Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid crash by using proper origin. (uplift to 1.17.x) #6959

Merged
merged 1 commit into from
Oct 28, 2020
Merged

Avoid crash by using proper origin. (uplift to 1.17.x) #6959

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 25 additions & 33 deletions components/content_settings/renderer/brave_content_settings_agent_impl.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@
#include "mojo/public/cpp/bindings/remote.h"
#include "services/service_manager/public/cpp/interface_provider.h"
#include "third_party/blink/public/common/browser_interface_broker_proxy.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom-blink.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom-blink-forward.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom-blink.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom.h"
#include "third_party/blink/public/platform/web_url.h"
#include "third_party/blink/public/web/web_document.h"
#include "third_party/blink/public/web/web_frame.h"
Expand All @@ -36,8 +36,7 @@
namespace content_settings {
namespace {

GURL GetOriginOrURL(
const blink::WebFrame* frame) {
GURL GetOriginOrURL(const blink::WebFrame* frame) {
url::Origin top_origin = url::Origin(frame->Top()->GetSecurityOrigin());
// The |top_origin| is unique ("null") e.g., for file:// URLs. Use the
// document URL as the primary URL in those cases.
Expand Down Expand Up @@ -76,8 +75,7 @@ BraveContentSettingsAgentImpl::BraveContentSettingsAgentImpl(
should_whitelist,
std::move(delegate)) {}

BraveContentSettingsAgentImpl::~BraveContentSettingsAgentImpl() {
}
BraveContentSettingsAgentImpl::~BraveContentSettingsAgentImpl() {}

bool BraveContentSettingsAgentImpl::OnMessageReceived(
const IPC::Message& message) {
Expand All @@ -87,7 +85,8 @@ bool BraveContentSettingsAgentImpl::OnMessageReceived(
IPC_MESSAGE_UNHANDLED(handled = false)
IPC_END_MESSAGE_MAP()

if (handled) return true;
if (handled)
return true;
return ContentSettingsAgentImpl::OnMessageReceived(message);
}

Expand All @@ -108,38 +107,35 @@ bool BraveContentSettingsAgentImpl::IsScriptTemporilyAllowed(
// Check if scripts from this origin are temporily allowed or not.
// Also matches the full script URL to support data URL cases which we use
// the full URL to allow it.
return base::Contains(
temporarily_allowed_scripts_, script_url.GetOrigin().spec()) ||
base::Contains(temporarily_allowed_scripts_, script_url.spec());
return base::Contains(temporarily_allowed_scripts_,
script_url.GetOrigin().spec()) ||
base::Contains(temporarily_allowed_scripts_, script_url.spec());
}

void BraveContentSettingsAgentImpl::BraveSpecificDidBlockJavaScript(
const base::string16& details) {
Send(new BraveViewHostMsg_JavaScriptBlocked(routing_id(), details));
}

bool BraveContentSettingsAgentImpl::AllowScript(
bool enabled_per_settings) {
bool BraveContentSettingsAgentImpl::AllowScript(bool enabled_per_settings) {
// clear cached url for other flow like directly calling `DidNotAllowScript`
// without calling `AllowScriptFromSource` first
blocked_script_url_ = GURL::EmptyGURL();

blink::WebLocalFrame* frame = render_frame()->GetWebFrame();
const GURL secondary_url(
url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL());
const GURL secondary_url(url::Origin(frame->GetSecurityOrigin()).GetURL());

bool allow = ContentSettingsAgentImpl::AllowScript(enabled_per_settings);
allow = allow ||
IsBraveShieldsDown(frame, secondary_url) ||
IsScriptTemporilyAllowed(secondary_url);
allow = allow || IsBraveShieldsDown(frame, secondary_url) ||
IsScriptTemporilyAllowed(secondary_url);

return allow;
}

void BraveContentSettingsAgentImpl::DidNotAllowScript() {
if (!blocked_script_url_.is_empty()) {
BraveSpecificDidBlockJavaScript(
base::UTF8ToUTF16(blocked_script_url_.spec()));
base::UTF8ToUTF16(blocked_script_url_.spec()));
blocked_script_url_ = GURL::EmptyGURL();
}
ContentSettingsAgentImpl::DidNotAllowScript();
Expand All @@ -159,10 +155,9 @@ bool BraveContentSettingsAgentImpl::AllowScriptFromSource(
blink::WebSecurityOrigin::Create(script_url),
render_frame()->GetWebFrame()->GetDocument().Url());

allow = allow ||
should_white_list ||
IsBraveShieldsDown(render_frame()->GetWebFrame(), secondary_url) ||
IsScriptTemporilyAllowed(secondary_url);
allow = allow || should_white_list ||
IsBraveShieldsDown(render_frame()->GetWebFrame(), secondary_url) ||
IsScriptTemporilyAllowed(secondary_url);

if (!allow) {
blocked_script_url_ = secondary_url;
Expand All @@ -189,8 +184,7 @@ bool BraveContentSettingsAgentImpl::AllowFingerprinting(
if (!enabled_per_settings)
return false;
blink::WebLocalFrame* frame = render_frame()->GetWebFrame();
const GURL secondary_url(
url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL());
const GURL secondary_url(url::Origin(frame->GetSecurityOrigin()).GetURL());
if (IsBraveShieldsDown(frame, secondary_url)) {
return true;
}
Expand All @@ -203,14 +197,12 @@ BraveFarblingLevel BraveContentSettingsAgentImpl::GetBraveFarblingLevel() {

ContentSetting setting = CONTENT_SETTING_DEFAULT;
if (content_setting_rules_) {
if (IsBraveShieldsDown(
frame,
url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL())) {
if (IsBraveShieldsDown(frame,
url::Origin(frame->GetSecurityOrigin()).GetURL())) {
setting = CONTENT_SETTING_ALLOW;
} else {
setting = GetBraveFPContentSettingFromRules(
content_setting_rules_->fingerprinting_rules,
GetOriginOrURL(frame));
content_setting_rules_->fingerprinting_rules, GetOriginOrURL(frame));
}
}

Expand All @@ -228,7 +220,7 @@ BraveFarblingLevel BraveContentSettingsAgentImpl::GetBraveFarblingLevel() {

bool BraveContentSettingsAgentImpl::AllowAutoplay(bool default_value) {
blink::WebLocalFrame* frame = render_frame()->GetWebFrame();
auto origin = frame->GetDocument().GetSecurityOrigin();
auto origin = frame->GetSecurityOrigin();
// default allow local files
if (origin.IsNull() || origin.Protocol().Ascii() == url::kFileScheme) {
VLOG(1) << "AllowAutoplay=true because no origin or file scheme";
Expand All @@ -238,9 +230,9 @@ bool BraveContentSettingsAgentImpl::AllowAutoplay(bool default_value) {
// respect user's site blocklist, if any
bool ask = false;
if (content_setting_rules_) {
ContentSetting setting = GetContentSettingFromRules(
content_setting_rules_->autoplay_rules, frame,
url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL());
ContentSetting setting =
GetContentSettingFromRules(content_setting_rules_->autoplay_rules,
frame, url::Origin(origin).GetURL());
if (setting == CONTENT_SETTING_BLOCK) {
VLOG(1) << "AllowAutoplay=false because rule=CONTENT_SETTING_BLOCK";
return false;
Expand Down