summaryrefslogtreecommitdiffstats
path: root/content
diff options
context:
space:
mode:
authormnaganov@chromium.org <mnaganov@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-10 13:36:28 +0000
committermnaganov@chromium.org <mnaganov@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-08-10 13:36:28 +0000
commit165e7f151d95fb61e3669fb252ef0612940d7d73 (patch)
treee6851c73fc032fd63e3cf055a0e5657a5848ba78 /content
parent69cffc89a60caa97b3a9f399ded14f4a937a96bb (diff)
downloadchromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.zip
chromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.tar.gz
chromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.tar.bz2
[Android] Implement WebSettings APIs for FileURL resource access conrol
BUG=none TEST=none Review URL: https://chromiumcodereview.appspot.com/10827274 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151025 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
-rw-r--r--content/browser/android/content_settings.cc24
-rw-r--r--content/public/android/java/src/org/chromium/content/browser/ContentSettings.java82
-rw-r--r--content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java8
3 files changed, 110 insertions, 4 deletions
diff --git a/content/browser/android/content_settings.cc b/content/browser/android/content_settings.cc
index 5effd58..b023f2b 100644
--- a/content/browser/android/content_settings.cc
+++ b/content/browser/android/content_settings.cc
@@ -66,6 +66,10 @@ struct ContentSettings::FieldIds {
GetFieldID(env, clazz, "mLoadsImagesAutomatically", "Z");
java_script_enabled =
GetFieldID(env, clazz, "mJavaScriptEnabled", "Z");
+ allow_universal_access_from_file_urls =
+ GetFieldID(env, clazz, "mAllowUniversalAccessFromFileURLs", "Z");
+ allow_file_access_from_file_urls =
+ GetFieldID(env, clazz, "mAllowFileAccessFromFileURLs", "Z");
java_script_can_open_windows_automatically =
GetFieldID(env, clazz, "mJavaScriptCanOpenWindowsAutomatically", "Z");
dom_storage_enabled =
@@ -87,6 +91,8 @@ struct ContentSettings::FieldIds {
jfieldID default_fixed_font_size;
jfieldID load_images_automatically;
jfieldID java_script_enabled;
+ jfieldID allow_universal_access_from_file_urls;
+ jfieldID allow_file_access_from_file_urls;
jfieldID java_script_can_open_windows_automatically;
jfieldID dom_storage_enabled;
};
@@ -189,6 +195,18 @@ void ContentSettings::SyncFromNativeImpl() {
env->SetBooleanField(
obj,
+ field_ids_->allow_universal_access_from_file_urls,
+ prefs.allow_universal_access_from_file_urls);
+ CheckException(env);
+
+ env->SetBooleanField(
+ obj,
+ field_ids_->allow_file_access_from_file_urls,
+ prefs.allow_file_access_from_file_urls);
+ CheckException(env);
+
+ env->SetBooleanField(
+ obj,
field_ids_->java_script_can_open_windows_automatically,
prefs.javascript_can_open_windows_automatically);
CheckException(env);
@@ -272,6 +290,12 @@ void ContentSettings::SyncToNativeImpl() {
prefs.javascript_enabled =
env->GetBooleanField(obj, field_ids_->java_script_enabled);
+ prefs.allow_universal_access_from_file_urls = env->GetBooleanField(
+ obj, field_ids_->allow_universal_access_from_file_urls);
+
+ prefs.allow_file_access_from_file_urls = env->GetBooleanField(
+ obj, field_ids_->allow_file_access_from_file_urls);
+
prefs.javascript_can_open_windows_automatically = env->GetBooleanField(
obj, field_ids_->java_script_can_open_windows_automatically);
diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
index 6ab2fee..90e4d8d 100644
--- a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
@@ -77,6 +77,8 @@ public class ContentSettings {
private int mDefaultFixedFontSize = 13;
private boolean mLoadsImagesAutomatically = true;
private boolean mJavaScriptEnabled = false;
+ private boolean mAllowUniversalAccessFromFileURLs = false;
+ private boolean mAllowFileAccessFromFileURLs = false;
private boolean mJavaScriptCanOpenWindowsAutomatically = false;
private PluginState mPluginState = PluginState.OFF;
private boolean mDomStorageEnabled = false;
@@ -155,7 +157,8 @@ public class ContentSettings {
* Package constructor to prevent clients from creating a new settings
* instance. Must be called on the UI thread.
