diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-29 04:55:05 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-03-29 04:55:05 +0000 |
| commit | 5527ac82286290ebc38ee9f3358d3e1e9fb5d71d (patch) | |
| tree | 5e89b7c4f5ee53c513459308d6a4ad6c3659d713 /content | |
| parent | 2a09804d47f363ec9e857d31bb4cf4593303c360 (diff) | |
| download | chromium_src-5527ac82286290ebc38ee9f3358d3e1e9fb5d71d.zip chromium_src-5527ac82286290ebc38ee9f3358d3e1e9fb5d71d.tar.gz chromium_src-5527ac82286290ebc38ee9f3358d3e1e9fb5d71d.tar.bz2 | |
Revert 191277 "Allow showing pending URL for new tab navigations..."
> Allow showing pending URL for new tab navigations, but only if safe.
>
> We revert to showing the opener's URL if it modifies the content of the
> initial blank page before the pending URL commits, to prevent URL spoofs.
>
> Implications:
> - All renderer-initiated navigations now have pending NavigationEntries.
> - GetURL and GetTitle use the visible entry, not active entry.
> - The renderer notifies the browser if DOM mutations occur before first load.
>
> BUG=9682
> TEST=Open a slow link in a new tab. Destination URL should be visible and reloadable.
>
>
> Review URL: https://chromiumcodereview.appspot.com/12541018
TBR=creis@chromium.org
Review URL: https://codereview.chromium.org/13294002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@191295 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
14 files changed, 43 insertions, 391 deletions
diff --git a/content/browser/android/content_view_core_impl.cc b/content/browser/android/content_view_core_impl.cc index 81347ee..ccdc2e0 100644 --- a/content/browser/android/content_view_core_impl.cc +++ b/content/browser/android/content_view_core_impl.cc @@ -778,12 +778,7 @@ void ContentViewCoreImpl::SetAllUserAgentOverridesInHistory( ScopedJavaLocalRef<jstring> ContentViewCoreImpl::GetURL( JNIEnv* env, jobject) const { - // The current users of the Java API expect to use the active entry - // rather than the visible entry, which is exposed by WebContents::GetURL. - content::NavigationEntry* entry = - web_contents_->GetController().GetActiveEntry(); - GURL url = entry ? entry->GetVirtualURL() : GURL::EmptyGURL(); - return ConvertUTF8ToJavaString(env, url.spec()); + return ConvertUTF8ToJavaString(env, GetWebContents()->GetURL().spec()); } ScopedJavaLocalRef<jstring> ContentViewCoreImpl::GetTitle( diff --git a/content/browser/renderer_host/render_view_host_delegate.h b/content/browser/renderer_host/render_view_host_delegate.h index a32c8d4..5ee7314 100644 --- a/content/browser/renderer_host/render_view_host_delegate.h +++ b/content/browser/renderer_host/render_view_host_delegate.h @@ -219,11 +219,6 @@ class CONTENT_EXPORT RenderViewHostDelegate { // the window. virtual void DidDisownOpener(RenderViewHost* rvh) {} - // Another page accessed the initial empty document of this RenderView, - // which means it is no longer safe to display a pending URL without - // risking a URL spoof. - virtual void DidAccessInitialDocument() {} - // The RenderView has changed its frame hierarchy, so we need to update all // other renderers interested in this event. virtual void DidUpdateFrameTree(RenderViewHost* rvh) {} diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc index c92564f..d48a82b 100644 --- a/content/browser/renderer_host/render_view_host_impl.cc +++ b/content/browser/renderer_host/render_view_host_impl.cc @@ -165,7 +165,6 @@ RenderViewHostImpl::RenderViewHostImpl( pending_request_id_(-1), navigations_suspended_(false), suspended_nav_message_(NULL), - has_accessed_initial_document_(false), is_swapped_out_(swapped_out), is_subframe_(false), run_modal_reply_msg_(NULL), @@ -992,8 +991,6 @@ bool RenderViewHostImpl::OnMessageReceived(const IPC::Message& msg) { IPC_MESSAGE_HANDLER(ViewHostMsg_ShowPopup, OnShowPopup) #endif IPC_MESSAGE_HANDLER(ViewHostMsg_RunFileChooser, OnRunFileChooser) - IPC_MESSAGE_HANDLER(ViewHostMsg_DidAccessInitialDocument, - OnDidAccessInitialDocument) IPC_MESSAGE_HANDLER(ViewHostMsg_DomOperationResponse, OnDomOperationResponse) IPC_MESSAGE_HANDLER(AccessibilityHostMsg_Notifications, @@ -1211,10 +1208,6 @@ void RenderViewHostImpl::OnNavigate(const IPC::Message& msg) { } } - // Now that something has committed, we don't need to track whether the - // initial page has been accessed. - has_accessed_initial_document_ = false; - ChildProcessSecurityPolicyImpl* policy = ChildProcessSecurityPolicyImpl::GetInstance(); // Without this check, an evil renderer can trick the browser into creating @@ -2010,11 +2003,6 @@ void RenderViewHostImpl::OnRunFileChooser(const FileChooserParams& params) { delegate_->RunFileChooser(this, params); } -void RenderViewHostImpl::OnDidAccessInitialDocument() { - has_accessed_initial_document_ = true; - delegate_->DidAccessInitialDocument(); -} - void RenderViewHostImpl::OnDomOperationResponse( const std::string& json_string, int automation_id) { DomOperationNotificationDetails details(json_string, automation_id); diff --git a/content/browser/renderer_host/render_view_host_impl.h b/content/browser/renderer_host/render_view_host_impl.h index 5a09697..4b33cc0 100644 --- a/content/browser/renderer_host/render_view_host_impl.h +++ b/content/browser/renderer_host/render_view_host_impl.h @@ -271,13 +271,6 @@ class CONTENT_EXPORT RenderViewHostImpl // Informs the renderer of when the current navigation was allowed to proceed. void SetNavigationStartTime(const base::TimeTicks& navigation_start); - // Whether the initial empty page of this view has been accessed by another - // page, making it unsafe to show the pending URL. Always false after the - // first commit. - bool has_accessed_initial_document() { - return has_accessed_initial_document_; - } - // Whether this RenderViewHost has been swapped out to be displayed by a // different process. bool is_swapped_out() const { return is_swapped_out_; } @@ -563,7 +556,6 @@ class CONTENT_EXPORT RenderViewHostImpl const ShowDesktopNotificationHostMsgParams& params); void OnCancelDesktopNotification(int notification_id); void OnRunFileChooser(const FileChooserParams& params); - void OnDidAccessInitialDocument(); void OnDomOperationResponse(const std::string& json_string, int automation_id); void OnFrameTreeUpdated(const std::string& frame_tree); @@ -617,12 +609,6 @@ class CONTENT_EXPORT RenderViewHostImpl // second navigation occurs. scoped_ptr<ViewMsg_Navigate> suspended_nav_message_; - // Whether the initial empty page of this view has been accessed by another - // page, making it unsafe to show the pending URL. Usually false unless - // another window tries to modify the blank page. Always false after the - // first commit. - bool has_accessed_initial_document_; - // Whether this RenderViewHost is currently swapped out, such that the view is // being rendered by another process. bool is_swapped_out_; diff --git a/content/browser/renderer_host/render_view_host_manager_browsertest.cc b/content/browser/renderer_host/render_view_host_manager_browsertest.cc index 20275f1..a2ce269 100644 --- a/content/browser/renderer_host/render_view_host_manager_browsertest.cc +++ b/content/browser/renderer_host/render_view_host_manager_browsertest.cc @@ -879,92 +879,6 @@ IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, ClickLinkAfter204Error) { EXPECT_EQ(orig_site_instance, noref_site_instance); } -// Test for crbug.com/9682. We should show the URL for a pending renderer- -// initiated navigation in a new tab, until the content of the initial -// about:blank page is modified by another window. At that point, we should -// revert to showing about:blank to prevent a URL spoof. -IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, ShowLoadingURLUntilSpoof) { - ASSERT_TRUE(test_server()->Start()); - - // Load a page that can open a URL that won't commit in a new window. - NavigateToURL( - shell(), test_server()->GetURL("files/click-nocontent-link.html")); - WebContents* orig_contents = shell()->web_contents(); - - // Click a /nocontent link that opens in a new window but never commits. - ShellAddedObserver new_shell_observer; - bool success = false; - EXPECT_TRUE(ExecuteScriptAndExtractBool( - orig_contents, - "window.domAutomationController.send(clickNoContentTargetedLink());", - &success)); - EXPECT_TRUE(success); - - // Wait for the window to open. - Shell* new_shell = new_shell_observer.GetShell(); - - // Ensure the destination URL is visible, because it is considered the - // initial navigation. - WebContents* contents = new_shell->web_contents(); - EXPECT_TRUE(contents->GetController().IsInitialNavigation()); - EXPECT_EQ("/nocontent", - contents->GetController().GetVisibleEntry()->GetURL().path()); - - // Now