Take script URLs into account when applying script content settings.

Transmit script content settings to the renderer. Use the script URL as the secondary URL
for the content setting rules.

BUG=90840
TEST=ChromeRenderViewTest.ContentSettings(Allow|Block)Scripts


Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=109005

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=109036

Review URL: http://codereview.chromium.org/8409006

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109213 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 55 insertions, 23 deletions

diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 24b0db3..3d1bfac 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -59,6 +59,21 @@ GURL GetOriginOrURL(const WebFrame* frame) {
   return GURL(top_origin);
 }
 
+ContentSetting GetContentSettingFromRules(
+    const ContentSettingsForOneType& rules,
+    const GURL& primary_url,
+    const GURL& secondary_url) {
+  ContentSettingsForOneType::const_iterator it;
+  for (it = rules.begin(); it != rules.end(); ++it) {
+    if (it->primary_pattern.Matches(primary_url) &&
+        it->secondary_pattern.Matches(secondary_url)) {
+      return it->setting;
+    }
+  }
+  NOTREACHED();
+  return CONTENT_SETTING_DEFAULT;
+}
+
 }  // namespace
 
 ContentSettingsObserver::ContentSettingsObserver(
@@ -66,7 +81,7 @@ ContentSettingsObserver::ContentSettingsObserver(
     : content::RenderViewObserver(render_view),
       content::RenderViewObserverTracker<ContentSettingsObserver>(render_view),
       default_content_settings_(NULL),
-      image_setting_rules_(NULL),
+      content_setting_rules_(NULL),
       plugins_temporarily_allowed_(false) {
   ClearBlockedContentSettings();
 }
@@ -84,9 +99,9 @@ void ContentSettingsObserver::SetDefaultContentSettings(
   default_content_settings_ = settings;
 }
 
-void ContentSettingsObserver::SetImageSettingRules(
-    const ContentSettingsForOneType* image_setting_rules) {
-  image_setting_rules_ = image_setting_rules;
+void ContentSettingsObserver::SetContentSettingRules(
+    const RendererContentSettingRules* content_setting_rules) {
+  content_setting_rules_ = content_setting_rules;
 }
 
 ContentSetting ContentSettingsObserver::GetContentSetting(
@@ -132,9 +147,10 @@ void ContentSettingsObserver::DidCommitProvisionalLoad(
   NavigationState* state = NavigationState::FromDataSource(frame->dataSource());
   if (!state->was_within_same_page()) {
     // Clear "block" flags for the new page. This needs to happen before any of
-    // allowScripts(), allowImage(), allowPlugins() is called for the new page
-    // so that these functions can correctly detect that a piece of content
-    // flipped from "not blocked" to "blocked".
+    // |AllowScript()|, |AllowScriptFromSource()|, |AllowImage()|, or
+    // |AllowPlugins()| is called for the new page so that these functions can
+    // correctly detect that a piece of content flipped from "not blocked" to
+    // "blocked".
     ClearBlockedContentSettings();
     plugins_temporarily_allowed_ = false;
   }
@@ -217,19 +233,12 @@ bool ContentSettingsObserver::AllowImage(WebFrame* frame,
     return true;
 
   bool allow = enabled_per_settings;
-  const GURL& primary_url = GetOriginOrURL(frame);
-  GURL secondary_url(image_url);
-  if (image_setting_rules_ &&
-      enabled_per_settings) {
-    ContentSettingsForOneType::const_iterator it;
-    for (it = image_setting_rules_->begin();
-         it != image_setting_rules_->end(); ++it) {
-      if (it->primary_pattern.Matches(primary_url) &&
-          it->secondary_pattern.Matches(secondary_url)) {
-        allow = (it->setting != CONTENT_SETTING_BLOCK);
-        break;
-      }
-    }
+  if (content_setting_rules_ && enabled_per_settings) {
+    const GURL& primary_url = GetOriginOrURL(frame);
+    GURL secondary_url(image_url);
+    allow = GetContentSettingFromRules(
+        content_setting_rules_->image_rules,
+        primary_url, secondary_url) != CONTENT_SETTING_BLOCK;
   }
 
   if (!allow)
@@ -259,15 +268,38 @@ bool ContentSettingsObserver::AllowPlugins(WebFrame* frame,
 
 bool ContentSettingsObserver::AllowScript(WebFrame* frame,
                                           bool enabled_per_settings) {
-  if (enabled_per_settings &&
-      AllowContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT)) {
+  if (!enabled_per_settings)
+    return false;
+  if (IsWhitelistedForContentSettings(frame))
     return true;
+
+  if (content_setting_rules_) {
+    const GURL& primary_url = GetOriginOrURL(frame);
+    GURL secondary_url(frame->document().securityOrigin().toString());
+    return (GetContentSettingFromRules(
+        content_setting_rules_->script_rules,
+        primary_url, secondary_url) != CONTENT_SETTING_BLOCK);
   }
+  return true;
+}
 
+bool ContentSettingsObserver::AllowScriptFromSource(
+    WebFrame* frame,
+    bool enabled_per_settings,
+    const WebKit::WebURL& script_url) {
+  if (!enabled_per_settings)
+    return false;
   if (IsWhitelistedForContentSettings(frame))
     return true;
 
-  return false;  // Other protocols fall through here.
+  if (content_setting_rules_) {
+    const GURL& primary_url = GetOriginOrURL(frame);
+    GURL secondary_url(script_url);
+    return (GetContentSettingFromRules(
+        content_setting_rules_->script_rules,
+        primary_url, secondary_url) != CONTENT_SETTING_BLOCK);
+  }
+  return true;
 }
 
 bool ContentSettingsObserver::AllowStorage(WebFrame* frame, bool local) {