diff options
| -rw-r--r-- | chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc | 7 | ||||
| -rw-r--r-- | content/browser/webui/web_ui_impl.cc | 13 |
2 files changed, 13 insertions, 7 deletions
diff --git a/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc b/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc index 9e2f07b..e538810 100644 --- a/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc +++ b/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc @@ -236,12 +236,7 @@ WebUIFactoryFunction GetWebUIFactoryFunction(WebUI* web_ui, if (url.host() == chrome::kChromeUIPrintHost && !g_browser_process->local_state()->GetBoolean( prefs::kPrintPreviewDisabled)) { - printing::PrintPreviewTabController* controller = - printing::PrintPreviewTabController::GetInstance(); - bool valid = controller && controller->is_creating_print_preview_tab(); - - if (valid) - return &NewWebUI<PrintPreviewUI>; + return &NewWebUI<PrintPreviewUI>; } // Android does not support plugins for now. if (url.host() == chrome::kChromeUIPluginsHost) diff --git a/content/browser/webui/web_ui_impl.cc b/content/browser/webui/web_ui_impl.cc index 43f8086..493bb31 100644 --- a/content/browser/webui/web_ui_impl.cc +++ b/content/browser/webui/web_ui_impl.cc @@ -13,10 +13,14 @@ #include "content/browser/renderer_host/render_view_host_impl.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/common/view_messages.h" +#include "content/public/browser/content_browser_client.h" +#include "content/public/browser/web_contents_delegate.h" #include "content/public/browser/web_contents_view.h" #include "content/public/browser/web_ui_controller.h" +#include "content/public/browser/web_ui_controller_factory.h" #include "content/public/browser/web_ui_message_handler.h" #include "content/public/common/bindings_policy.h" +#include "content/public/common/content_client.h" #include "ui/base/layout.h" using content::RenderViewHostImpl; @@ -78,8 +82,15 @@ bool WebUIImpl::OnMessageReceived(const IPC::Message& message) { void WebUIImpl::OnWebUISend(const GURL& source_url, const std::string& message, const ListValue& args) { + bool data_urls_allowed = + web_contents_->GetDelegate()->CanLoadDataURLsInWebUI(); + content::WebUIControllerFactory* factory = + content::GetContentClient()->browser()->GetWebUIControllerFactory(); if (!ChildProcessSecurityPolicyImpl::GetInstance()-> - HasWebUIBindings(web_contents_->GetRenderProcessHost()->GetID())) { + HasWebUIBindings(web_contents_->GetRenderProcessHost()->GetID()) || + !factory->IsURLAcceptableForWebUI(web_contents_->GetBrowserContext(), + source_url, + data_urls_allowed)) { NOTREACHED() << "Blocked unauthorized use of WebUIBindings."; return; } |