Don't allow sending data URLs to WebUI, unless in a ChromeOS BalloonHost.

BUG=123428 TEST=none Review URL: http://codereview.chromium.org/10080018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132459 0039d316-1c4b-4281-b951-d872f2087c98
author: creis@chromium.org <creis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-16 21:26:27 +0000
committer: creis@chromium.org <creis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-04-16 21:26:27 +0000
commit: 24e18251abd7e269df0e6dc2512fd271aa795213 (patch)
tree: c949e5d845e818ebfcf603288c4c7501eab0771d /content
parent: d3d50e0051fa855b7db675012e904b69a924a7e4 (diff)
download: chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.zip
chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.tar.gz
chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.tar.bz2
8 files changed, 25 insertions, 12 deletions
diff --git a/content/browser/site_instance_impl_unittest.cc b/content/browser/site_instance_impl_unittest.cc
index 9767b70..fec7c79 100644
--- a/content/browser/site_instance_impl_unittest.cc
+++ b/content/browser/site_instance_impl_unittest.cc
@@ -61,8 +61,10 @@ class SiteInstanceTestWebUIControllerFactory
                                       const GURL& url) const OVERRIDE {
     return content::GetContentClient()->HasWebUIScheme(url);
   }
-  virtual bool IsURLAcceptableForWebUI(BrowserContext* browser_context,
-      const GURL& url) const OVERRIDE {
+  virtual bool IsURLAcceptableForWebUI(
+      BrowserContext* browser_context,
+      const GURL& url,
+      bool data_urls_allowed) const OVERRIDE {
     return false;
   }
 };
diff --git a/content/browser/web_contents/render_view_host_manager.cc b/content/browser/web_contents/render_view_host_manager.cc
index 6a5d401..95021bf 100644
--- a/content/browser/web_contents/render_view_host_manager.cc
+++ b/content/browser/web_contents/render_view_host_manager.cc
@@ -377,8 +377,9 @@ bool RenderViewHostManager::ShouldSwapProcessesForNavigation(
   if (web_ui_factory) {
     if (web_ui_factory->UseWebUIForURL(browser_context, current_url)) {
       // Force swap if it's not an acceptable URL for Web UI.
+      // Here, data URLs are never allowed.
       if (!web_ui_factory->IsURLAcceptableForWebUI(browser_context,
-                                                   new_entry->GetURL()))
+                                                   new_entry->GetURL(), false))
         return true;
     } else {
       // Force swap if it's a Web UI URL.
diff --git a/content/browser/web_contents/render_view_host_manager_unittest.cc b/content/browser/web_contents/render_view_host_manager_unittest.cc
index fc84adf..fe17a0e 100644
--- a/content/browser/web_contents/render_view_host_manager_unittest.cc
+++ b/content/browser/web_contents/render_view_host_manager_unittest.cc
@@ -84,8 +84,10 @@ class RenderViewHostManagerTestWebUIControllerFactory
     return content::GetContentClient()->HasWebUIScheme(url);
   }
 
-  virtual bool IsURLAcceptableForWebUI(BrowserContext* browser_context,
-      const GURL& url) const OVERRIDE {
+  virtual bool IsURLAcceptableForWebUI(
+      BrowserContext* browser_context,
+      const GURL& url,
+      bool data_urls_allowed) const OVERRIDE {
     return false;
   }
 
