Filter more incoming URLs in the CreateWindow path.

BUG=170532 Review URL: https://chromiumcodereview.appspot.com/12036002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@178728 0039d316-1c4b-4281-b951-d872f2087c98
chromium · Jan 25, 2013 · 7f48b71 · 7f48b71
1 parent 3c8352c
commit 7f48b71
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 6 deletions.
diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc
@@ -462,8 +462,8 @@ void RenderMessageFilter::OnCreateWindow(
   bool no_javascript_access;
   bool can_create_window =
       GetContentClient()->browser()->CanCreateWindow(
-          GURL(params.opener_url),
-          GURL(params.opener_security_origin),
+          params.opener_url,
+          params.opener_security_origin,
           params.window_container_type,
           resource_context_,
           render_process_id_,

diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
@@ -1056,8 +1056,10 @@ void RenderViewHostImpl::CreateNewWindow(
   ViewHostMsg_CreateWindow_Params validated_params(params);
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
-  // TODO(cevans): also validate opener_url, opener_security_origin.
   FilterURL(policy, GetProcess(), false, &validated_params.target_url);
+  FilterURL(policy, GetProcess(), false, &validated_params.opener_url);
+  FilterURL(policy, GetProcess(), true,
+            &validated_params.opener_security_origin);
 
   delegate_->CreateNewWindow(route_id, validated_params,
                              session_storage_namespace);

diff --git a/content/common/view_messages.h b/content/common/view_messages.h
@@ -314,7 +314,7 @@ IPC_STRUCT_BEGIN(ViewHostMsg_CreateWindow_Params)
   IPC_STRUCT_MEMBER(GURL, opener_url)
 
   // The security origin of the frame initiating the open.
-  IPC_STRUCT_MEMBER(std::string, opener_security_origin)
+  IPC_STRUCT_MEMBER(GURL, opener_security_origin)
 
   // Whether the opener will be suppressed in the new window, in which case
   // scripting the new window is not allowed.

diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
@@ -1849,8 +1849,10 @@ WebView* RenderViewImpl::createView(
   params.frame_name = frame_name;
   params.opener_frame_id = creator->identifier();
   params.opener_url = creator->document().url();
-  params.opener_security_origin =
-      creator->document().securityOrigin().toString().utf8();
+  GURL security_url(creator->document().securityOrigin().toString().utf8());
+  if (!security_url.is_valid())
+    security_url = GURL();
+  params.opener_security_origin = security_url;
   params.opener_suppressed = creator->willSuppressOpenerInNewFrame();
   params.disposition = NavigationPolicyToDisposition(policy);
   if (!request.isNull())