Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3085)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/guest_view/web_view/web_view_guest.cc

Issue 1234403005: Don't refer browser-initiated navigations to web-safe URLs to delegate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Improve comments. Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/apps/guest_view/web_view_browsertest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/guest_view/web_view/web_view_guest.cc
diff --git a/extensions/browser/guest_view/web_view/web_view_guest.cc b/extensions/browser/guest_view/web_view/web_view_guest.cc
index 1ee9252e392997ae23c48fd33d4073ef38bcbff1..661defb5e4287595e21bea7cfe731d584f39e1c6 100644
--- a/extensions/browser/guest_view/web_view/web_view_guest.cc
+++ b/extensions/browser/guest_view/web_view/web_view_guest.cc
@@ -1213,17 +1213,18 @@ void WebViewGuest::AddNewContents(content::WebContents* source,
content::WebContents* WebViewGuest::OpenURLFromTab(
content::WebContents* source,
const content::OpenURLParams& params) {
- // There are two use cases to consider from a security perspective:
- // 1.) Renderer-initiated navigation to chrome:// must always be blocked even
- // if the <webview> is in WebUI. This is handled by
- // WebViewGuest::LoadURLWithParams. WebViewGuest::NavigateGuest will also
- // call LoadURLWithParams. CreateNewGuestWebViewWindow creates a new
- // WebViewGuest which will call NavigateGuest in DidInitialize.
- // 2.) The Language Settings context menu item should always work, both in
- // Chrome Apps and WebUI. This is a browser initiated request and so
- // we pass it along to the embedder's WebContentsDelegate to get the
- // browser to perform the action for the <webview>.
- if (!params.is_renderer_initiated) {
+ // Most navigations should be handled by WebViewGuest::LoadURLWithParams,
+ // which takes care of blocking chrome:// URLs and other web-unsafe schemes.
+ // (NavigateGuest and CreateNewGuestWebViewWindow also go through
+ // LoadURLWithParams.)
+ //
+ // We make an exception here for context menu items, since the Language
+ // Settings item uses a browser-initiated navigation to a chrome:// URL.
+ // These can be passed to the embedder's WebContentsDelegate so that the
+ // browser performs the action for the <webview>.
+ if (!params.is_renderer_initiated &&
+ !content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme(
+ params.url.scheme())) {
if (!owner_web_contents()->GetDelegate())
return nullptr;
return owner_web_contents()->GetDelegate()->OpenURLFromTab(
« no previous file with comments | « chrome/browser/apps/guest_view/web_view_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698