Make JavaScript dialog blocking be per-WebContents.

The earlier versions of https://codereview.chromium.org/1272633007 blocked JavaScript dialogs on a per-WebContents basis, but we relented and made it per-origin. (See the diff from patch set 6 to patch set 7 at that link.) Of course scammers started abusing it by using multiple origins. So we're removing that leeway. Scammers are pushing us closer and closer to removing JavaScript alerts entirely. We hope we don't have to hit that point, but if it keeps getting worse, then maybe we will. Please don't make us do that. BUG=587922 TEST=as in bug Review URL: https://codereview.chromium.org/1713703002 Cr-Commit-Position: refs/heads/master@{#376296} (cherry picked from commit d79a673cc18270113b7c87535b3f8854f0ba54b2) Review URL: https://codereview.chromium.org/1730773002 . Cr-Commit-Position: refs/branch-heads/2623@{#477} Cr-Branched-From: 92d77538a86529ca35f9220bd3cd512cbea1f086-refs/heads/master@{#369907}
author: Avi Drissman <avi@chromium.org> 2016-02-23 16:47:32 -0500
committer: Avi Drissman <avi@chromium.org> 2016-02-23 21:49:08 +0000
commit: 00ed437f354d765bf0eed4f70499e1da980261a8 (patch)
tree: 6dd0131fd8ebe3c18fd7b888578940e5eb04c1cf /components
parent: 5d176c4eb74145cf177c6cb6c3e7e0c459a8f833 (diff)
download: chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.zip
chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.tar.gz
chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.tar.bz2
3 files changed, 8 insertions, 30 deletions
diff --git a/components/app_modal/javascript_app_modal_dialog.cc b/components/app_modal/javascript_app_modal_dialog.cc
index 8db5936..29ac036 100644
--- a/components/app_modal/javascript_app_modal_dialog.cc
+++ b/components/app_modal/javascript_app_modal_dialog.cc
@@ -7,9 +7,7 @@
 #include "build/build_config.h"
 #include "components/app_modal/javascript_dialog_manager.h"
 #include "components/app_modal/javascript_native_dialog_factory.h"
-#include "content/public/browser/web_contents.h"
 #include "ui/gfx/text_elider.h"
-#include "url/origin.h"
 
 namespace app_modal {
 namespace {
@@ -150,8 +148,7 @@ void JavaScriptAppModalDialog::NotifyDelegate(bool success,
   // The callback_ above may delete web_contents_, thus removing the extra
   // data from the map owned by ::JavaScriptDialogManager. Make sure
   // to only use the data if still present. http://crbug.com/236476
-  ExtraDataMap::iterator extra_data =
-      extra_data_map_->find(GetSerializedOriginForWebContents(web_contents()));
+  ExtraDataMap::iterator extra_data = extra_data_map_->find(web_contents());
   if (extra_data != extra_data_map_->end()) {
     extra_data->second.has_already_shown_a_dialog_ = true;
     extra_data->second.suppress_javascript_messages_ = suppress_js_messages;
@@ -162,12 +159,6 @@ void JavaScriptAppModalDialog::NotifyDelegate(bool success,
   AppModalDialog::Invalidate();
 }
 
-// static
-std::string JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
-    content::WebContents* contents) {
-  if (!contents)
-    return url::Origin().Serialize();
-  return url::Origin(contents->GetLastCommittedURL()).Serialize();
 }
 
 }  // namespace app_modal
diff --git a/components/app_modal/javascript_app_modal_dialog.h b/components/app_modal/javascript_app_modal_dialog.h
index 5c81ef7..f64e208 100644
--- a/components/app_modal/javascript_app_modal_dialog.h
+++ b/components/app_modal/javascript_app_modal_dialog.h
@@ -6,7 +6,6 @@
 #define COMPONENTS_APP_MODAL_JAVASCRIPT_APP_MODAL_DIALOG_H_
 
 #include <map>
-#include <string>
 
 #include "base/compiler_specific.h"
 #include "base/macros.h"
@@ -20,7 +19,7 @@ class ChromeJavaScriptDialogExtraData {
  public:
   ChromeJavaScriptDialogExtraData();
 
-  // True if the user has already seen a JavaScript dialog from the origin.
+  // True if the user has already seen a JavaScript dialog from the WebContents.
   bool has_already_shown_a_dialog_;
 
