summaryrefslogtreecommitdiffstats
path: root/content
diff options
context:
space:
mode:
authorfsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-02-06 20:22:32 +0000
committerfsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-02-06 20:22:32 +0000
commite80d9c7055e418d5a7e40e021c3a4ea6dfbcd358 (patch)
tree6611c977bd705b1049bb484a0b1a1d707bdfc656 /content
parent8d5e5145b65673eaf3aa521c4707031ed0a81031 (diff)
downloadchromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.zip
chromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.tar.gz
chromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.tar.bz2
Revert 249293 "Revert 248828 "<webview>: navigating to WebStore ..."
> Revert 248828 "<webview>: navigating to WebStore should fire a l..." > > > <webview>: navigating to WebStore should fire a loadabort instead of crashing. > > > > All top-level navigations now get plumbed through: BrowserPluginGuest::LoadURLWithParams. > > URL validation now happens there. If a URL is determined to be inappropriate for a <webview>, > > a loadabort event will fire instead of crashing the <webview> guest content. > > > > BUG=334531 > > Test=WebViewTest.Shim_TestNavigateToWebStore > > > > Review URL: https://codereview.chromium.org/140073002 > > TBR=fsamuel@chromium.org > > Review URL: https://codereview.chromium.org/152783004 TBR=hajimehoshi@chromium.org Review URL: https://codereview.chromium.org/151243004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@249482 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
-rw-r--r--content/browser/browser_plugin/browser_plugin_guest.cc75
-rw-r--r--content/browser/browser_plugin/browser_plugin_guest.h2
-rw-r--r--content/browser/renderer_host/render_view_host_impl.cc4
3 files changed, 40 insertions, 41 deletions
diff --git a/content/browser/browser_plugin/browser_plugin_guest.cc b/content/browser/browser_plugin/browser_plugin_guest.cc
index c27713b..2e79b63 100644
--- a/content/browser/browser_plugin/browser_plugin_guest.cc
+++ b/content/browser/browser_plugin/browser_plugin_guest.cc
@@ -406,7 +406,33 @@ void BrowserPluginGuest::LoadURLWithParams(const GURL& url,
const Referrer& referrer,
PageTransition transition_type,
WebContents* web_contents) {
- NavigationController::LoadURLParams load_url_params(url);
+ // Do not allow navigating a guest to schemes other than known safe schemes.
+ // This will block the embedder trying to load unwanted schemes, e.g.
+ // chrome://settings.
+ bool scheme_is_blocked =
+ (!ChildProcessSecurityPolicyImpl::GetInstance()->IsWebSafeScheme(
+ url.scheme()) &&
+ !ChildProcessSecurityPolicyImpl::GetInstance()->IsPseudoScheme(
+ url.scheme())) ||
+ url.SchemeIs(kJavaScriptScheme);
+ bool can_commit =
+ GetContentClient()->browser()->CanCommitURL(
+ GetWebContents()->GetRenderProcessHost(), url);
+ if (scheme_is_blocked || !url.is_valid() || !can_commit) {
+ if (delegate_) {
+ // TODO(fsamuel): Need better error reporting here.
+ std::string error_type;
+ base::RemoveChars(net::ErrorToString(net::ERR_ABORTED), "net::",
+ &error_type);
+ delegate_->LoadAbort(true /* is_top_level */, url, error_type);
+ }
+ return;
+ }
+
+ GURL validated_url(url);
+ GetWebContents()->GetRenderProcessHost()->FilterURL(false, &validated_url);
+
+ NavigationController::LoadURLParams load_url_params(validated_url);
load_url_params.referrer = referrer;
load_url_params.transition_type = transition_type;
load_url_params.extra_headers = std::string();
@@ -604,9 +630,10 @@ void BrowserPluginGuest::Initialize(
// update the BrowserPlugin's corresponding 'name' attribute.
// TODO(fsamuel): Remove this once http://crbug.com/169110 is addressed.
renderer_prefs->report_frame_name_changes = true;
- // Navigation is disabled in Chrome Apps. We want to make sure guest-initiated
- // navigations still continue to function inside the app.
- renderer_prefs->browser_handles_all_top_level_requests = false;
+ // Top-level guest-initiated navigations are all plumbed through
+ // BrowserPluginGuest::OpenURLFromTab. There, it is determined whether a
+ // particular navigation will be allowed to proceed or whether it is aborted.