*/
- ContentSettings(ContentViewCore contentViewCore, int nativeContentView) {
+ ContentSettings(ContentViewCore contentViewCore, int nativeContentView,
+ boolean isAccessFromFileURLsGrantedByDefault) {
ThreadUtils.assertOnUiThread();
mContentViewCore = contentViewCore;
mCanModifySettings = mContentViewCore.isPersonalityView();
@@ -164,6 +167,11 @@ public class ContentSettings {
mCleanupReference = new CleanupReference(this,
new DestroyRunnable(mNativeContentSettings));
+ if (isAccessFromFileURLsGrantedByDefault) {
+ mAllowUniversalAccessFromFileURLs = true;
+ mAllowFileAccessFromFileURLs = true;
+ }
+
mEventHandler = new EventHandler();
if (mCanModifySettings) {
// PERSONALITY_VIEW
@@ -523,6 +531,53 @@ public class ContentSettings {
}
/**
+ * Sets whether JavaScript running in the context of a file scheme URL
+ * should be allowed to access content from any origin. This includes
+ * access to content from other file scheme URLs. See
+ * {@link #setAllowFileAccessFromFileURLs}. To enable the most restrictive,
+ * and therefore secure policy, this setting should be disabled.
+ * <p>
+ * The default value is true for API level
+ * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
+ * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+ * and above.
+ *
+ * @param flag whether JavaScript running in the context of a file scheme
+ * URL should be allowed to access content from any origin
+ */
+ public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) {
+ assert mCanModifySettings;
+ if (mAllowUniversalAccessFromFileURLs != flag) {
+ mAllowUniversalAccessFromFileURLs = flag;
+ sendSyncMessage();
+ }
+ }
+
+ /**
+ * Sets whether JavaScript running in the context of a file scheme URL
+ * should be allowed to access content from other file scheme URLs. To
+ * enable the most restrictive, and therefore secure policy, this setting
+ * should be disabled. Note that the value of this setting is ignored if
+ * the value of {@link #getAllowUniversalAccessFromFileURLs} is true.
+ * <p>
+ * The default value is true for API level
+ * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
+ * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+ * and above.
+ *
+ * @param flag whether JavaScript running in the context of a file scheme
+ * URL should be allowed to access content from other file
+ * scheme URLs
+ */
+ public synchronized void setAllowFileAccessFromFileURLs(boolean flag) {
+ assert mCanModifySettings;
+ if (mAllowFileAccessFromFileURLs != flag) {
+ mAllowFileAccessFromFileURLs = flag;
+ sendSyncMessage();
+ }
+ }
+
+ /**
* Tell the WebView to load image resources automatically.
* @param flag True if the WebView should load images automatically.
*/
@@ -553,6 +608,31 @@ public class ContentSettings {
}
/**
+ * Gets whether JavaScript running in the context of a file scheme URL can
+ * access content from any origin. This includes access to content from
+ * other file scheme URLs.
+ *
+ * @return whether JavaScript running in the context of a file scheme URL
+ * can access content from any origin
+ * @see #setAllowUniversalAccessFromFileURLs
+ */
+ public synchronized boolean getAllowUniversalAccessFromFileURLs() {
+ return mAllowUniversalAccessFromFileURLs;
+ }
+
+ /**
+ * Gets whether JavaScript running in the context of a file scheme URL can
+ * access content from other file scheme URLs.
+ *
+ * @return whether JavaScript running in the context of a file scheme URL
+ * can access content from other file scheme URLs
+ * @see #setAllowFileAccessFromFileURLs
+ */
+ public synchronized boolean getAllowFileAccessFromFileURLs() {
+ return mAllowFileAccessFromFileURLs;
+ }
+
+ /**
* Tell the WebView to enable plugins.
* @param flag True if the WebView should load plugins.
* @deprecated This method has been deprecated in favor of
diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
index ebdadbf..b6bc008 100644
--- a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
@@ -245,7 +245,7 @@ public class ContentViewCore implements MotionEventDelegate {
mAccessibilityInjector = AccessibilityInjector.newInstance(this);
mAccessibilityInjector.addOrRemoveAccessibilityApisIfNecessary();
- initialize(context, nativeWebContents, personality);
+ initialize(context, nativeWebContents, personality, false);
}
/**
@@ -263,12 +263,14 @@ public class ContentViewCore implements MotionEventDelegate {
}
// TODO(jrg): incomplete; upstream the rest of this method.
- private void initialize(Context context, int nativeWebContents, int personality) {
+ private void initialize(Context context, int nativeWebContents, int personality,
+ boolean isAccessFromFileURLsGrantedByDefault) {
mNativeContentViewCore = nativeInit(nativeWebContents);
mCleanupReference = new CleanupReference(this, new DestroyRunnable(mNativeContentViewCore));
mPersonality = personality;
- mContentSettings = new ContentSettings(this, mNativeContentViewCore);
+ mContentSettings = new ContentSettings(
+ this, mNativeContentViewCore, isAccessFromFileURLsGrantedByDefault);
mContainerView.setFocusable(true);
mContainerView.setFocusableInTouchMode(true);
if (mContainerView.getScrollBarStyle() == View.SCROLLBARS_INSIDE_OVERLAY) {