modify the contents of the new window from the opener. This will also - // modify the title of the document to give us something to listen for. - WindowedNotificationObserver title_observer( - NOTIFICATION_WEB_CONTENTS_TITLE_UPDATED, - Source<WebContents>(contents)); - success = false; - EXPECT_TRUE(ExecuteScriptAndExtractBool( - orig_contents, - "window.domAutomationController.send(modifyNewWindow());", - &success)); - EXPECT_TRUE(success); - title_observer.Wait(); - EXPECT_EQ(ASCIIToUTF16("Modified Title"), contents->GetTitle()); - - // At this point, we should no longer be showing the destination URL. - // The visible entry should be null, resulting in about:blank in the address - // bar. - EXPECT_FALSE(contents->GetController().GetVisibleEntry()); -} - -// Test for crbug.com/9682. We should not show the URL for a pending renderer- -// initiated navigation in a new tab if it is not the initial navigation. In -// this case, the renderer will not notify us of a modification, so we cannot -// show the pending URL without allowing a spoof. -IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, - DontShowLoadingURLIfNotInitialNav) { - ASSERT_TRUE(test_server()->Start()); - - // Load a page that can open a URL that won't commit in a new window. - NavigateToURL( - shell(), test_server()->GetURL("files/click-nocontent-link.html")); - WebContents* orig_contents = shell()->web_contents(); - - // Click a /nocontent link that opens in a new window but never commits. - // By using an onclick handler that first creates the window, the slow - // navigation is not considered an initial navigation. - ShellAddedObserver new_shell_observer; - bool success = false; - EXPECT_TRUE(ExecuteScriptAndExtractBool( - orig_contents, - "window.domAutomationController.send(" - "clickNoContentScriptedTargetedLink());", - &success)); - EXPECT_TRUE(success); - - // Wait for the window to open. - Shell* new_shell = new_shell_observer.GetShell(); - - // Ensure the destination URL is not visible, because it is not the initial - // navigation. - WebContents* contents = new_shell->web_contents(); - EXPECT_FALSE(contents->GetController().IsInitialNavigation()); - EXPECT_FALSE(contents->GetController().GetVisibleEntry()); -} - // Test for http://crbug.com/93427. Ensure that cross-site navigations // do not cause back/forward navigations to be considered stale by the // renderer. diff --git a/content/browser/web_contents/navigation_controller_impl.cc b/content/browser/web_contents/navigation_controller_impl.cc index 5eab596..c8218af 100644 --- a/content/browser/web_contents/navigation_controller_impl.cc +++ b/content/browser/web_contents/navigation_controller_impl.cc @@ -288,29 +288,16 @@ void NavigationControllerImpl::ReloadInternal(bool check_for_repost, return; } - NavigationEntryImpl* entry = NULL; - int current_index = -1; - - // If we are reloading the initial navigation, just use the current - // pending entry. Otherwise look up the current entry. - if (IsInitialNavigation() && pending_entry_) { - entry = pending_entry_; - } else { - DiscardNonCommittedEntriesInternal(); - current_index = GetCurrentEntryIndex(); - if (current_index != -1) { - entry = NavigationEntryImpl::FromNavigationEntry( - GetEntryAtIndex(current_index)); - } - } - + DiscardNonCommittedEntriesInternal(); + int current_index = GetCurrentEntryIndex(); // If we are no where, then we can't reload. TODO(darin): We should add a // CanReload method. - if (!entry) + if (current_index == -1) { return; + } if (g_check_for_repost && check_for_repost && - entry->GetHasPostData()) { + GetEntryAtIndex(current_index)->GetHasPostData()) { // The user is asking to reload a page with POST data. Prompt to make sure // they really want to do this. If they do, the dialog will call us back // with check_for_repost = false. @@ -320,8 +307,11 @@ void NavigationControllerImpl::ReloadInternal(bool check_for_repost, web_contents_->Activate(); web_contents_->GetDelegate()->ShowRepostFormWarningDialog(web_contents_); } else { - if (!IsInitialNavigation()) - DiscardNonCommittedEntriesInternal(); + DiscardNonCommittedEntriesInternal(); + + NavigationEntryImpl* entry = entries_[current_index].get(); + SiteInstanceImpl* site_instance = entry->site_instance(); + DCHECK(site_instance); // If we are reloading an entry that no longer belongs to the