diff options
author | mnaganov@chromium.org <mnaganov@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-10 13:36:28 +0000 |
---|---|---|
committer | mnaganov@chromium.org <mnaganov@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-10 13:36:28 +0000 |
commit | 165e7f151d95fb61e3669fb252ef0612940d7d73 (patch) | |
tree | e6851c73fc032fd63e3cf055a0e5657a5848ba78 /content | |
parent | 69cffc89a60caa97b3a9f399ded14f4a937a96bb (diff) | |
download | chromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.zip chromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.tar.gz chromium_src-165e7f151d95fb61e3669fb252ef0612940d7d73.tar.bz2 |
[Android] Implement WebSettings APIs for FileURL resource access conrol
BUG=none
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10827274
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151025 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
3 files changed, 110 insertions, 4 deletions
diff --git a/content/browser/android/content_settings.cc b/content/browser/android/content_settings.cc index 5effd58..b023f2b 100644 --- a/content/browser/android/content_settings.cc +++ b/content/browser/android/content_settings.cc @@ -66,6 +66,10 @@ struct ContentSettings::FieldIds { GetFieldID(env, clazz, "mLoadsImagesAutomatically", "Z"); java_script_enabled = GetFieldID(env, clazz, "mJavaScriptEnabled", "Z"); + allow_universal_access_from_file_urls = + GetFieldID(env, clazz, "mAllowUniversalAccessFromFileURLs", "Z"); + allow_file_access_from_file_urls = + GetFieldID(env, clazz, "mAllowFileAccessFromFileURLs", "Z"); java_script_can_open_windows_automatically = GetFieldID(env, clazz, "mJavaScriptCanOpenWindowsAutomatically", "Z"); dom_storage_enabled = @@ -87,6 +91,8 @@ struct ContentSettings::FieldIds { jfieldID default_fixed_font_size; jfieldID load_images_automatically; jfieldID java_script_enabled; + jfieldID allow_universal_access_from_file_urls; + jfieldID allow_file_access_from_file_urls; jfieldID java_script_can_open_windows_automatically; jfieldID dom_storage_enabled; }; @@ -189,6 +195,18 @@ void ContentSettings::SyncFromNativeImpl() { env->SetBooleanField( obj, + field_ids_->allow_universal_access_from_file_urls, + prefs.allow_universal_access_from_file_urls); + CheckException(env); + + env->SetBooleanField( + obj, + field_ids_->allow_file_access_from_file_urls, + prefs.allow_file_access_from_file_urls); + CheckException(env); + + env->SetBooleanField( + obj, field_ids_->java_script_can_open_windows_automatically, prefs.javascript_can_open_windows_automatically); CheckException(env); @@ -272,6 +290,12 @@ void ContentSettings::SyncToNativeImpl() { prefs.javascript_enabled = env->GetBooleanField(obj, field_ids_->java_script_enabled); + prefs.allow_universal_access_from_file_urls = env->GetBooleanField( + obj, field_ids_->allow_universal_access_from_file_urls); + + prefs.allow_file_access_from_file_urls = env->GetBooleanField( + obj, field_ids_->allow_file_access_from_file_urls); + prefs.javascript_can_open_windows_automatically = env->GetBooleanField( obj, field_ids_->java_script_can_open_windows_automatically); diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java index 6ab2fee..90e4d8d 100644 --- a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java +++ b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java @@ -77,6 +77,8 @@ public class ContentSettings { private int mDefaultFixedFontSize = 13; private boolean mLoadsImagesAutomatically = true; private boolean mJavaScriptEnabled = false; + private boolean mAllowUniversalAccessFromFileURLs = false; + private boolean mAllowFileAccessFromFileURLs = false; private boolean mJavaScriptCanOpenWindowsAutomatically = false; private PluginState mPluginState = PluginState.OFF; private boolean mDomStorageEnabled = false; @@ -155,7 +157,8 @@ public class ContentSettings { * Package constructor to prevent clients from creating a new settings * instance. Must be called on the UI thread. */ - ContentSettings(ContentViewCore contentViewCore, int nativeContentView) { + ContentSettings(ContentViewCore contentViewCore, int nativeContentView, + boolean isAccessFromFileURLsGrantedByDefault) { ThreadUtils.assertOnUiThread(); mContentViewCore = contentViewCore; mCanModifySettings = mContentViewCore.isPersonalityView(); @@ -164,6 +167,11 @@ public class ContentSettings { mCleanupReference = new CleanupReference(this, new DestroyRunnable(mNativeContentSettings)); + if (isAccessFromFileURLsGrantedByDefault) { + mAllowUniversalAccessFromFileURLs = true; + mAllowFileAccessFromFileURLs = true; + } + mEventHandler = new EventHandler(); if (mCanModifySettings) { // PERSONALITY_VIEW @@ -523,6 +531,53 @@ public class ContentSettings { } /** + * Sets whether JavaScript running in the context of a file scheme URL + * should be allowed to access content from any origin. This includes + * access to content from other file scheme URLs. See + * {@link #setAllowFileAccessFromFileURLs}. To enable the most restrictive, + * and therefore secure policy, this setting should be disabled. + * <p> + * The default value is true for API level + * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below, + * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN} + * and above. + * + * @param flag whether JavaScript running in the context of a file scheme + * URL should be allowed to access content from any origin + */ + public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) { + assert mCanModifySettings; + if (mAllowUniversalAccessFromFileURLs != flag) { + mAllowUniversalAccessFromFileURLs = flag; + sendSyncMessage(); + } + } + + /** + * Sets whether JavaScript running in the context of a file scheme URL + * should be allowed to access content from other file scheme URLs. To + * enable the most restrictive, and therefore secure policy, this setting + * should be disabled. Note that the value of this setting is ignored if + * the value of {@link #getAllowUniversalAccessFromFileURLs} is true. + * <p> + * The default value is true for API level + * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below, + * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN} + * and above. + * + * @param flag whether JavaScript running in the context of a file scheme + * URL should be allowed to access content from other file + * scheme URLs + */ + public synchronized void setAllowFileAccessFromFileURLs(boolean flag) { + assert mCanModifySettings; + if (mAllowFileAccessFromFileURLs != flag) { + mAllowFileAccessFromFileURLs = flag; + sendSyncMessage(); + } + } + + /** * Tell the WebView to load image resources automatically. * @param flag True if the WebView should load images automatically. */ @@ -553,6 +608,31 @@ public class ContentSettings { } /** + * Gets whether JavaScript running in the context of a file scheme URL can + * access content from any origin. This includes access to content from + * other file scheme URLs. + * + * @return whether JavaScript running in the context of a file scheme URL + * can access content from any origin + * @see #setAllowUniversalAccessFromFileURLs + */ + public synchronized boolean getAllowUniversalAccessFromFileURLs() { + return mAllowUniversalAccessFromFileURLs; + } + + /** + * Gets whether JavaScript running in the context of a file scheme URL can + * access content from other file scheme URLs. + * + * @return whether JavaScript running in the context of a file scheme URL + * can access content from other file scheme URLs + * @see #setAllowFileAccessFromFileURLs + */ + public synchronized boolean getAllowFileAccessFromFileURLs() { + return mAllowFileAccessFromFileURLs; + } + + /** * Tell the WebView to enable plugins. * @param flag True if the WebView should load plugins. * @deprecated This method has been deprecated in favor of diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java index ebdadbf..b6bc008 100644 --- a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java +++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java @@ -245,7 +245,7 @@ public class ContentViewCore implements MotionEventDelegate { mAccessibilityInjector = AccessibilityInjector.newInstance(this); mAccessibilityInjector.addOrRemoveAccessibilityApisIfNecessary(); - initialize(context, nativeWebContents, personality); + initialize(context, nativeWebContents, personality, false); } /** @@ -263,12 +263,14 @@ public class ContentViewCore implements MotionEventDelegate { } // TODO(jrg): incomplete; upstream the rest of this method. - private void initialize(Context context, int nativeWebContents, int personality) { + private void initialize(Context context, int nativeWebContents, int personality, + boolean isAccessFromFileURLsGrantedByDefault) { mNativeContentViewCore = nativeInit(nativeWebContents); mCleanupReference = new CleanupReference(this, new DestroyRunnable(mNativeContentViewCore)); mPersonality = personality; - mContentSettings = new ContentSettings(this, mNativeContentViewCore); + mContentSettings = new ContentSettings( + this, mNativeContentViewCore, isAccessFromFileURLsGrantedByDefault); mContainerView.setFocusable(true); mContainerView.setFocusableInTouchMode(true); if (mContainerView.getScrollBarStyle() == View.SCROLLBARS_INSIDE_OVERLAY) { |