diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-07-07 14:20:12 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-10-04 10:20:42 +0200 |
| commit | 0dd2d10a36785f980514e42bf9e57a326c644f2c (patch) | |
| tree | 85a7f1df873b596aca0caf0a41fb45a1f7895dc1 | |
| parent | 637c18ef50b892a1b01e7b02fac9471ee6d72d23 (diff) | |
| download | qtwebengine-chromium-0dd2d10a36785f980514e42bf9e57a326c644f2c.tar.gz | |
Fix data fragment navigation
Allow same page navigations since they aren't real navigations anyway.
Change-Id: I9809f6fb8534d00a2725231a8f108591e88b81ad
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
| -rw-r--r-- | chromium/third_party/blink/renderer/core/loader/frame_loader.cc | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/chromium/third_party/blink/renderer/core/loader/frame_loader.cc b/chromium/third_party/blink/renderer/core/loader/frame_loader.cc index b483cd48912..c54c5dea098 100644 --- a/chromium/third_party/blink/renderer/core/loader/frame_loader.cc +++ b/chromium/third_party/blink/renderer/core/loader/frame_loader.cc @@ -614,30 +614,6 @@ void FrameLoader::StartNavigation(FrameLoadRequest& request, if (!AllowRequestForThisFrame(request)) return; - // Block renderer-initiated loads of data: and filesystem: URLs in the top - // frame (unless they are reload requests). - // - // If the mime type of the data URL is supported, the URL will - // eventually be rendered, so block it here. Otherwise, the load might be - // handled by a plugin or end up as a download, so allow it to let the - // embedder figure out what to do with it. Navigations to filesystem URLs are - // always blocked here. - if (frame_->IsMainFrame() && origin_window && - request.ClientRedirectReason() != ClientNavigationReason::kReload && - !frame_->Client()->AllowContentInitiatedDataUrlNavigations( - origin_window->Url()) && - (url.ProtocolIs("filesystem") || - (url.ProtocolIsData() && - network_utils::IsDataURLMimeTypeSupported(url)))) { - frame_->GetDocument()->AddConsoleMessage( - MakeGarbageCollected<ConsoleMessage>( - mojom::ConsoleMessageSource::kSecurity, - mojom::ConsoleMessageLevel::kError, - "Not allowed to navigate top frame to " + url.Protocol() + - " URL: " + url.ElidedString())); - return; - } - // TODO(dgozman): merge page dismissal check and FrameNavigationDisabler. if (!frame_->IsNavigationAllowed() || frame_->GetDocument()->PageDismissalEventBeingDispatched() != @@ -666,6 +642,30 @@ void FrameLoader::StartNavigation(FrameLoadRequest& request, return; } + // Block renderer-initiated loads of data: and filesystem: URLs in the top + // frame (unless they are reload requests). + // + // If the mime type of the data URL is supported, the URL will + // eventually be rendered, so block it here. Otherwise, the load might be + // handled by a plugin or end up as a download, so allow it to let the + // embedder figure out what to do with it. Navigations to filesystem URLs are + // always blocked here. + if (frame_->IsMainFrame() && origin_window && + request.ClientRedirectReason() != ClientNavigationReason::kReload && + !frame_->Client()->AllowContentInitiatedDataUrlNavigations( + origin_window->Url()) && + (url.ProtocolIs("filesystem") || + (url.ProtocolIsData() && + network_utils::IsDataURLMimeTypeSupported(url)))) { + frame_->GetDocument()->AddConsoleMessage( + MakeGarbageCollected<ConsoleMessage>( + mojom::ConsoleMessageSource::kSecurity, + mojom::ConsoleMessageLevel::kError, + "Not allowed to navigate top frame to " + url.Protocol() + + " URL: " + url.ElidedString())); + return; + } + if (auto* app_history = AppHistory::appHistory(*frame_->DomWindow())) { if (request.GetNavigationPolicy() == kNavigationPolicyCurrentTab) { if (!app_history->DispatchNavigateEvent( |