content/browser/renderer_host/render_view_host_impl.cc - Issue 10544175: Add an ability to call WebKit's WebFrame::loadData via NavigationController.

Side by Side Diff: content/browser/renderer_host/render_view_host_impl.cc

Issue 10544175: Add an ability to call WebKit's WebFrame::loadData via NavigationController. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Renamings for clarity Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/renderer_host/render_view_host_impl.h"	5 #include "content/browser/renderer_host/render_view_host_impl.h"

6	6

7 #include <set>	7 #include <set>

8 #include <string>	8 #include <string>

9 #include <utility>	9 #include <utility>

10 #include <vector>	10 #include <vector>

(...skipping 285 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
296	296

297 void RenderViewHostImpl::SyncRendererPrefs() {	297 void RenderViewHostImpl::SyncRendererPrefs() {

298 Send(new ViewMsg_SetRendererPrefs(GetRoutingID(),	298 Send(new ViewMsg_SetRendererPrefs(GetRoutingID(),

299 delegate_->GetRendererPrefs(	299 delegate_->GetRendererPrefs(

300 GetProcess()->GetBrowserContext())));	300 GetProcess()->GetBrowserContext())));

301 }	301 }

302	302

303 void RenderViewHostImpl::Navigate(const ViewMsg_Navigate_Params& params) {	303 void RenderViewHostImpl::Navigate(const ViewMsg_Navigate_Params& params) {

304 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(	304 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(

305 GetProcess()->GetID(), params.url);	305 GetProcess()->GetID(), params.url);

	306 if (!params.base_url_for_data_url.is_empty() &&

	307 params.url.SchemeIs(chrome::kDataScheme)) {

	308 // If 'data:' scheme is used, and we have a base url, grant access to

	309 // local files if baseUrl specifies a scheme other than 'http', 'https',

	310 // 'ftp', 'about' or 'javascript'.
	Charlie Reis 2012/07/03 17:54:37 This doesn't make sense to me. Why would we grant This doesn't make sense to me. Why would we grant access to file URLs if it doesn't match this list? What if additional schemes are added in the future? mnaganov (inactive) 2012/07/04 15:25:57 This is according to http://goo.gl/X8HOs. As the m Show quoted text On 2012/07/03 17:54:37, creis wrote: > This doesn't make sense to me. Why would we grant access to file URLs if it > doesn't match this list? What if additional schemes are added in the future? This is according to http://goo.gl/X8HOs. As the main URL uses the 'data:' scheme, client security policy forbids it from loading 'file:' URLs. I think the main use case for this is allowing to access 'file:' URLs when the base URL is also 'file:', although the documentation doesn't state this directly. Charlie Reis 2012/07/10 20:54:19 Hmm. This sounds like it's following the letter o Show quoted text On 2012/07/04 15:25:57, Mikhail Naganov (Chromium) wrote: > On 2012/07/03 17:54:37, creis wrote: > > This doesn't make sense to me. Why would we grant access to file URLs if it > > doesn't match this list? What if additional schemes are added in the future? > > This is according to http://goo.gl/X8HOs. As the main URL uses the 'data:' > scheme, client security policy forbids it from loading 'file:' URLs. I think the > main use case for this is allowing to access 'file:' URLs when the base URL is > also 'file:', although the documentation doesn't state this directly. Hmm. This sounds like it's following the letter of the law if not the spirit. Again, Chrome may support more schemes than Android's WebView, so this blacklist approach may grant file:// privileges more often than the doc writers meant to. I'd feel much more comfortable only granting file:// privileges if the base URL is file://. If that turns out to be a bug in a corner case, we can revisit it. mnaganov (inactive) 2012/07/23 14:02:29 I agree -- whitelisting allowed schemes is more se Show quoted text On 2012/07/10 20:54:19, creis wrote: > On 2012/07/04 15:25:57, Mikhail Naganov (Chromium) wrote: > > On 2012/07/03 17:54:37, creis wrote: > > > This doesn't make sense to me. Why would we grant access to file URLs if it > > > doesn't match this list? What if additional schemes are added in the > future? > > > > This is according to http://goo.gl/X8HOs. As the main URL uses the 'data:' > > scheme, client security policy forbids it from loading 'file:' URLs. I think > the > > main use case for this is allowing to access 'file:' URLs when the base URL is > > also 'file:', although the documentation doesn't state this directly. > > Hmm. This sounds like it's following the letter of the law if not the spirit. > Again, Chrome may support more schemes than Android's WebView, so this blacklist > approach may grant file:// privileges more often than the doc writers meant to. > I'd feel much more comfortable only granting file:// privileges if the base URL > is file://. If that turns out to be a bug in a corner case, we can revisit it. I agree -- whitelisting allowed schemes is more secure than blacklisting. I myself was surprised with the wording in the documentation.
	311 if (!params.base_url_for_data_url.SchemeIs(chrome::kHttpScheme) &&

	312 !params.base_url_for_data_url.SchemeIs(chrome::kHttpsScheme) &&

	313 !params.base_url_for_data_url.SchemeIs(chrome::kFtpScheme) &&

	314 !params.base_url_for_data_url.SchemeIs(chrome::kAboutScheme) &&

	315 !params.base_url_for_data_url.SchemeIs(chrome::kJavaScriptScheme)) {

	316 std::string file_url(chrome::kFileScheme);

	317 file_url += content::kStandardSchemeSeparator;

	318 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(

	319 GetProcess()->GetID(), GURL(file_url));

	320 }

	321 }

306	322

307 ViewMsg_Navigate* nav_message = new ViewMsg_Navigate(GetRoutingID(), params);	323 ViewMsg_Navigate* nav_message = new ViewMsg_Navigate(GetRoutingID(), params);

308	324

309 // Only send the message if we aren't suspended at the start of a cross-site	325 // Only send the message if we aren't suspended at the start of a cross-site

310 // request.	326 // request.

311 if (navigations_suspended_) {	327 if (navigations_suspended_) {

312 // Shouldn't be possible to have a second navigation while suspended, since	328 // Shouldn't be possible to have a second navigation while suspended, since

313 // navigations will only be suspended during a cross-site request. If a	329 // navigations will only be suspended during a cross-site request. If a

314 // second navigation occurs, WebContentsImpl will cancel this pending RVH	330 // second navigation occurs, WebContentsImpl will cancel this pending RVH

315 // create a new pending RVH.	331 // create a new pending RVH.

(...skipping 1530 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1846 // can cause navigations to be ignored in OnMsgNavigate.	1862 // can cause navigations to be ignored in OnMsgNavigate.

1847 is_waiting_for_beforeunload_ack_ = false;	1863 is_waiting_for_beforeunload_ack_ = false;

1848 is_waiting_for_unload_ack_ = false;	1864 is_waiting_for_unload_ack_ = false;

1849 }	1865 }

1850	1866

1851 void RenderViewHostImpl::ClearPowerSaveBlockers() {	1867 void RenderViewHostImpl::ClearPowerSaveBlockers() {

1852 STLDeleteValues(&power_save_blockers_);	1868 STLDeleteValues(&power_save_blockers_);

1853 }	1869 }

1854	1870

1855 } // namespace content	1871 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/browser/web_contents/navigation_controller_impl.h » ('j') | content/browser/web_contents/navigation_controller_impl.cc » ('J')