current // site instance (for example, refreshing a page for just installed app), @@ -330,7 +320,6 @@ void NavigationControllerImpl::ReloadInternal(bool check_for_repost, // as new navigation (which happens to clear forward history). // Tabs that are discarded due to low memory conditions may not have a site // instance, and should not be treated as a cross-site reload. - SiteInstanceImpl* site_instance = entry->site_instance(); if (site_instance && site_instance->HasWrongProcessForURL(entry->GetURL())) { // Create a navigation entry that resembles the current one, but do not @@ -347,16 +336,15 @@ void NavigationControllerImpl::ReloadInternal(bool check_for_repost, nav_entry->set_should_replace_entry(true); pending_entry_ = nav_entry; } else { - pending_entry_ = entry; pending_entry_index_ = current_index; // The title of the page being reloaded might have been removed in the // meanwhile, so we need to revert to the default title upon reload and // invalidate the previously cached title (SetTitle will do both). // See Chromium issue 96041. - pending_entry_->SetTitle(string16()); + entries_[pending_entry_index_]->SetTitle(string16()); - pending_entry_->SetTransitionType(PAGE_TRANSITION_RELOAD); + entries_[pending_entry_index_]->SetTransitionType(PAGE_TRANSITION_RELOAD); } NavigateToPendingEntry(reload_type); @@ -404,17 +392,13 @@ void NavigationControllerImpl::LoadEntry(NavigationEntryImpl* entry) { // When navigating to a new page, we don't know for sure if we will actually // end up leaving the current page. The new page load could for example // result in a download or a 'no content' response (e.g., a mailto: URL). - SetPendingEntry(entry); - NavigateToPendingEntry(NO_RELOAD); -} - -void NavigationControllerImpl::SetPendingEntry(NavigationEntryImpl* entry) { DiscardNonCommittedEntriesInternal(); pending_entry_ = entry; NotificationService::current()->Notify( NOTIFICATION_NAV_ENTRY_PENDING, Source<NavigationController>(this), Details<NavigationEntry>(entry)); + NavigateToPendingEntry(NO_RELOAD); } NavigationEntry* NavigationControllerImpl::GetActiveEntry() const { @@ -428,37 +412,15 @@ NavigationEntry* NavigationControllerImpl::GetActiveEntry() const { NavigationEntry* NavigationControllerImpl::GetVisibleEntry() const { if (transient_entry_index_ != -1) return entries_[transient_entry_index_].get(); - // The pending entry is safe to return for new (non-history), browser- - // initiated navigations. Most renderer-initiated navigations should not - // show the pending entry, to prevent URL spoof attacks. - // - // We make an exception for renderer-initiated navigations in new tabs, as - // long as no other page has tried to access the initial empty document in - // the new tab. If another page modifies this blank page, a URL spoof is - // possible, so we must stop showing the pending entry. - RenderViewHostImpl* rvh = static_cast<RenderViewHostImpl*>( - web_contents_->GetRenderViewHost()); - bool safe_to_show_pending = - pending_entry_ && - // Require a new navigation. + // Only return the pending_entry for new (non-history), browser-initiated + // navigations, in order to prevent URL spoof attacks. + // Ideally we would also show the pending entry's URL for new renderer- + // initiated navigations with no last committed entry (e.g., a link opening + // in a new tab), but an attacker can insert content into the about:blank + // page while the pending URL loads in that case. + if (pending_entry_ && pending_entry_->GetPageID() == -1 && - // Require either browser-initiated or an unmodified new tab. - (!pending_entry_->is_renderer_initiated() || - (IsInitialNavigation() && - !GetLastCommittedEntry() && - !rvh->has_accessed_initial_document())); - - // Also allow showing the pending entry for history navigations in a new tab, - // such as Ctrl+Back. In this case, no existing page is visible and no one - // can script the new tab before it commits. - if (!safe_to_show_pending && - pending_entry_ && - pending_entry_->GetPageID() != -1 && - IsInitialNavigation() && !pending_entry_->is_renderer_initiated()) - safe_to_show_pending = true; - - if (safe_to_show_pending) return pending_entry_; return GetLastCommittedEntry(); } @@ -1079,7 +1041,6 @@ NavigationType NavigationControllerImpl::ClassifyNavigation( // Anything below here we know is a main frame navigation. if (pending_entry_ && - !pending_entry_->is_renderer_initiated() && existing_entry != pending_entry_ && pending_entry_->GetPageID() == -1 && existing_entry == GetLastCommittedEntry()) { diff --git a/content/browser/web_contents/navigation_controller_impl.h b/content/browser/web_contents/navigation_controller_impl.h index 175255e..5027990 100644 --- a/content/browser/web_contents/navigation_controller_impl.h +++ b/content/browser/web_contents/navigation_controller_impl.h @@ -120,10 +120,6 @@ class CONTENT_EXPORT NavigationControllerImpl // For use by WebContentsImpl ------------------------------------------------ - // Allow renderer-initiated navigations to create a pending entry when the - // provisional load starts. - void SetPendingEntry(content::NavigationEntryImpl* entry); - // Handles updating the navigation state after the renderer has navigated. // This is used by the WebContentsImpl. // diff --git a/content/browser/web_contents/navigation_controller_impl_unittest.cc b/content/browser/web_contents/navigation_controller_impl_unittest.cc index 43f9e96..0f25e2e 100644 --- a/content/browser/web_contents/navigation_controller_impl_unittest.cc +++ b/content/browser/web_contents/navigation_controller_impl_unittest.cc @@ -812,7 +812,10 @@ TEST_F(NavigationControllerTest, LoadURL_AbortDoesntCancelPending) { EXPECT_FALSE(contents()->GetDelegate()); contents()->SetDelegate(delegate.get()); - // Start with a pending new navigation. + // Without any navigations, the renderer starts at about:blank. + const GURL kExistingURL("about:blank"); + + // Now make a pending new navigation. const GURL kNewURL("http://eh"); controller.LoadURL( kNewURL, Referrer(), PAGE_TRANSITION_TYPED, std::string()); @@ -841,14 +844,6 @@ TEST_F(NavigationControllerTest, LoadURL_AbortDoesntCancelPending) { EXPECT_TRUE(controller.GetPendingEntry()); EXPECT_EQ(-1, controller.GetLastCommittedEntryIndex()); EXPECT_EQ(1, delegate->navigation_state_change_count()); - NavigationEntry* pending_entry = controller.GetPendingEntry(); - - // Ensure that a reload keeps the same pending entry. - controller.Reload(true); - EXPECT_EQ(-1, controller.GetPendingEntryIndex()); - EXPECT_TRUE(controller.GetPendingEntry()); - EXPECT_EQ(pending_entry, controller.GetPendingEntry()); - EXPECT_EQ(-1, controller.GetLastCommittedEntryIndex()); contents()->SetDelegate(NULL); } @@ -860,21 +855,16 @@ TEST_F(NavigationControllerTest, LoadURL_RedirectAbortDoesntShowPendingURL) { TestNotificationTracker notifications; RegisterForAllNavNotifications(¬ifications, &controller); - // First make an existing committed entry. - const GURL kExistingURL("http://foo/eh"); - controller.LoadURL(kExistingURL, content::Referrer(), - content::PAGE_TRANSITION_TYPED, std::string()); - test_rvh()->SendNavigate(0, kExistingURL); - EXPECT_TRUE(notifications.Check1AndReset( - content::NOTIFICATION_NAV_ENTRY_COMMITTED)); - // Set a WebContentsDelegate to listen for state changes. scoped_ptr<TestWebContentsDelegate> delegate(new TestWebContentsDelegate()); EXPECT_FALSE(contents()->GetDelegate()); contents()->SetDelegate(delegate.get()); + // Without any navigations, the renderer starts at about:blank. + const GURL kExistingURL("about:blank"); + // Now make a pending new navigation, initiated by the renderer. - const GURL kNewURL("http://foo/bee"); + const GURL kNewURL("http://eh"); NavigationController::LoadURLParams load_url_params(kNewURL); load_url_params.transition_type = PAGE_TRANSITION_TYPED; load_url_params.is_renderer_initiated = true; @@ -882,14 +872,16 @@ TEST_F(NavigationControllerTest, LoadURL_RedirectAbortDoesntShowPendingURL) { EXPECT_EQ(0U, notifications.size()); EXPECT_EQ(-1, controller.GetPendingEntryIndex()); EXPECT_TRUE(controller.GetPendingEntry()); - EXPECT_EQ(0, controller.GetLastCommittedEntryIndex()); - EXPECT_EQ(0, delegate->navigation_state_change_count()); + EXPECT_EQ(-1, controller.GetLastCommittedEntryIndex()); + EXPECT_EQ(1, delegate->navigation_state_change_count()); - // The visible entry should be the last committed URL, not the pending one. - EXPECT_EQ(kExistingURL, controller.GetVisibleEntry()->GetURL()); + // There should be no visible entry (resulting in about:blank in the + // omnibox), because it was renderer-initiated and there's no last committed + // entry. + EXPECT_FALSE(controller.GetVisibleEntry()); // Now the