+ renderer_prefs->browser_handles_all_top_level_requests = true;
// Disable "client blocked" error page for browser plugin.
renderer_prefs->disable_client_blocked_error_page = true;
@@ -828,14 +855,12 @@ WebContents* BrowserPluginGuest::OpenURLFromTab(WebContents* source,
PendingWindowMap::iterator it = opener()->pending_new_windows_.find(this);
if (it == opener()->pending_new_windows_.end())
return NULL;
- const NewWindowInfo& old_target_url = it->second;
- NewWindowInfo new_window_info(params.url, old_target_url.name);
- new_window_info.changed = new_window_info.url != old_target_url.url;
- it->second = new_window_info;
+ const NewWindowInfo& old_info = it->second;
+ it->second = NewWindowInfo(params.url, old_info.name);
return NULL;
}
if (params.disposition == CURRENT_TAB) {
- // This can happen for cross-site redirects.
+ // This can happen for cross-site redirects and top-level frame navigations.
LoadURLWithParams(params.url, params.referrer, params.transition, source);
return source;
}
@@ -1252,15 +1277,10 @@ void BrowserPluginGuest::Attach(
new_view->CreateViewForWidget(web_contents()->GetRenderViewHost());
}
- // We need to do a navigation here if the target URL has changed between
- // the time the WebContents was created and the time it was attached.
- // We also need to do an initial navigation if a RenderView was never
- // created for the new window in cases where there is no referrer.
+ // Grab the URL for the initial navigation.
PendingWindowMap::iterator it = opener()->pending_new_windows_.find(this);
if (it != opener()->pending_new_windows_.end()) {
- const NewWindowInfo& new_window_info = it->second;
- if (new_window_info.changed || !has_render_view_)
- params.src = it->second.url.spec();
+ params.src = it->second.url.spec();
} else {
NOTREACHED();
}
@@ -1452,32 +1472,11 @@ void BrowserPluginGuest::OnNavigateGuest(
const std::string& src) {
GURL url = delegate_ ? delegate_->ResolveURL(src) : GURL(src);
- // Do not allow navigating a guest to schemes other than known safe schemes.
- // This will block the embedder trying to load unwanted schemes, e.g.
- // chrome://settings.
- bool scheme_is_blocked =
- (!ChildProcessSecurityPolicyImpl::GetInstance()->IsWebSafeScheme(
- url.scheme()) &&
- !ChildProcessSecurityPolicyImpl::GetInstance()->IsPseudoScheme(
- url.scheme())) ||
- url.SchemeIs(kJavaScriptScheme);
- if (scheme_is_blocked || !url.is_valid()) {
- if (delegate_) {
- std::string error_type;
- base::RemoveChars(net::ErrorToString(net::ERR_ABORTED), "net::",
- &error_type);
- delegate_->LoadAbort(true /* is_top_level */, url, error_type);
- }
- return;
- }
-
- GURL validated_url(url);
- GetWebContents()->GetRenderProcessHost()->FilterURL(false, &validated_url);
// As guests do not swap processes on navigation, only navigations to
// normal web URLs are supported. No protocol handlers are installed for
// other schemes (e.g., WebUI or extensions), and no permissions or bindings
// can be granted to the guest process.
- LoadURLWithParams(validated_url, Referrer(), PAGE_TRANSITION_AUTO_TOPLEVEL,
+ LoadURLWithParams(url, Referrer(), PAGE_TRANSITION_AUTO_TOPLEVEL,
GetWebContents());
}
diff --git a/content/browser/browser_plugin/browser_plugin_guest.h b/content/browser/browser_plugin/browser_plugin_guest.h
index 3e2d98a..0ed0e08 100644
--- a/content/browser/browser_plugin/browser_plugin_guest.h
+++ b/content/browser/browser_plugin/browser_plugin_guest.h
@@ -334,11 +334,9 @@ class CONTENT_EXPORT BrowserPluginGuest
// has been attached to a BrowserPlugin. Once the first navigation commits, we
// no longer track this information.
struct NewWindowInfo {
- bool changed;
GURL url;
std::string name;
NewWindowInfo(const GURL& url, const std::string& name) :
- changed(false),
url(url),
name(name) {}
};
diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
index 752d34e..8011841 100644
--- a/content/browser/renderer_host/render_view_host_impl.cc
+++ b/content/browser/renderer_host/render_view_host_impl.cc
@@ -1619,7 +1619,9 @@ void RenderViewHostImpl::OnToggleFullscreen(bool enter_fullscreen) {
void RenderViewHostImpl::OnOpenURL(
const ViewHostMsg_OpenURL_Params& params) {
GURL validated_url(params.url);
- GetProcess()->FilterURL(false, &validated_url);
+ // BrowserPluginGuest does filtering after firing a loadabort event.
+ if (!GetProcess()->IsGuest())
+ GetProcess()->FilterURL(false, &validated_url);
delegate_->RequestOpenURL(
this, validated_url, params.referrer, params.disposition, params.frame_id,