diff options
| author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
|---|---|---|
| committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-08-13 21:33:40 +0000 |
| commit | d266ce8f18632331944edf0042cb5a138bb19919 (patch) | |
| tree | d1fc49eacc7c8cca621874e62a7f9bf6a5ef16c9 /chrome_frame/chrome_frame_automation.h | |
| parent | 17d4f3df2f94a479c9486a86737bcff756008781 (diff) | |
| download | chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.zip chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.gz chromium_src-d266ce8f18632331944edf0042cb5a138bb19919.tar.bz2 | |
Restrict unsafe URLs in Chrome Frame
Further tighten down what URLs can be loaded in Chrome Frame.
Based on the feedback from the security review and code
inspection, restrict about: scheme only to about:blank
and about:version by default. Factor out logic blocking logic
including for URL zone checking so that all ActiveX, ActiveDoc
and NPAPI will follow the same path. As a result we now block
restricted URL zones in NPAPI instance as well.
Another side effect of this refactoring is that the registry
flag, EnableGcfProtocol, is replaced by AllowUnsafeURLs. If
If this flag is set, then all the security related checking
is turned off.
BUG=50741
TEST=By default gcf: works only for about:blank, about:version and
view-source of http and https. Setting AllowUnsafeURLs to a non
zero value should allow any URL be loaded via gcf:
Review URL: http://codereview.chromium.org/3159006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56096 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/chrome_frame_automation.h')
| -rw-r--r-- | chrome_frame/chrome_frame_automation.h | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/chrome_frame/chrome_frame_automation.h b/chrome_frame/chrome_frame_automation.h index 4a3fcc5..e2bdfa0 100644 --- a/chrome_frame/chrome_frame_automation.h +++ b/chrome_frame/chrome_frame_automation.h @@ -397,6 +397,9 @@ class ChromeFrameAutomationClient handle_top_level_requests_ = handle_top_level_requests; } + // Url request manager set up. + void SetUrlFetcher(PluginUrlRequestManager* url_fetcher); + // Called if the same instance of the ChromeFrameAutomationClient object // is reused. bool Reinitialize(ChromeFrameDelegate* chrome_frame_delegate, @@ -455,6 +458,20 @@ class ChromeFrameAutomationClient // Helpers void ReportNavigationError(AutomationMsg_NavigationResponseValues error_code, const std::string& url); + + bool ProcessUrlRequestMessage(TabProxy* tab, const IPC::Message& msg, + bool ui_thread); + + // PluginUrlRequestDelegate implementation. Simply adds tab's handle + // as parameter and forwards to Chrome via IPC. + virtual void OnResponseStarted(int request_id, const char* mime_type, + const char* headers, int size, base::Time last_modified, + const std::string& redirect_url, int redirect_status); + virtual void OnReadComplete(int request_id, const std::string& data); + virtual void OnResponseEnd(int request_id, const URLRequestStatus& status); + virtual void OnCookiesRetrieved(bool success, const GURL& url, + const std::string& cookie_string, int cookie_id); + bool is_initialized() const { return init_state_ == INITIALIZED; } @@ -497,34 +514,16 @@ class ChromeFrameAutomationClient scoped_refptr<ChromeFrameLaunchParams> chrome_launch_params_; + // Cache security manager for URL zone checking + ScopedComPtr<IInternetSecurityManager> security_manager_; + // When host network stack is used, this object is in charge of // handling network requests. PluginUrlRequestManager* url_fetcher_; PluginUrlRequestManager::ThreadSafeFlags url_fetcher_flags_; - bool ProcessUrlRequestMessage(TabProxy* tab, const IPC::Message& msg, - bool ui_thread); - - // PluginUrlRequestDelegate implementation. Simply adds tab's handle - // as parameter and forwards to Chrome via IPC. - virtual void OnResponseStarted(int request_id, const char* mime_type, - const char* headers, int size, base::Time last_modified, - const std::string& redirect_url, int redirect_status); - virtual void OnReadComplete(int request_id, const std::string& data); - virtual void OnResponseEnd(int request_id, const URLRequestStatus& status); - virtual void OnCookiesRetrieved(bool success, const GURL& url, - const std::string& cookie_string, int cookie_id); - friend class BeginNavigateContext; friend class CreateExternalTabContext; - - public: - void SetUrlFetcher(PluginUrlRequestManager* url_fetcher) { - DCHECK(url_fetcher != NULL); - url_fetcher_ = url_fetcher; - url_fetcher_flags_ = url_fetcher->GetThreadSafeFlags(); - url_fetcher_->set_delegate(this); - } }; #endif // CHROME_FRAME_CHROME_FRAME_AUTOMATION_H_ |