navigation redirects. - const GURL kRedirectURL("http://foo/see"); + const GURL kRedirectURL("http://bee"); test_rvh()->OnMessageReceived( ViewHostMsg_DidRedirectProvisionalLoad(0, // routing_id -1, // pending page_id @@ -917,12 +909,12 @@ TEST_F(NavigationControllerTest, LoadURL_RedirectAbortDoesntShowPendingURL) { // change. EXPECT_EQ(-1, controller.GetPendingEntryIndex()); EXPECT_TRUE(controller.GetPendingEntry()); - EXPECT_EQ(0, controller.GetLastCommittedEntryIndex()); - EXPECT_EQ(0, delegate->navigation_state_change_count()); + EXPECT_EQ(-1, controller.GetLastCommittedEntryIndex()); + EXPECT_EQ(1, delegate->navigation_state_change_count()); - // The visible entry should be the last committed URL, not the pending one, - // so that no spoof is possible. - EXPECT_EQ(kExistingURL, controller.GetVisibleEntry()->GetURL()); + // There should be no visible entry (resulting in about:blank in the + // omnibox), ensuring no spoof is possible. + EXPECT_FALSE(controller.GetVisibleEntry()); contents()->SetDelegate(NULL); } @@ -2499,86 +2491,6 @@ TEST_F(NavigationControllerTest, DontShowRendererURLUntilCommit) { notifications.Reset(); } -// Tests that the URLs for renderer-initiated navigations in new tabs are -// displayed to the user before commit, as long as the initial about:blank -// page has not been modified. If so, we must revert to showing about:blank. -// See http://crbug.com/9682. -TEST_F(NavigationControllerTest, ShowRendererURLInNewTabUntilModified) { - NavigationControllerImpl& controller = controller_impl(); - TestNotificationTracker notifications; - RegisterForAllNavNotifications(¬ifications, &controller); - - const GURL url("http://foo"); - - // For renderer-initiated navigations in new tabs (with no committed entries), - // we show the pending entry's URL as long as the about:blank page is not - // modified. - NavigationController::LoadURLParams load_url_params(url); - load_url_params.transition_type = PAGE_TRANSITION_LINK; - load_url_params.is_renderer_initiated = true; - controller.LoadURLWithParams(load_url_params); - EXPECT_EQ(url, controller.GetActiveEntry()->GetURL()); - EXPECT_EQ(url, controller.GetVisibleEntry()->GetURL()); - EXPECT_TRUE( - NavigationEntryImpl::FromNavigationEntry(controller.GetPendingEntry())-> - is_renderer_initiated()); - EXPECT_TRUE(controller.IsInitialNavigation()); - EXPECT_FALSE(test_rvh()->has_accessed_initial_document()); - - // There should be no title yet. - EXPECT_TRUE(contents()->GetTitle().empty()); - - // If something else modifies the contents of the about:blank page, then - // we must revert to showing about:blank to avoid a URL spoof. - test_rvh()->OnMessageReceived( - ViewHostMsg_DidAccessInitialDocument(0)); - EXPECT_TRUE(test_rvh()->has_accessed_initial_document()); - EXPECT_FALSE(controller.GetVisibleEntry()); - EXPECT_EQ(url, controller.GetActiveEntry()->GetURL()); - - notifications.Reset(); -} - -TEST_F(NavigationControllerTest, DontShowRendererURLInNewTabAfterCommit) { - NavigationControllerImpl& controller = controller_impl(); - TestNotificationTracker notifications; - RegisterForAllNavNotifications(¬ifications, &controller); - - const GURL url1("http://foo/eh"); - const GURL url2("http://foo/bee"); - - // For renderer-initiated navigations in new tabs (with no committed entries), - // we show the pending entry's URL as long as the about:blank page is not - // modified. - NavigationController::LoadURLParams load_url_params(url1); - load_url_params.transition_type = PAGE_TRANSITION_LINK; - load_url_params.is_renderer_initiated = true; - controller.LoadURLWithParams(load_url_params); - EXPECT_EQ(url1, controller.GetActiveEntry()->GetURL()); - EXPECT_EQ(url1, controller.GetVisibleEntry()->GetURL()); - EXPECT_TRUE( - NavigationEntryImpl::FromNavigationEntry(controller.GetPendingEntry())-> - is_renderer_initiated()); - EXPECT_TRUE(controller.IsInitialNavigation()); - EXPECT_FALSE(test_rvh()->has_accessed_initial_document()); - - // Simulate a commit and then starting a new pending navigation. - test_rvh()->SendNavigate(0, url1); - NavigationController::LoadURLParams load_url2_params(url2); - load_url2_params.transition_type = PAGE_TRANSITION_LINK; - load_url2_params.is_renderer_initiated = true; - controller.LoadURLWithParams(load_url2_params); - - // We should not consider this an initial navigation, and