diff options
author | ningxin.hu <ningxin.hu@intel.com> | 2015-01-26 01:10:57 -0800 |
---|---|---|
committer | Torne (Richard Coles) <torne@google.com> | 2015-01-28 17:17:10 +0000 |
commit | cebcd4cfff375dbdae8cf55d6148cf3dddd127d1 (patch) | |
tree | 3a06302c69710613cf0580bbe4db5cf5013aeb37 | |
parent | 86ae9e78f67cc23d71b432d4fadab78889e9b837 (diff) | |
download | chromium_org-cebcd4cfff375dbdae8cf55d6148cf3dddd127d1.tar.gz |
Cherrypick "Allow universal access from file if flag is set and url is file scheme."
Fixes a crash when WebView apps which have enabled
WebSettings.setAllowUniversalFileAccessFromFiles(true) try to call JS
history functions with URLs that are from a non-file:// origin, which is
used by some Cordova apps.
> BUG=449075
> TEST=content_unittests --gtest_filter=NavigationControllerTest.IsInPageNavigation
>
> Review URL: https://codereview.chromium.org/855883002
>
> Cr-Commit-Position: refs/heads/master@{#313051}
Bug: 19173646
-rw-r--r-- | content/browser/frame_host/navigation_controller_impl.cc | 4 | ||||
-rw-r--r-- | content/browser/frame_host/navigation_controller_impl_unittest.cc | 30 |
2 files changed, 31 insertions, 3 deletions
diff --git a/content/browser/frame_host/navigation_controller_impl.cc b/content/browser/frame_host/navigation_controller_impl.cc index 4be5a3ce4a..3f13f31df2 100644 --- a/content/browser/frame_host/navigation_controller_impl.cc +++ b/content/browser/frame_host/navigation_controller_impl.cc @@ -129,7 +129,9 @@ bool AreURLsInPageNavigation(const GURL& existing_url, // for now. existing_url == GURL(url::kAboutBlankURL) || existing_url.GetOrigin() == new_url.GetOrigin() || - !prefs.web_security_enabled; + !prefs.web_security_enabled || + (prefs.allow_universal_access_from_file_urls && + existing_url.SchemeIs(url::kFileScheme)); if (!is_same_origin && renderer_says_in_page) rfh->GetProcess()->ReceivedBadMessage(); return is_same_origin && renderer_says_in_page; diff --git a/content/browser/frame_host/navigation_controller_impl_unittest.cc b/content/browser/frame_host/navigation_controller_impl_unittest.cc index 8961f43f47..1198920422 100644 --- a/content/browser/frame_host/navigation_controller_impl_unittest.cc +++ b/content/browser/frame_host/navigation_controller_impl_unittest.cc @@ -3138,15 +3138,41 @@ TEST_F(NavigationControllerTest, IsInPageNavigation) { EXPECT_TRUE(controller.IsURLInPageNavigation(other_url, true, main_test_rfh())); - // Don't believe the renderer if it claims a cross-origin navigation is - // in-page. + // Test allow_universal_access_from_file_urls flag. const GURL different_origin_url("http://www.example.com"); MockRenderProcessHost* rph = static_cast<MockRenderProcessHost*>(main_test_rfh()->GetProcess()); + WebPreferences prefs = test_rvh()->GetWebkitPreferences(); + prefs.allow_universal_access_from_file_urls = true; + test_rvh()->UpdateWebkitPreferences(prefs); + prefs = test_rvh()->GetWebkitPreferences(); + EXPECT_TRUE(prefs.allow_universal_access_from_file_urls); + // Allow in page navigation if existing URL is file scheme. + const GURL file_url("file:///foo/index.html"); + main_test_rfh()->SendNavigate(0, file_url); + EXPECT_EQ(0, rph->bad_msg_count()); + EXPECT_TRUE(controller.IsURLInPageNavigation(different_origin_url, true, + main_test_rfh())); EXPECT_EQ(0, rph->bad_msg_count()); + // Don't honor allow_universal_access_from_file_urls if existing URL is + // not file scheme. + main_test_rfh()->SendNavigate(0, url); EXPECT_FALSE(controller.IsURLInPageNavigation(different_origin_url, true, main_test_rfh())); EXPECT_EQ(1, rph->bad_msg_count()); + + // Remove allow_universal_access_from_file_urls flag. + prefs.allow_universal_access_from_file_urls = false; + test_rvh()->UpdateWebkitPreferences(prefs); + prefs = test_rvh()->GetWebkitPreferences(); + EXPECT_FALSE(prefs.allow_universal_access_from_file_urls); + + // Don't believe the renderer if it claims a cross-origin navigation is + // in-page. + EXPECT_EQ(1, rph->bad_msg_count()); + EXPECT_FALSE(controller.IsURLInPageNavigation(different_origin_url, true, + main_test_rfh())); + EXPECT_EQ(2, rph->bad_msg_count()); } // Some pages can have subframes with the same base URL (minus the reference) as |