Relax the DOM UI navigation CHECK.

We ensure that non-DOM-UI URLs are not sent to DOM UI renderers.
This patch makes an exception for about:blank, which can happen
if the user gets the renderer to go to any about: URL (e.g.,
using the web inspector).

BUG=42547
TEST=Type location='about:cache' into NTP's web inspector, then Reload.

Review URL: http://codereview.chromium.org/1790005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45887 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 3 deletions

diff --git a/chrome/browser/tab_contents/tab_contents.cc b/chrome/browser/tab_contents/tab_contents.cc
index dc18b84..d23e537 100644
--- a/chrome/browser/tab_contents/tab_contents.cc
+++ b/chrome/browser/tab_contents/tab_contents.cc
@@ -763,11 +763,14 @@ bool TabContents::NavigateToPendingEntry(
   if (!dest_render_view_host)
     return false;  // Unable to create the desired render view host.
 
-  // For security, we should never send non-DOM-UI URLs to a DOM UI renderer.
-  // Double check that here.
+  // For security, we should never send non-DOM-UI URLs (other than about:blank)
+  // to a DOM UI renderer.  Double check that here.
   int enabled_bindings = dest_render_view_host->enabled_bindings();
+  bool is_allowed_in_dom_ui_renderer =
+      DOMUIFactory::UseDOMUIForURL(entry.url()) ||
+      entry.url() == GURL(chrome::kAboutBlankURL);
   CHECK(!BindingsPolicy::is_dom_ui_enabled(enabled_bindings) ||
-        DOMUIFactory::UseDOMUIForURL(entry.url()));
+        is_allowed_in_dom_ui_renderer);
 
   // Tell DevTools agent that it is attached prior to the navigation.
   DevToolsManager* devtools_manager = DevToolsManager::GetInstance();