thus should - // not show the pending URL. - EXPECT_FALSE(test_rvh()->has_accessed_initial_document()); - EXPECT_FALSE(controller.IsInitialNavigation()); - EXPECT_TRUE(controller.GetVisibleEntry()); - EXPECT_EQ(url1, controller.GetVisibleEntry()->GetURL()); - - notifications.Reset(); -} - // Tests that IsInPageNavigation returns appropriate results. Prevents // regression for bug 1126349. TEST_F(NavigationControllerTest, IsInPageNavigation) { @@ -2644,10 +2556,8 @@ TEST_F(NavigationControllerTest, CloneAndGoBack) { NavigationControllerImpl& controller = controller_impl(); const GURL url1("http://foo1"); const GURL url2("http://foo2"); - const string16 title(ASCIIToUTF16("Title")); NavigateAndCommit(url1); - controller.GetActiveEntry()->SetTitle(title); NavigateAndCommit(url2); scoped_ptr<WebContents> clone(controller.GetWebContents()->Clone()); @@ -2657,10 +2567,6 @@ TEST_F(NavigationControllerTest, CloneAndGoBack) { clone->GetController().GoBack(); // Navigating back should have triggered needs_reload_ to go false. EXPECT_FALSE(clone->GetController().NeedsReload()); - - // Ensure that the pending URL and its title are visible. - EXPECT_EQ(url1, clone->GetController().GetVisibleEntry()->GetURL()); - EXPECT_EQ(title, clone->GetTitle()); } // Make sure that cloning a WebContentsImpl doesn't copy interstitials. diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc index 9e604f6..01151b3 100644 --- a/content/browser/web_contents/web_contents_impl.cc +++ b/content/browser/web_contents/web_contents_impl.cc @@ -738,7 +738,7 @@ BrowserContext* WebContentsImpl::GetBrowserContext() const { const GURL& WebContentsImpl::GetURL() const { // We may not have a navigation entry yet - NavigationEntry* entry = controller_.GetVisibleEntry(); + NavigationEntry* entry = controller_.GetActiveEntry(); return entry ? entry->GetVirtualURL() : GURL::EmptyGURL(); } @@ -884,7 +884,7 @@ const string16& WebContentsImpl::GetTitle() const { render_manager_.pending_web_ui() : render_manager_.web_ui(); if (our_web_ui) { // Don't override the title in view source mode. - entry = controller_.GetVisibleEntry(); + entry = controller_.GetActiveEntry(); if (!(entry && entry->IsViewSourceMode())) { // Give the Web UI the chance to override our title. const string16& title = our_web_ui->GetOverriddenTitle(); @@ -898,13 +898,6 @@ const string16& WebContentsImpl::GetTitle() const { // keep the old page's title until the new load has committed and we get a new // title. entry = controller_.GetLastCommittedEntry(); - - // We make an exception for initial navigations, because we can have a - // committed entry for an initial navigation when doing a history navigation - // in a new tab, such as Ctrl+Back. - if (entry && controller_.IsInitialNavigation()) - entry = controller_.GetVisibleEntry(); - if (entry) { return entry->GetTitleForDisplay(accept_languages); } @@ -2038,23 +2031,6 @@ void WebContentsImpl::DidStartProvisionalLoadForFrame( if (is_main_frame) DidChangeLoadProgress(0); - // Create a pending entry for this provisional load (if none exists) using the - // current SiteInstance, and ensure the address bar updates accordingly. - // We don't know the referrer or extra headers at this point, but the referrer - // will be set properly upon commit. - if (is_main_frame && !controller_.GetPendingEntry()) { - NavigationEntryImpl* entry = NavigationEntryImpl::FromNavigationEntry( - controller_.CreateNavigationEntry(validated_url, - content::Referrer(), - content::PAGE_TRANSITION_LINK, - true /* is_renderer_initiated */, - std::string(), GetBrowserContext())); - entry->set_site_instance( - static_cast<SiteInstanceImpl*>(GetSiteInstance())); - controller_.SetPendingEntry(entry); - NotifyNavigationStateChanged(content::INVALIDATE_TYPE_URL); - } - // Notify observers about the start of the provisional load. FOR_EACH_OBSERVER(WebContentsObserver, observers_, DidStartProvisionalLoadForFrame(frame_id, parent_frame_id, @@ -2989,11 +2965,6 @@ void WebContentsImpl::DidUpdateFrameTree(RenderViewHost* rvh) { render_manager_.DidUpdateFrameTree(rvh); } -void WebContentsImpl::DidAccessInitialDocument() { - // Update the URL display. - NotifyNavigationStateChanged(content::INVALIDATE_TYPE_URL); -} - void WebContentsImpl::DocumentAvailableInMainFrame( RenderViewHost* render_view_host) { FOR_EACH_OBSERVER(WebContentsObserver, observers_, diff --git a/content/browser/web_contents/web_contents_impl.h b/content/browser/web_contents/web_contents_impl.h index 243eab2..c9d6443 100644 --- a/content/browser/web_contents/web_contents_impl.h +++ b/content/browser/web_contents/web_contents_impl.h @@ -328,7 +328,6 @@ class CONTENT_EXPORT WebContentsImpl virtual void DidCancelLoading() OVERRIDE; virtual void DidChangeLoadProgress(double progress) OVERRIDE; virtual void DidDisownOpener(RenderViewHost* rvh) OVERRIDE; - virtual void DidAccessInitialDocument() OVERRIDE; virtual void DidUpdateFrameTree(RenderViewHost* rvh) OVERRIDE; virtual void DocumentAvailableInMainFrame( RenderViewHost* render_view_host) OVERRIDE; diff --git a/content/common/view_messages.h b/content/common/view_messages.h index f3aa46f..0e84bef 100644 --- a/content/common/view_messages.h +++ b/content/common/view_messages.h @@ -2214,11 +2214,6 @@ IPC_MESSAGE_ROUTED3(ViewHostMsg_LockMouse, // ViewHostMsg_UnlockMouse). IPC_MESSAGE_ROUTED0(ViewHostMsg_UnlockMouse) -// Notifies that the initial empty document of a view has been accessed. -// After this, it is no longer safe to show a pending navigation's URL without -// making a URL spoof possible. -IPC_MESSAGE_ROUTED0(ViewHostMsg_DidAccessInitialDocument) - // Following message is used to communicate the values received by the // callback binding the JS to Cpp. // An instance of browser that has an automation host listening to it can diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc index aa11ad3..dd55cf5 100644 --- a/content/renderer/render_view_impl.cc +++ b/content/renderer/render_view_impl.cc @@ -2749,13 +2749,6 @@ WebCookieJar* RenderViewImpl::cookieJar(WebFrame* frame) { return &cookie_jar_; } -void RenderViewImpl::didAccessInitialDocument(WebFrame* frame) { - // Notify the browser process that it is no longer safe to show the pending - // URL of the main frame, since a URL spoof is now possible. - if (!frame->parent() && page_id_ == -1) - Send(new ViewHostMsg_DidAccessInitialDocument(routing_id_)); -} - void RenderViewImpl::didCreateFrame(WebFrame* parent, WebFrame* child) { if (!updating_frame_tree_) SendUpdatedFrameTree(NULL); diff --git a/content/renderer/render_view_impl.h b/content/renderer/render_view_impl.h index 944b423..28a6f1a 100644 --- a/content/renderer/render_view_impl.h +++ b/content/renderer/render_view_impl.h @@ -524,7 +524,6 @@ class CONTENT_EXPORT RenderViewImpl WebKit::WebFrame* frame, WebKit::WebApplicationCacheHostClient* client); virtual WebKit::WebCookieJar* cookieJar(WebKit::WebFrame* frame); - virtual void didAccessInitialDocument(WebKit::WebFrame* frame); virtual void didCreateFrame(WebKit::WebFrame* parent, WebKit::WebFrame* child); virtual void didDisownOpener(WebKit::WebFrame* frame); diff --git a/content/test/data/click-nocontent-link.html b/content/test/data/click-nocontent-link.html deleted file mode 100644 index e60b513..0000000 --- a/content/test/data/click-nocontent-link.html +++ /dev/null @@ -1,46 +0,0 @@ -<html> - - <head><title>Click nocontent link</title> - <script> - function simulateClick(target) { - var evt = document.createEvent("MouseEvents"); - evt.initMouseEvent("click", true, true, window, - 0, 0, 0, 0, 0, false, false, - false, false, 0, null); - - return target.dispatchEvent(evt); - } - - function clickNoContentTargetedLink() { - return simulateClick(document.getElementById("nocontent_targeted_link")); - } - - function clickNoContentScriptedTargetedLink() { - return simulateClick(document.getElementById( - "nocontent_scripted_targeted_link")); - } - - var w; - function modifyNewWindow() { - // Grab a reference to the existing foo window and modify its content. - w = window.open("", "foo"); - w.document.body.innerHTML += "Modified"; - - // Also modify the title to give the test a notification to listen for. - // Use a timeout so that the didAccessInitialDocument notification arrives - // first. - setTimeout('w.document.title = "Modified Title"'); - return true; - } - </script> - </head> - -<a href="/nocontent" id="nocontent_targeted_link" target="foo"> - /nocontent target=foo</a><br> -<button onclick="modifyNewWindow()">Modify New Window</button><br> - -<a href="/nocontent" id="nocontent_scripted_targeted_link" target="foo" - onclick="modifyNewWindow()"> - /nocontent scripted target=foo</a><br> - -</html> |