Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(371)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/renderer_host/render_view_host_impl.cc

Issue 9794009: Use about:blank as the failback URL if the filter denies a navigation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.h ('k') | content/browser/renderer_host/render_view_host_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/renderer_host/render_view_host_impl.cc
===================================================================
--- content/browser/renderer_host/render_view_host_impl.cc (revision 127913)
+++ content/browser/renderer_host/render_view_host_impl.cc (working copy)
@@ -495,7 +495,7 @@
// The URL could have been cobbled together from any highlighted text string,
// and can't be interpreted as a capability.
WebDropData filtered_data(drop_data);
- FilterURL(policy, renderer_id, &filtered_data.url);
+ FilterURL(policy, renderer_id, false, &filtered_data.url);
// The filenames vector, on the other hand, does represent a capability to
// access the given files.
@@ -1039,15 +1039,15 @@
// renderer to load the URL and grant the renderer the privileges to request
// the URL. To prevent this attack, we block the renderer from inserting
// banned URLs into the navigation controller in the first place.
- FilterURL(policy, renderer_id, &validated_params.url);
- FilterURL(policy, renderer_id, &validated_params.referrer.url);
+ FilterURL(policy, renderer_id, false, &validated_params.url);
+ FilterURL(policy, renderer_id, true, &validated_params.referrer.url);
for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
it != validated_params.redirects.end(); ++it) {
- FilterURL(policy, renderer_id, &(*it));
+ FilterURL(policy, renderer_id, false, &(*it));
}
- FilterURL(policy, renderer_id, &validated_params.searchable_form_url);
- FilterURL(policy, renderer_id, &validated_params.password_form.origin);
- FilterURL(policy, renderer_id, &validated_params.password_form.action);
+ FilterURL(policy, renderer_id, true, &validated_params.searchable_form_url);
+ FilterURL(policy, renderer_id, true, &validated_params.password_form.origin);
+ FilterURL(policy, renderer_id, true, &validated_params.password_form.action);
delegate_->DidNavigate(this, validated_params);
}
@@ -1139,10 +1139,10 @@
// We don't validate |unfiltered_link_url| so that this field can be used
// when users want to copy the original link URL.
- FilterURL(policy, renderer_id, &validated_params.link_url);
- FilterURL(policy, renderer_id, &validated_params.src_url);
- FilterURL(policy, renderer_id, &validated_params.page_url);
- FilterURL(policy, renderer_id, &validated_params.frame_url);
+ FilterURL(policy, renderer_id, true, &validated_params.link_url);
+ FilterURL(policy, renderer_id, true, &validated_params.src_url);
+ FilterURL(policy, renderer_id, false, &validated_params.page_url);
+ FilterURL(policy, renderer_id, true, &validated_params.frame_url);
view->ShowContextMenu(validated_params);
}
@@ -1159,7 +1159,7 @@
int64 source_frame_id) {
GURL validated_url(url);
FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(),
- GetProcess()->GetID(), &validated_url);
+ GetProcess()->GetID(), false, &validated_url);
delegate_->RequestOpenURL(
validated_url, referrer, disposition, source_frame_id);
@@ -1244,8 +1244,8 @@
// Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar.
if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme))
- FilterURL(policy, GetProcess()->GetID(), &filtered_data.url);
- FilterURL(policy, GetProcess()->GetID(), &filtered_data.html_base_url);
+ FilterURL(policy, GetProcess()->GetID(), false, &filtered_data.url);
+ FilterURL(policy, GetProcess()->GetID(), false, &filtered_data.html_base_url);
view->StartDragging(filtered_data, drag_operations_mask, image, image_offset);
}
@@ -1448,10 +1448,20 @@
void RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl* policy,
int renderer_id,
+ bool empty_allowed,
GURL* url) {
- if (!url->is_valid())
- return; // We don't need to block invalid URLs.
+ if (empty_allowed && url->is_empty())
+ return;
+ if (!url->is_valid()) {
+ // Have to use about:blank for the denied case, instead of an empty GURL.
+ // This is because the browser treats navigation to an empty GURL as a
+ // navigation to the home page. This is often a privileged page
+ // (chrome://newtab/) which is exactly what we don't want.
+ *url = GURL(chrome::kAboutBlankURL);
+ return;
+ }
+
if (url->SchemeIs(chrome::kAboutScheme)) {
// The renderer treats all URLs in the about: scheme as being about:blank.
// Canonicalize about: URLs to about:blank.
@@ -1463,7 +1473,7 @@
// URL. This prevents us from storing the blocked URL and becoming confused
// later.
VLOG(1) << "Blocked URL " << url->spec();
- *url = GURL();
+ *url = GURL(chrome::kAboutBlankURL);
}
}
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.h ('k') | content/browser/renderer_host/render_view_host_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698