diff options
author | fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-06 20:22:32 +0000 |
---|---|---|
committer | fsamuel@chromium.org <fsamuel@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-06 20:22:32 +0000 |
commit | e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358 (patch) | |
tree | 6611c977bd705b1049bb484a0b1a1d707bdfc656 /content | |
parent | 8d5e5145b65673eaf3aa521c4707031ed0a81031 (diff) | |
download | chromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.zip chromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.tar.gz chromium_src-e80d9c7055e418d5a7e40e021c3a4ea6dfbcd358.tar.bz2 |
Revert 249293 "Revert 248828 "<webview>: navigating to WebStore ..."
> Revert 248828 "<webview>: navigating to WebStore should fire a l..."
>
> > <webview>: navigating to WebStore should fire a loadabort instead of crashing.
> >
> > All top-level navigations now get plumbed through: BrowserPluginGuest::LoadURLWithParams.
> > URL validation now happens there. If a URL is determined to be inappropriate for a <webview>,
> > a loadabort event will fire instead of crashing the <webview> guest content.
> >
> > BUG=334531
> > Test=WebViewTest.Shim_TestNavigateToWebStore
> >
> > Review URL: https://codereview.chromium.org/140073002
>
> TBR=fsamuel@chromium.org
>
> Review URL: https://codereview.chromium.org/152783004
TBR=hajimehoshi@chromium.org
Review URL: https://codereview.chromium.org/151243004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@249482 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
-rw-r--r-- | content/browser/browser_plugin/browser_plugin_guest.cc | 75 | ||||
-rw-r--r-- | content/browser/browser_plugin/browser_plugin_guest.h | 2 | ||||
-rw-r--r-- | content/browser/renderer_host/render_view_host_impl.cc | 4 |
3 files changed, 40 insertions, 41 deletions
diff --git a/content/browser/browser_plugin/browser_plugin_guest.cc b/content/browser/browser_plugin/browser_plugin_guest.cc index c27713b..2e79b63 100644 --- a/content/browser/browser_plugin/browser_plugin_guest.cc +++ b/content/browser/browser_plugin/browser_plugin_guest.cc @@ -406,7 +406,33 @@ void BrowserPluginGuest::LoadURLWithParams(const GURL& url, const Referrer& referrer, PageTransition transition_type, WebContents* web_contents) { - NavigationController::LoadURLParams load_url_params(url); + // Do not allow navigating a guest to schemes other than known safe schemes. + // This will block the embedder trying to load unwanted schemes, e.g. + // chrome://settings. + bool scheme_is_blocked = + (!ChildProcessSecurityPolicyImpl::GetInstance()->IsWebSafeScheme( + url.scheme()) && + !ChildProcessSecurityPolicyImpl::GetInstance()->IsPseudoScheme( + url.scheme())) || + url.SchemeIs(kJavaScriptScheme); + bool can_commit = + GetContentClient()->browser()->CanCommitURL( + GetWebContents()->GetRenderProcessHost(), url); + if (scheme_is_blocked || !url.is_valid() || !can_commit) { + if (delegate_) { + // TODO(fsamuel): Need better error reporting here. + std::string error_type; + base::RemoveChars(net::ErrorToString(net::ERR_ABORTED), "net::", + &error_type); + delegate_->LoadAbort(true /* is_top_level */, url, error_type); + } + return; + } + + GURL validated_url(url); + GetWebContents()->GetRenderProcessHost()->FilterURL(false, &validated_url); + + NavigationController::LoadURLParams load_url_params(validated_url); load_url_params.referrer = referrer; load_url_params.transition_type = transition_type; load_url_params.extra_headers = std::string(); @@ -604,9 +630,10 @@ void BrowserPluginGuest::Initialize( // update the BrowserPlugin's corresponding 'name' attribute. // TODO(fsamuel): Remove this once http://crbug.com/169110 is addressed. renderer_prefs->report_frame_name_changes = true; - // Navigation is disabled in Chrome Apps. We want to make sure guest-initiated - // navigations still continue to function inside the app. - renderer_prefs->browser_handles_all_top_level_requests = false; + // Top-level guest-initiated navigations are all plumbed through + // BrowserPluginGuest::OpenURLFromTab. There, it is determined whether a + // particular navigation will be allowed to proceed or whether it is aborted. + renderer_prefs->browser_handles_all_top_level_requests = true; // Disable "client blocked" error page for browser plugin. renderer_prefs->disable_client_blocked_error_page = true; @@ -828,14 +855,12 @@ WebContents* BrowserPluginGuest::OpenURLFromTab(WebContents* source, PendingWindowMap::iterator it = opener()->pending_new_windows_.find(this); if (it == opener()->pending_new_windows_.end()) return NULL; - const NewWindowInfo& old_target_url = it->second; - NewWindowInfo new_window_info(params.url, old_target_url.name); - new_window_info.changed = new_window_info.url != old_target_url.url; - it->second = new_window_info; + const NewWindowInfo& old_info = it->second; + it->second = NewWindowInfo(params.url, old_info.name); return NULL; } if (params.disposition == CURRENT_TAB) { - // This can happen for cross-site redirects. + // This can happen for cross-site redirects and top-level frame navigations. LoadURLWithParams(params.url, params.referrer, params.transition, source); return source; } @@ -1252,15 +1277,10 @@ void BrowserPluginGuest::Attach( new_view->CreateViewForWidget(web_contents()->GetRenderViewHost()); } - // We need to do a navigation here if the target URL has changed between - // the time the WebContents was created and the time it was attached. - // We also need to do an initial navigation if a RenderView was never - // created for the new window in cases where there is no referrer. + // Grab the URL for the initial navigation. PendingWindowMap::iterator it = opener()->pending_new_windows_.find(this); if (it != opener()->pending_new_windows_.end()) { - const NewWindowInfo& new_window_info = it->second; - if (new_window_info.changed || !has_render_view_) - params.src = it->second.url.spec(); + params.src = it->second.url.spec(); } else { NOTREACHED(); } @@ -1452,32 +1472,11 @@ void BrowserPluginGuest::OnNavigateGuest( const std::string& src) { GURL url = delegate_ ? delegate_->ResolveURL(src) : GURL(src); - // Do not allow navigating a guest to schemes other than known safe schemes. - // This will block the embedder trying to load unwanted schemes, e.g. - // chrome://settings. - bool scheme_is_blocked = - (!ChildProcessSecurityPolicyImpl::GetInstance()->IsWebSafeScheme( - url.scheme()) && - !ChildProcessSecurityPolicyImpl::GetInstance()->IsPseudoScheme( - url.scheme())) || - url.SchemeIs(kJavaScriptScheme); - if (scheme_is_blocked || !url.is_valid()) { - if (delegate_) { - std::string error_type; - base::RemoveChars(net::ErrorToString(net::ERR_ABORTED), "net::", - &error_type); - delegate_->LoadAbort(true /* is_top_level */, url, error_type); - } - return; - } - - GURL validated_url(url); - GetWebContents()->GetRenderProcessHost()->FilterURL(false, &validated_url); // As guests do not swap processes on navigation, only navigations to // normal web URLs are supported. No protocol handlers are installed for // other schemes (e.g., WebUI or extensions), and no permissions or bindings // can be granted to the guest process. - LoadURLWithParams(validated_url, Referrer(), PAGE_TRANSITION_AUTO_TOPLEVEL, + LoadURLWithParams(url, Referrer(), PAGE_TRANSITION_AUTO_TOPLEVEL, GetWebContents()); } diff --git a/content/browser/browser_plugin/browser_plugin_guest.h b/content/browser/browser_plugin/browser_plugin_guest.h index 3e2d98a..0ed0e08 100644 --- a/content/browser/browser_plugin/browser_plugin_guest.h +++ b/content/browser/browser_plugin/browser_plugin_guest.h @@ -334,11 +334,9 @@ class CONTENT_EXPORT BrowserPluginGuest // has been attached to a BrowserPlugin. Once the first navigation commits, we // no longer track this information. struct NewWindowInfo { - bool changed; GURL url; std::string name; NewWindowInfo(const GURL& url, const std::string& name) : - changed(false), url(url), name(name) {} }; diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc index 752d34e..8011841 100644 --- a/content/browser/renderer_host/render_view_host_impl.cc +++ b/content/browser/renderer_host/render_view_host_impl.cc @@ -1619,7 +1619,9 @@ void RenderViewHostImpl::OnToggleFullscreen(bool enter_fullscreen) { void RenderViewHostImpl::OnOpenURL( const ViewHostMsg_OpenURL_Params& params) { GURL validated_url(params.url); - GetProcess()->FilterURL(false, &validated_url); + // BrowserPluginGuest does filtering after firing a loadabort event. + if (!GetProcess()->IsGuest()) + GetProcess()->FilterURL(false, &validated_url); delegate_->RequestOpenURL( this, validated_url, params.referrer, params.disposition, params.frame_id, |