Correctly apply content settings to data URLs.

Data URLs don't round-trip through the browser's network stack, so they don't
trigger the content settings code to upload the proper settings to the
renderer.  This patch proactively pushes the default content settings into the
renderer so that it can use them for data URLs (and other sandboxed frames).

Review URL: http://codereview.chromium.org/7167003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89466 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 41 insertions, 2 deletions

diff --git a/chrome/browser/content_settings/content_settings_browsertest.cc b/chrome/browser/content_settings/content_settings_browsertest.cc
index b1e5556..383dc7e 100644
--- a/chrome/browser/content_settings/content_settings_browsertest.cc
+++ b/chrome/browser/content_settings/content_settings_browsertest.cc
@@ -30,3 +30,18 @@ IN_PROC_BROWSER_TEST_F(InProcessBrowserTest, RedirectLoopCookies) {
   EXPECT_TRUE(tab_contents->content_settings()->IsContentBlocked(
       CONTENT_SETTINGS_TYPE_COOKIES));
 }
+
+IN_PROC_BROWSER_TEST_F(InProcessBrowserTest, ContentSettingsBlockDataURLs) {
+  GURL url("data:text/html,<title>Data URL</title><script>alert(1)</script>");
+
+  browser()->profile()->GetHostContentSettingsMap()->SetDefaultContentSetting(
+      CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_BLOCK);
+
+  ui_test_utils::NavigateToURL(browser(), url);
+
+  TabContentsWrapper* tab_contents = browser()->GetSelectedTabContentsWrapper();
+  ASSERT_EQ(UTF8ToUTF16("Data URL"), tab_contents->tab_contents()->GetTitle());
+
+  EXPECT_TRUE(tab_contents->content_settings()->IsContentBlocked(
+      CONTENT_SETTINGS_TYPE_JAVASCRIPT));
+}
diff --git a/chrome/browser/content_settings/host_content_settings_map.cc b/chrome/browser/content_settings/host_content_settings_map.cc
index 66853dd..419921c 100644
--- a/chrome/browser/content_settings/host_content_settings_map.cc
+++ b/chrome/browser/content_settings/host_content_settings_map.cc
@@ -158,6 +158,13 @@ ContentSetting HostContentSettingsMap::GetDefaultContentSetting(
   return setting;
 }
 
+ContentSettings HostContentSettingsMap::GetDefaultContentSettings() const {
+  ContentSettings output(CONTENT_SETTING_DEFAULT);
+  for (int i = 0; i < CONTENT_SETTINGS_NUM_TYPES; ++i)
+    output.settings[i] = GetDefaultContentSetting(ContentSettingsType(i));
+  return output;
+}
+
 ContentSetting HostContentSettingsMap::GetCookieContentSetting(
     const GURL& url,
     const GURL& first_party_url,
diff --git a/chrome/browser/content_settings/host_content_settings_map.h b/chrome/browser/content_settings/host_content_settings_map.h
index 64556f7..dcb48cf 100644
--- a/chrome/browser/content_settings/host_content_settings_map.h
+++ b/chrome/browser/content_settings/host_content_settings_map.h
@@ -54,6 +54,11 @@ class HostContentSettingsMap
   ContentSetting GetDefaultContentSetting(
       ContentSettingsType content_type) const;
 
+  // Returns the default settings for all content types.
+  //
+  // This may be called on any thread.
+  ContentSettings GetDefaultContentSettings() const;
+
   // Returns a single ContentSetting which applies to the given URLs. Note that
   // certain internal schemes are whitelisted. For ContentSettingsTypes that
   // require an resource identifier to be specified, the |resource_identifier|
diff --git a/chrome/browser/content_settings/tab_specific_content_settings.cc b/chrome/browser/content_settings/tab_specific_content_settings.cc
index 0a8716a..59303e2 100644
--- a/chrome/browser/content_settings/tab_specific_content_settings.cc
+++ b/chrome/browser/content_settings/tab_specific_content_settings.cc
@@ -430,6 +430,14 @@ void TabSpecificContentSettings::DidNavigateMainFramePostCommit(
   }
 }
 
+void TabSpecificContentSettings::RenderViewCreated(
+    RenderViewHost* render_view_host) {
+  HostContentSettingsMap* map =
+      tab_contents()->profile()->GetHostContentSettingsMap();
+  render_view_host->Send(new ViewMsg_SetDefaultContentSettings(
+      map->GetDefaultContentSettings()));
+}
+
 void TabSpecificContentSettings::DidStartProvisionalLoadForFrame(
     int64 frame_id,
     bool is_main_frame,
@@ -468,9 +476,12 @@ void TabSpecificContentSettings::Observe(NotificationType type,
       // The active NavigationEntry is the URL in the URL field of a tab.
       // Currently this should be matched by the |primary_pattern|.
       settings_details.ptr()->primary_pattern().Matches(entry_url)) {
+    HostContentSettingsMap* map =
+        tab_contents()->profile()->GetHostContentSettingsMap();
+    Send(new ViewMsg_SetDefaultContentSettings(
+        map->GetDefaultContentSettings()));
     Send(new ViewMsg_SetContentSettingsForCurrentURL(
-        entry_url, tab_contents()->profile()->GetHostContentSettingsMap()->
-            GetContentSettings(entry_url, entry_url)));
+        entry_url, map->GetContentSettings(entry_url, entry_url)));
   }
 }
 
diff --git a/chrome/browser/content_settings/tab_specific_content_settings.h b/chrome/browser/content_settings/tab_specific_content_settings.h
index d262b92..b862dc5 100644
--- a/chrome/browser/content_settings/tab_specific_content_settings.h
+++ b/chrome/browser/content_settings/tab_specific_content_settings.h
@@ -159,6 +159,7 @@ class TabSpecificContentSettings : public TabContentsObserver,
   virtual void DidNavigateMainFramePostCommit(
       const content::LoadCommittedDetails& details,
       const ViewHostMsg_FrameNavigate_Params& params) OVERRIDE;
+  virtual void RenderViewCreated(RenderViewHost* render_view_host) OVERRIDE;
   virtual void DidStartProvisionalLoadForFrame(
       int64 frame_id,
       bool is_main_frame,