summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoravi <avi@chromium.org>2016-02-18 16:20:03 -0800
committerCommit bot <commit-bot@chromium.org>2016-02-19 00:21:18 +0000
commitd79a673cc18270113b7c87535b3f8854f0ba54b2 (patch)
treef7698eef9ff1ab77674307b02b0a628018ec4ede
parent34a0f41b40b9de9d0be0d161ead546f355f13102 (diff)
downloadchromium_src-d79a673cc18270113b7c87535b3f8854f0ba54b2.zip
chromium_src-d79a673cc18270113b7c87535b3f8854f0ba54b2.tar.gz
chromium_src-d79a673cc18270113b7c87535b3f8854f0ba54b2.tar.bz2
Make JavaScript dialog blocking be per-WebContents.
The earlier versions of https://codereview.chromium.org/1272633007 blocked JavaScript dialogs on a per-WebContents basis, but we relented and made it per-origin. (See the diff from patch set 6 to patch set 7 at that link.) Of course scammers started abusing it by using multiple origins. So we're removing that leeway. Scammers are pushing us closer and closer to removing JavaScript alerts entirely. We hope we don't have to hit that point, but if it keeps getting worse, then maybe we will. Please don't make us do that. BUG=587922 TEST=as in bug Review URL: https://codereview.chromium.org/1713703002 Cr-Commit-Position: refs/heads/master@{#376296}
Diffstat
-rw-r--r--components/app_modal/javascript_app_modal_dialog.cc13
-rw-r--r--components/app_modal/javascript_app_modal_dialog.h14
-rw-r--r--components/app_modal/javascript_dialog_manager.cc13
3 files changed, 8 insertions, 32 deletions
diff --git a/components/app_modal/javascript_app_modal_dialog.cc b/components/app_modal/javascript_app_modal_dialog.cc
index 26d1b03..7a48f2a 100644
--- a/components/app_modal/javascript_app_modal_dialog.cc
+++ b/components/app_modal/javascript_app_modal_dialog.cc
@@ -9,9 +9,7 @@
#include "build/build_config.h"
#include "components/app_modal/javascript_dialog_manager.h"
#include "components/app_modal/javascript_native_dialog_factory.h"
-#include "content/public/browser/web_contents.h"
#include "ui/gfx/text_elider.h"
-#include "url/origin.h"
namespace app_modal {
namespace {
@@ -148,8 +146,7 @@ void JavaScriptAppModalDialog::NotifyDelegate(bool success,
// The close callback above may delete web_contents_, thus removing the extra
// data from the map owned by ::JavaScriptDialogManager. Make sure
// to only use the data if still present. http://crbug.com/236476
- ExtraDataMap::iterator extra_data =
- extra_data_map_->find(GetSerializedOriginForWebContents(web_contents()));
+ ExtraDataMap::iterator extra_data = extra_data_map_->find(web_contents());
if (extra_data != extra_data_map_->end()) {
extra_data->second.has_already_shown_a_dialog_ = true;
extra_data->second.suppress_javascript_messages_ = suppress_js_messages;
@@ -174,12 +171,4 @@ void JavaScriptAppModalDialog::CallDialogClosedCallback(bool success,
}
}
-// static
-std::string JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
- content::WebContents* contents) {
- if (!contents)
- return url::Origin().Serialize();
- return url::Origin(contents->GetLastCommittedURL()).Serialize();
-}
-
} // namespace app_modal
diff --git a/components/app_modal/javascript_app_modal_dialog.h b/components/app_modal/javascript_app_modal_dialog.h
index 76c09e3..0fb4d89 100644
--- a/components/app_modal/javascript_app_modal_dialog.h
+++ b/components/app_modal/javascript_app_modal_dialog.h
@@ -6,7 +6,6 @@
#define COMPONENTS_APP_MODAL_JAVASCRIPT_APP_MODAL_DIALOG_H_
#include <map>
-#include <string>
#include "base/compiler_specific.h"
#include "base/macros.h"
@@ -21,7 +20,7 @@ class ChromeJavaScriptDialogExtraData {
public:
ChromeJavaScriptDialogExtraData();
- // True if the user has already seen a JavaScript dialog from the origin.
