From bfd71682e47a39846f92618c223d894d4673d6c1 Mon Sep 17 00:00:00 2001
From: "cevans@chromium.org"
 <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 17 Jan 2013 20:43:31 +0000
Subject: Merge 177351 > Validate the target URL when opening new windows. > >
 BUG=170532 > Review URL: https://codereview.chromium.org/11961028

TBR=cevans@chromium.org
Review URL: https://codereview.chromium.org/12010002

git-svn-id: svn://svn.chromium.org/chrome/branches/1364/src@177471 0039d316-1c4b-4281-b951-d872f2087c98
---
 content/browser/renderer_host/render_view_host_impl.cc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'content')

diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
index b49410c..1c8ed65 100644
--- a/content/browser/renderer_host/render_view_host_impl.cc
+++ b/content/browser/renderer_host/render_view_host_impl.cc
@@ -1084,7 +1084,14 @@ void RenderViewHostImpl::CreateNewWindow(
     int route_id,
     const ViewHostMsg_CreateWindow_Params& params,
     SessionStorageNamespace* session_storage_namespace) {
-  delegate_->CreateNewWindow(route_id, params, session_storage_namespace);
+  ViewHostMsg_CreateWindow_Params validated_params(params);
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
+  // TODO(cevans): also validate opener_url, opener_security_origin.
+  FilterURL(policy, GetProcess(), false, &validated_params.target_url);
+
+  delegate_->CreateNewWindow(route_id, validated_params,
+                             session_storage_namespace);
 }
 
 void RenderViewHostImpl::CreateNewWidget(int route_id,
-- 
cgit v1.1