summaryrefslogtreecommitdiffstats
path: root/chrome/browser/child_process_security_policy.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chrome/browser/child_process_security_policy.cc')
-rw-r--r--chrome/browser/child_process_security_policy.cc10
1 files changed, 8 insertions, 2 deletions
diff --git a/chrome/browser/child_process_security_policy.cc b/chrome/browser/child_process_security_policy.cc
index 635e0cf..7f28d31 100644
--- a/chrome/browser/child_process_security_policy.cc
+++ b/chrome/browser/child_process_security_policy.cc
@@ -302,8 +302,14 @@ bool ChildProcessSecurityPolicy::CanRequestURL(
if (url.SchemeIs(chrome::kViewSourceScheme) ||
url.SchemeIs(chrome::kPrintScheme)) {
// View-source and print URL's are allowed if the renderer is permitted
- // to request the embedded URL.
- return CanRequestURL(renderer_id, GURL(url.path()));
+ // to request the embedded URL. Careful to avoid pointless recursion.
+ GURL child_url(url.path());
+ if (child_url.SchemeIs(chrome::kPrintScheme) ||
+ (child_url.SchemeIs(chrome::kViewSourceScheme) &&
+ url.SchemeIs(chrome::kViewSourceScheme)))
+ return false;
+
+ return CanRequestURL(renderer_id, child_url);
}
if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL))
generated by cgit v1.1 at 2025-02-02 21:39:25 +0000