+ // True if the user has already seen a JavaScript dialog from the WebContents.
bool has_already_shown_a_dialog_;
// True if the user has decided to block future JavaScript dialogs.
@@ -35,7 +34,7 @@ class ChromeJavaScriptDialogExtraData {
// onbeforeunload dialog boxes.
class JavaScriptAppModalDialog : public AppModalDialog {
public:
- typedef std::map<std::string, ChromeJavaScriptDialogExtraData> ExtraDataMap;
+ typedef std::map<void*, ChromeJavaScriptDialogExtraData> ExtraDataMap;
JavaScriptAppModalDialog(
content::WebContents* web_contents,
@@ -67,11 +66,6 @@ class JavaScriptAppModalDialog : public AppModalDialog {
// its delegate instead of whatever the UI reports.
void SetOverridePromptText(const base::string16& prompt_text);
- // The serialized form of the origin of the last committed URL in
- // |web_contents_|. See |extra_data_map_|.
- static std::string GetSerializedOriginForWebContents(
- content::WebContents* contents);
-
// Accessors
content::JavaScriptMessageType javascript_message_type() const {
return javascript_message_type_;
@@ -90,8 +84,8 @@ class JavaScriptAppModalDialog : public AppModalDialog {
void CallDialogClosedCallback(bool success,
const base::string16& prompt_text);
- // A map of extra Chrome-only data associated with the delegate_. The keys
- // come from |GetSerializedOriginForWebContents|.
+ // A map of extra Chrome-only data associated with the delegate_. Can be
+ // inspected via |extra_data_map_[web_contents_]|.
ExtraDataMap* extra_data_map_;
// Information about the message box is held in the following variables.
diff --git a/components/app_modal/javascript_dialog_manager.cc b/components/app_modal/javascript_dialog_manager.cc
index 7c4db07..43256fe 100644
--- a/components/app_modal/javascript_dialog_manager.cc
+++ b/components/app_modal/javascript_dialog_manager.cc
@@ -13,7 +13,6 @@
#include "base/strings/utf_string_conversions.h"
#include "components/app_modal/app_modal_dialog.h"
#include "components/app_modal/app_modal_dialog_queue.h"
-#include "components/app_modal/javascript_app_modal_dialog.h"
#include "components/app_modal/javascript_dialog_extensions_client.h"
#include "components/app_modal/javascript_native_dialog_factory.h"
#include "components/app_modal/native_app_modal_dialog.h"
@@ -99,9 +98,7 @@ void JavaScriptDialogManager::RunJavaScriptDialog(
*did_suppress_message = false;
ChromeJavaScriptDialogExtraData* extra_data =
- &javascript_dialog_extra_data_
- [JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
- web_contents)];
+ &javascript_dialog_extra_data_[web_contents];
if (extra_data->suppress_javascript_messages_) {
// If a page tries to open dialogs in a tight loop, the number of
@@ -168,9 +165,7 @@ void JavaScriptDialogManager::RunBeforeUnloadDialog(
bool is_reload,
const DialogClosedCallback& callback) {
ChromeJavaScriptDialogExtraData* extra_data =
- &javascript_dialog_extra_data_
- [JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
- web_contents)];
+ &javascript_dialog_extra_data_[web_contents];
if (extra_data->suppress_javascript_messages_) {
// If a site harassed the user enough for them to put it on mute, then it
@@ -228,9 +223,7 @@ bool JavaScriptDialogManager::HandleJavaScriptDialog(
void JavaScriptDialogManager::ResetDialogState(
content::WebContents* web_contents) {
CancelActiveAndPendingDialogs(web_contents);
- javascript_dialog_extra_data_.erase(
- JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
- web_contents));
+ javascript_dialog_extra_data_.erase(web_contents);
}
base::string16 JavaScriptDialogManager::GetTitle(
generated by cgit v1.1 at 2025-11-29 11:58:28 +0000