Chromium Code Reviews Chromium Code Reviews
Issue 9958107:
Limiting the "Cookies and site data" form to "web safe" schemes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/browsing_data_local_storage_helper.h" | 5 #include "chrome/browser/browsing_data_local_storage_helper.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| 11 #include "base/utf_string_conversions.h" | 11 #include "base/utf_string_conversions.h" |
| 12 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
| 13 #include "content/public/browser/browser_thread.h" | 13 #include "content/public/browser/browser_thread.h" |
| 14 #include "content/public/browser/child_process_security_policy.h" | |
| 14 #include "content/public/browser/dom_storage_context.h" | 15 #include "content/public/browser/dom_storage_context.h" |
| 16 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" | |
|
jochen (gone - plz use gerrit)
2012/04/03 09:41:21
W > p
Mike West
2012/04/03 14:45:51
Done.
| |
| 15 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebCString.h " | 17 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebCString.h " |
| 16 #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" | |
| 17 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebString.h" | 18 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebString.h" |
| 18 #include "webkit/glue/webkit_glue.h" | 19 #include "webkit/glue/webkit_glue.h" |
| 19 | 20 |
| 20 using content::BrowserContext; | 21 using content::BrowserContext; |
| 21 using content::BrowserThread; | 22 using content::BrowserThread; |
| 22 using content::DOMStorageContext; | 23 using content::DOMStorageContext; |
| 23 using WebKit::WebSecurityOrigin; | 24 using WebKit::WebSecurityOrigin; |
| 24 | 25 |
| 25 BrowsingDataLocalStorageHelper::LocalStorageInfo::LocalStorageInfo() | 26 BrowsingDataLocalStorageHelper::LocalStorageInfo::LocalStorageInfo() |
| 26 : port(0), | 27 : port(0), |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 89 BrowserThread::FILE, | 90 BrowserThread::FILE, |
| 90 FROM_HERE, | 91 FROM_HERE, |
| 91 base::Bind( | 92 base::Bind( |
| 92 &BrowsingDataLocalStorageHelper::FetchLocalStorageInfo, | 93 &BrowsingDataLocalStorageHelper::FetchLocalStorageInfo, |
| 93 this, files)); | 94 this, files)); |
| 94 } | 95 } |
| 95 | 96 |
| 96 void BrowsingDataLocalStorageHelper::FetchLocalStorageInfo( | 97 void BrowsingDataLocalStorageHelper::FetchLocalStorageInfo( |
| 97 const std::vector<FilePath>& files) { | 98 const std::vector<FilePath>& files) { |
| 98 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 99 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| 100 content::ChildProcessSecurityPolicy* policy = | |
| 101 content::ChildProcessSecurityPolicy::GetInstance(); | |
| 99 for (size_t i = 0; i < files.size(); ++i) { | 102 for (size_t i = 0; i < files.size(); ++i) { |
| 100 FilePath file_path = files[i]; | 103 FilePath file_path = files[i]; |
| 101 WebSecurityOrigin web_security_origin = | 104 WebSecurityOrigin web_security_origin = |
| 102 WebSecurityOrigin::createFromDatabaseIdentifier( | 105 WebSecurityOrigin::createFromDatabaseIdentifier( |
| 103 webkit_glue::FilePathToWebString(file_path.BaseName())); | 106 webkit_glue::FilePathToWebString(file_path.BaseName())); |
| 104 if (EqualsASCII(web_security_origin.protocol(), chrome::kExtensionScheme)) { | 107 if (!policy->IsWebSafeScheme(UTF16ToUTF8(web_security_origin.protocol()))) |
| 105 // Extension state is not considered browsing data. | 108 continue; // Non-websafe state is not considered browsing data. |
| 106 continue; | 109 |
| 107 } | |
| 108 base::PlatformFileInfo file_info; | 110 base::PlatformFileInfo file_info; |
| 109 bool ret = file_util::GetFileInfo(file_path, &file_info); | 111 bool ret = file_util::GetFileInfo(file_path, &file_info); |
| 110 if (ret) { | 112 if (ret) { |
| 111 local_storage_info_.push_back(LocalStorageInfo( | 113 local_storage_info_.push_back(LocalStorageInfo( |
| 112 web_security_origin.protocol().utf8(), | 114 web_security_origin.protocol().utf8(), |
| 113 web_security_origin.host().utf8(), | 115 web_security_origin.host().utf8(), |
| 114 web_security_origin.port(), | 116 web_security_origin.port(), |
| 115 web_security_origin.databaseIdentifier().utf8(), | 117 web_security_origin.databaseIdentifier().utf8(), |
| 116 web_security_origin.toString().utf8(), | 118 web_security_origin.toString().utf8(), |
| 117 file_path, | 119 file_path, |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 151 CannedBrowsingDataLocalStorageHelper* clone = | 153 CannedBrowsingDataLocalStorageHelper* clone = |
| 152 new CannedBrowsingDataLocalStorageHelper(profile_); | 154 new CannedBrowsingDataLocalStorageHelper(profile_); |
| 153 | 155 |
| 154 clone->pending_local_storage_info_ = pending_local_storage_info_; | 156 clone->pending_local_storage_info_ = pending_local_storage_info_; |
| 155 clone->local_storage_info_ = local_storage_info_; | 157 clone->local_storage_info_ = local_storage_info_; |
| 156 return clone; | 158 return clone; |
| 157 } | 159 } |
| 158 | 160 |
| 159 void CannedBrowsingDataLocalStorageHelper::AddLocalStorage( | 161 void CannedBrowsingDataLocalStorageHelper::AddLocalStorage( |
| 160 const GURL& origin) { | 162 const GURL& origin) { |
| 161 pending_local_storage_info_.insert(origin); | 163 pending_local_storage_info_.insert(origin); |
|
jochen (gone - plz use gerrit)
2012/04/03 09:41:21
why no check here?
Mike West
2012/04/03 14:45:51
Because I didn't see it. You'll note also the lack
| |
| 162 } | 164 } |
| 163 | 165 |
| 164 void CannedBrowsingDataLocalStorageHelper::Reset() { | 166 void CannedBrowsingDataLocalStorageHelper::Reset() { |
| 165 local_storage_info_.clear(); | 167 local_storage_info_.clear(); |
| 166 pending_local_storage_info_.clear(); | 168 pending_local_storage_info_.clear(); |
| 167 } | 169 } |
| 168 | 170 |
| 169 bool CannedBrowsingDataLocalStorageHelper::empty() const { | 171 bool CannedBrowsingDataLocalStorageHelper::empty() const { |
| 170 return local_storage_info_.empty() && pending_local_storage_info_.empty(); | 172 return local_storage_info_.empty() && pending_local_storage_info_.empty(); |
| 171 } | 173 } |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 219 0, | 221 0, |
| 220 base::Time())); | 222 base::Time())); |
| 221 } | 223 } |
| 222 pending_local_storage_info_.clear(); | 224 pending_local_storage_info_.clear(); |
| 223 | 225 |
| 224 BrowserThread::PostTask( | 226 BrowserThread::PostTask( |
| 225 BrowserThread::UI, FROM_HERE, | 227 BrowserThread::UI, FROM_HERE, |
| 226 base::Bind(&CannedBrowsingDataLocalStorageHelper::NotifyInUIThread, | 228 base::Bind(&CannedBrowsingDataLocalStorageHelper::NotifyInUIThread, |
| 227 this)); | 229 this)); |
| 228 } | 230 } |
| OLD | NEW |
