diff options
author | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-29 02:07:45 +0000 |
---|---|---|
committer | amit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-29 02:07:45 +0000 |
commit | 7ce979a79bb891f2f7e6411a7dcbd473522ad398 (patch) | |
tree | 2a5dd221067cc0456f5774fe5eb640021297813d /chrome_frame/utils.cc | |
parent | 17b04a5452abe146f8ce0aecea9f8a261e3b1240 (diff) | |
download | chromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.zip chromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.tar.gz chromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.tar.bz2 |
Additional layer of protection to disable funky URLs through
view-source in chrome frame
BUG=26129
TEST=cf:view-source:javascript:alert('foo') should not work in chrome frame.
Review URL: http://codereview.chromium.org/348006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30417 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/utils.cc')
-rw-r--r-- | chrome_frame/utils.cc | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc index 746a260..36200ae 100644 --- a/chrome_frame/utils.cc +++ b/chrome_frame/utils.cc @@ -14,6 +14,7 @@ #include "base/registry.h" #include "base/scoped_comptr_win.h" #include "base/string_util.h" +#include "chrome/common/url_constants.h" #include "googleurl/src/gurl.h" #include "grit/chrome_frame_resources.h" #include "chrome_frame/resource.h" @@ -534,11 +535,23 @@ bool IsValidUrlScheme(const std::wstring& url, bool is_privileged) { GURL crack_url(url); - if (crack_url.SchemeIs("http") || crack_url.SchemeIs("https") || - crack_url.SchemeIs("about") || crack_url.SchemeIs("view-source")) + if (crack_url.SchemeIs(chrome::kHttpScheme) || + crack_url.SchemeIs(chrome::kHttpsScheme) || + crack_url.SchemeIs(chrome::kAboutScheme)) return true; - if (is_privileged && crack_url.SchemeIs("chrome-extension")) + // Additional checking for view-source. Allow only http and https + // URLs in view source. + if (crack_url.SchemeIs(chrome::kViewSourceScheme)) { + GURL sub_url(crack_url.path()); + if (sub_url.SchemeIs(chrome::kHttpScheme) || + sub_url.SchemeIs(chrome::kHttpsScheme)) + return true; + else + return false; + } + + if (is_privileged && crack_url.SchemeIs(chrome::kExtensionScheme)) return true; if (StartsWith(url, kChromeAttachExternalTabPrefix, false)) |