diff options
Diffstat (limited to 'chromium/content/browser/frame_host/webui_navigation_throttle.h')
| -rw-r--r-- | chromium/content/browser/frame_host/webui_navigation_throttle.h | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/chromium/content/browser/frame_host/webui_navigation_throttle.h b/chromium/content/browser/frame_host/webui_navigation_throttle.h new file mode 100644 index 00000000000..b47aa830487 --- /dev/null +++ b/chromium/content/browser/frame_host/webui_navigation_throttle.h @@ -0,0 +1,46 @@ +// Copyright 2018 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CONTENT_BROWSER_FRAME_HOST_WEBUI_NAVIGATION_THROTTLE_H_ +#define CONTENT_BROWSER_FRAME_HOST_WEBUI_NAVIGATION_THROTTLE_H_ + +#include "content/public/browser/navigation_throttle.h" + +namespace content { + +// This NavigationThrottle class is used to check for subframe navigations to +// web content in WebUI processes and/or chrome:// documents. When the +// parent frame is at a chrome:// URL or is in a process with WebUI +// bindings, subframes are only allowed to navigate to chrome:// URLs. +// Note: There are WebUI documents that live on non-chrome: schemes and do +// not have WebUI bindings. Those are not covered by this restriction. +// +// This is an important security property to uphold, because by default +// WebUI documents have high privileges and if malicious web content is +// loaded in their process, it can be used as an easy step towards a sandbox +// escape. +// +// Note: Navigations in the main frame are allowed, as those will result in a +// process change with BrowsingInstance change and drop of privileges. +// Subframes are resticted because they must be in the same BrowsingInstance +// and would have the ability to communicate with the parent document. +class WebUINavigationThrottle : public NavigationThrottle { + public: + static std::unique_ptr<NavigationThrottle> CreateThrottleForNavigation( + NavigationHandle* navigation_handle); + + explicit WebUINavigationThrottle(NavigationHandle* navigation_handle); + ~WebUINavigationThrottle() override; + + // NavigationThrottle methods + ThrottleCheckResult WillStartRequest() override; + const char* GetNameForLogging() override; + + private: + DISALLOW_COPY_AND_ASSIGN(WebUINavigationThrottle); +}; + +} // namespace content + +#endif // CONTENT_BROWSER_FRAME_HOST_WEBUI_NAVIGATION_THROTTLE_H_ |