From 7ce979a79bb891f2f7e6411a7dcbd473522ad398 Mon Sep 17 00:00:00 2001 From: "amit@chromium.org" Date: Thu, 29 Oct 2009 02:07:45 +0000 Subject: Additional layer of protection to disable funky URLs through view-source in chrome frame BUG=26129 TEST=cf:view-source:javascript:alert('foo') should not work in chrome frame. Review URL: http://codereview.chromium.org/348006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30417 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome_frame/utils.cc | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'chrome_frame/utils.cc') diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc index 746a260..36200ae 100644 --- a/chrome_frame/utils.cc +++ b/chrome_frame/utils.cc @@ -14,6 +14,7 @@ #include "base/registry.h" #include "base/scoped_comptr_win.h" #include "base/string_util.h" +#include "chrome/common/url_constants.h" #include "googleurl/src/gurl.h" #include "grit/chrome_frame_resources.h" #include "chrome_frame/resource.h" @@ -534,11 +535,23 @@ bool IsValidUrlScheme(const std::wstring& url, bool is_privileged) { GURL crack_url(url); - if (crack_url.SchemeIs("http") || crack_url.SchemeIs("https") || - crack_url.SchemeIs("about") || crack_url.SchemeIs("view-source")) + if (crack_url.SchemeIs(chrome::kHttpScheme) || + crack_url.SchemeIs(chrome::kHttpsScheme) || + crack_url.SchemeIs(chrome::kAboutScheme)) return true; - if (is_privileged && crack_url.SchemeIs("chrome-extension")) + // Additional checking for view-source. Allow only http and https + // URLs in view source. + if (crack_url.SchemeIs(chrome::kViewSourceScheme)) { + GURL sub_url(crack_url.path()); + if (sub_url.SchemeIs(chrome::kHttpScheme) || + sub_url.SchemeIs(chrome::kHttpsScheme)) + return true; + else + return false; + } + + if (is_privileged && crack_url.SchemeIs(chrome::kExtensionScheme)) return true; if (StartsWith(url, kChromeAttachExternalTabPrefix, false)) -- cgit v1.1