   // True if the user has decided to block future JavaScript dialogs.
@@ -31,7 +30,7 @@ class ChromeJavaScriptDialogExtraData {
 // onbeforeunload dialog boxes.
 class JavaScriptAppModalDialog : public AppModalDialog {
  public:
-  typedef std::map<std::string, ChromeJavaScriptDialogExtraData> ExtraDataMap;
+  typedef std::map<void*, ChromeJavaScriptDialogExtraData> ExtraDataMap;
 
   JavaScriptAppModalDialog(
       content::WebContents* web_contents,
@@ -63,11 +62,6 @@ class JavaScriptAppModalDialog : public AppModalDialog {
   // its delegate instead of whatever the UI reports.
   void SetOverridePromptText(const base::string16& prompt_text);
 
-  // The serialized form of the origin of the last committed URL in
-  // |web_contents_|. See |extra_data_map_|.
-  static std::string GetSerializedOriginForWebContents(
-      content::WebContents* contents);
-
   // Accessors
   content::JavaScriptMessageType javascript_message_type() const {
     return javascript_message_type_;
@@ -83,8 +77,8 @@ class JavaScriptAppModalDialog : public AppModalDialog {
   void NotifyDelegate(bool success, const base::string16& prompt_text,
                       bool suppress_js_messages);
 
-  // A map of extra Chrome-only data associated with the delegate_. The keys
-  // come from |GetSerializedOriginForWebContents|.
+  // A map of extra Chrome-only data associated with the delegate_. Can be
+  // inspected via |extra_data_map_[web_contents_]|.
   ExtraDataMap* extra_data_map_;
 
   // Information about the message box is held in the following variables.
diff --git a/components/app_modal/javascript_dialog_manager.cc b/components/app_modal/javascript_dialog_manager.cc
index 2b6ec64..530d646 100644
--- a/components/app_modal/javascript_dialog_manager.cc
+++ b/components/app_modal/javascript_dialog_manager.cc
@@ -12,7 +12,6 @@
 #include "base/strings/utf_string_conversions.h"
 #include "components/app_modal/app_modal_dialog.h"
 #include "components/app_modal/app_modal_dialog_queue.h"
-#include "components/app_modal/javascript_app_modal_dialog.h"
 #include "components/app_modal/javascript_dialog_extensions_client.h"
 #include "components/app_modal/javascript_native_dialog_factory.h"
 #include "components/app_modal/native_app_modal_dialog.h"
@@ -91,9 +90,7 @@ void JavaScriptDialogManager::RunJavaScriptDialog(
   *did_suppress_message = false;
 
   ChromeJavaScriptDialogExtraData* extra_data =
-      &javascript_dialog_extra_data_
-          [JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
-              web_contents)];
+      &javascript_dialog_extra_data_[web_contents];
 
   if (extra_data->suppress_javascript_messages_) {
     *did_suppress_message = true;
@@ -126,9 +123,7 @@ void JavaScriptDialogManager::RunBeforeUnloadDialog(
     bool is_reload,
     const DialogClosedCallback& callback) {
   ChromeJavaScriptDialogExtraData* extra_data =
-      &javascript_dialog_extra_data_
-          [JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
-              web_contents)];
+      &javascript_dialog_extra_data_[web_contents];
 
   if (extra_data->suppress_javascript_messages_) {
     // If a site harassed the user enough for them to put it on mute, then it
@@ -186,9 +181,7 @@ bool JavaScriptDialogManager::HandleJavaScriptDialog(
 void JavaScriptDialogManager::ResetDialogState(
     content::WebContents* web_contents) {
   CancelActiveAndPendingDialogs(web_contents);
-  javascript_dialog_extra_data_.erase(
-      JavaScriptAppModalDialog::GetSerializedOriginForWebContents(
-          web_contents));
+  javascript_dialog_extra_data_.erase(web_contents);
 }
 
 base::string16 JavaScriptDialogManager::GetTitle(
author	Avi Drissman <avi@chromium.org>	2016-02-23 16:47:32 -0500
committer	Avi Drissman <avi@chromium.org>	2016-02-23 21:49:08 +0000
commit	00ed437f354d765bf0eed4f70499e1da980261a8 (patch)
tree	6dd0131fd8ebe3c18fd7b888578940e5eb04c1cf /components
parent	5d176c4eb74145cf177c6cb6c3e7e0c459a8f833 (diff)
download	chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.zip chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.tar.gz chromium_src-00ed437f354d765bf0eed4f70499e1da980261a8.tar.bz2