diff options
| author | palmer <palmer@chromium.org> | 2016-02-03 15:21:36 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-02-03 23:22:25 +0000 |
| commit | 5c437bcc7a51edbef45242c5173cf7871fde2866 (patch) | |
| tree | cff6102f961c969435e9698cb821715f69ca64b2 /extensions/browser/guest_view | |
| parent | a2280cd27bd434f6033d3ab0c70886c06e3882b0 (diff) | |
| download | chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.zip chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.gz chromium_src-5c437bcc7a51edbef45242c5173cf7871fde2866.tar.bz2 | |
Make extensions use a correct same-origin check.
GURL::GetOrigin does not do the right thing for all types of URLs.
BUG=573317
Review URL: https://codereview.chromium.org/1658913002
Cr-Commit-Position: refs/heads/master@{#373381}
Diffstat (limited to 'extensions/browser/guest_view')
| -rw-r--r-- | extensions/browser/guest_view/extension_options/extension_options_guest.cc | 2 | ||||
| -rw-r--r-- | extensions/browser/guest_view/extension_view/extension_view_guest.cc | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/extensions/browser/guest_view/extension_options/extension_options_guest.cc b/extensions/browser/guest_view/extension_options/extension_options_guest.cc index 9f3c07a..a3d8c7c 100644 --- a/extensions/browser/guest_view/extension_options/extension_options_guest.cc +++ b/extensions/browser/guest_view/extension_options/extension_options_guest.cc @@ -231,7 +231,7 @@ void ExtensionOptionsGuest::DidNavigateMainFrame( ui_zoom::ZoomController::ZOOM_MODE_ISOLATED); SetGuestZoomLevelToMatchEmbedder(); - if (params.url.GetOrigin() != options_page_.GetOrigin()) { + if (!url::IsSameOriginWith(params.url, options_page_)) { bad_message::ReceivedBadMessage(web_contents()->GetRenderProcessHost(), bad_message::EOG_BAD_ORIGIN); } diff --git a/extensions/browser/guest_view/extension_view/extension_view_guest.cc b/extensions/browser/guest_view/extension_view/extension_view_guest.cc index cb2f60e..64dc571 100644 --- a/extensions/browser/guest_view/extension_view/extension_view_guest.cc +++ b/extensions/browser/guest_view/extension_view/extension_view_guest.cc @@ -17,6 +17,7 @@ #include "extensions/common/constants.h" #include "extensions/common/extension_messages.h" #include "extensions/strings/grit/extensions_strings.h" +#include "url/origin.h" using content::WebContents; using guest_view::GuestViewBase; @@ -45,8 +46,8 @@ bool ExtensionViewGuest::NavigateGuest(const std::string& src, // If the URL is not valid, about:blank, or the same origin as the extension, // then navigate to about:blank. - bool url_not_allowed = (url != GURL(url::kAboutBlankURL)) && - (url.GetOrigin() != extension_url_.GetOrigin()); + bool url_not_allowed = url != GURL(url::kAboutBlankURL) && + !url::IsSameOriginWith(url, extension_url_); if (!url.is_valid() || url_not_allowed) return NavigateGuest(url::kAboutBlankURL, true /* force_navigation */); @@ -135,7 +136,7 @@ void ExtensionViewGuest::DidCommitProvisionalLoadForFrame( void ExtensionViewGuest::DidNavigateMainFrame( const content::LoadCommittedDetails& details, const content::FrameNavigateParams& params) { - if (attached() && (params.url.GetOrigin() != url_.GetOrigin())) { + if (attached() && !url::IsSameOriginWith(params.url, url_)) { bad_message::ReceivedBadMessage(web_contents()->GetRenderProcessHost(), bad_message::EVG_BAD_ORIGIN); } |