85 } | 86 } |
| 86 | 87 |
| 87 // Run favicon callbck with image result. If no favicon was available then | 88 // Run favicon callbck with image result. If no favicon was available then |
| 88 // |image| will be empty. | 89 // |image| will be empty. |
| 89 void RunFaviconCallbackAsync( | 90 void RunFaviconCallbackAsync( |
| 90 const favicon_base::FaviconResultsCallback& callback, | 91 const favicon_base::FaviconResultsCallback& callback, |
| 91 const gfx::Image& image) { | 92 const gfx::Image& image) { |
| 92 std::vector<favicon_base::FaviconRawBitmapResult>* favicon_bitmap_results = | 93 std::vector<favicon_base::FaviconRawBitmapResult>* favicon_bitmap_results = |
| 93 new std::vector<favicon_base::FaviconRawBitmapResult>(); | 94 new std::vector<favicon_base::FaviconRawBitmapResult>(); |
| (...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 432 extensions::ImageLoader::ImageRepresentation::ALWAYS_RESIZE, | 433 extensions::ImageLoader::ImageRepresentation::ALWAYS_RESIZE, |
| 433 gfx::Size(pixel_size, pixel_size), | 434 gfx::Size(pixel_size, pixel_size), |
| 434 resource_scale_factor)); | 435 resource_scale_factor)); |
| 435 } | 436 } |
| 436 | 437 |
| 437 // LoadImagesAsync actually can run callback synchronously. We want to force | 438 // LoadImagesAsync actually can run callback synchronously. We want to force |
| 438 // async. | 439 // async. |
| 439 extensions::ImageLoader::Get(profile)->LoadImagesAsync( | 440 extensions::ImageLoader::Get(profile)->LoadImagesAsync( |
| 440 extension, info_list, base::Bind(&RunFaviconCallbackAsync, callback)); | 441 extension, info_list, base::Bind(&RunFaviconCallbackAsync, callback)); |
| 441 } | 442 } |
| OLD | NEW |