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 1cea561..7cb9e0e 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -1072,15 +1072,14 @@ bool WebContentsImpl::NavigateToEntry(
   int enabled_bindings = dest_render_view_host->GetEnabledBindings();
   WebUIControllerFactory* factory =
       content::GetContentClient()->browser()->GetWebUIControllerFactory();
+  bool data_urls_allowed = delegate_ && delegate_->CanLoadDataURLsInWebUI();
   bool is_allowed_in_web_ui_renderer =
       factory &&
-      factory->IsURLAcceptableForWebUI(GetBrowserContext(), entry.GetURL());
-#if defined(OS_CHROMEOS)
-  is_allowed_in_web_ui_renderer |= entry.GetURL().SchemeIs(chrome::kDataScheme);
-#endif
+      factory->IsURLAcceptableForWebUI(GetBrowserContext(), entry.GetURL(),
+                                       data_urls_allowed);
   if ((enabled_bindings & content::BINDINGS_POLICY_WEB_UI) &&
       !is_allowed_in_web_ui_renderer) {
-    // Log the URL to help us diagnose http://crbug.com/72235.
+    // Log the URL to help us diagnose any future failures of this CHECK.
     content::GetContentClient()->SetActiveURL(entry.GetURL());
     CHECK(0);
   }
diff --git a/content/browser/web_contents/web_contents_impl_unittest.cc b/content/browser/web_contents/web_contents_impl_unittest.cc
index 5e9a02b..ea9ae58 100644
--- a/content/browser/web_contents/web_contents_impl_unittest.cc
+++ b/content/browser/web_contents/web_contents_impl_unittest.cc
@@ -75,7 +75,9 @@ class WebContentsImplTestWebUIControllerFactory
   }
 
   virtual bool IsURLAcceptableForWebUI(
-      BrowserContext* browser_context, const GURL& url) const {
+      BrowserContext* browser_context,
+      const GURL& url,
+      bool data_urls_allowed) const {
     return content::GetContentClient()->HasWebUIScheme(url);
   }
 };
diff --git a/content/public/browser/web_contents_delegate.cc b/content/public/browser/web_contents_delegate.cc
index f4c0bc9..0c11548 100644
--- a/content/public/browser/web_contents_delegate.cc
+++ b/content/public/browser/web_contents_delegate.cc
@@ -30,6 +30,8 @@ bool WebContentsDelegate::IsPopupOrPanel(const WebContents* source) const {
 
 bool WebContentsDelegate::IsApplication() const { return false; }
 
+bool WebContentsDelegate::CanLoadDataURLsInWebUI() const { return false; }
+
 bool WebContentsDelegate::CanReloadContents(WebContents* source) const {
   return true;
 }
diff --git a/content/public/browser/web_contents_delegate.h b/content/public/browser/web_contents_delegate.h
index 682b38438..b99890b 100644
--- a/content/public/browser/web_contents_delegate.h
+++ b/content/public/browser/web_contents_delegate.h
@@ -157,6 +157,10 @@ class CONTENT_EXPORT WebContentsDelegate {
   // application.
   virtual bool IsApplication() const;
 
+  // Check whether this contents is permitted to load data URLs in WebUI mode.
+  // This is normally disallowed for security.
+  virtual bool CanLoadDataURLsInWebUI() const;
+
   // Detach the given tab and convert it to a "webapp" view.  The tab must be
   // a WebContents with a valid WebApp set.
   virtual void ConvertContentsToApplication(WebContents* source) {}
diff --git a/content/public/browser/web_ui_controller_factory.h b/content/public/browser/web_ui_controller_factory.h
index 412006e..871bea1 100644
--- a/content/public/browser/web_ui_controller_factory.h
+++ b/content/public/browser/web_ui_controller_factory.h
@@ -48,7 +48,8 @@ class CONTENT_EXPORT WebUIControllerFactory {
   // URLs with WebUI types (as above) and also URLs that can be loaded by
   // normal tabs such as javascript: URLs or about:hang.
   virtual bool IsURLAcceptableForWebUI(BrowserContext* browser_context,
-                                       const GURL& url) const = 0;
+                                       const GURL& url,
+                                       bool data_urls_allowed) const = 0;
 };
 
 }  // namespace content
author	creis@chromium.org <creis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-16 21:26:27 +0000
committer	creis@chromium.org <creis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-04-16 21:26:27 +0000
commit	24e18251abd7e269df0e6dc2512fd271aa795213 (patch)
tree	c949e5d845e818ebfcf603288c4c7501eab0771d /content
parent	d3d50e0051fa855b7db675012e904b69a924a7e4 (diff)
download	chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.zip chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.tar.gz chromium_src-24e18251abd7e269df0e6dc2512fd271aa795213.tar.bz2