-
Notifications
You must be signed in to change notification settings - Fork 873
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1196 from brave/prevent_brave_scheme_loading_from_js
Prevent loading brave scheme url from javascript
- Loading branch information
Showing
8 changed files
with
72 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,8 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "brave/browser/net/brave_profile_network_delegate.h" | ||
#include "brave/common/url_constants.h" | ||
|
||
#include "../../../../../../chrome/browser/profiles/profile_io_data.cc" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "../../../../../content/public/common/url_constants.cc" | ||
|
||
namespace content { | ||
const char kBraveUIScheme[] = "brave"; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "../../../../../content/public/common/url_constants.h" | ||
|
||
namespace content { | ||
CONTENT_EXPORT extern const char kBraveUIScheme[]; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
patches/content-browser-child_process_security_policy_impl.cc.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc | ||
index 323f85836c334129b94351be360062ad4d4d5c36..3fc6f840cf1e7bf7a65a0f7964e56ee5e86b96b4 100644 | ||
--- a/content/browser/child_process_security_policy_impl.cc | ||
+++ b/content/browser/child_process_security_policy_impl.cc | ||
@@ -690,6 +690,9 @@ void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id, | ||
|
||
// Web UI bindings need the ability to request chrome: URLs. | ||
state->second->GrantRequestScheme(kChromeUIScheme); | ||
+#if defined(BRAVE_CHROMIUM_BUILD) | ||
+ state->second->GrantRequestScheme(kBraveUIScheme); | ||
+#endif | ||
|
||
// Web UI pages can contain links to file:// URLs. | ||
state->second->GrantRequestScheme(url::kFileScheme); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
diff --git a/content/renderer/render_thread_impl.cc b/content/renderer/render_thread_impl.cc | ||
index f2d704c09e6eb90409d6e8119fe1b7d65f2fbabd..797f8f58fd4dbdeb976bdd9bc61e479d5b50c85c 100644 | ||
--- a/content/renderer/render_thread_impl.cc | ||
+++ b/content/renderer/render_thread_impl.cc | ||
@@ -1241,6 +1241,14 @@ void RenderThreadImpl::InitializeWebKit( | ||
} | ||
|
||
void RenderThreadImpl::RegisterSchemes() { | ||
+#if defined(BRAVE_CHROMIUM_BUILD) | ||
+ // brave: | ||
+ WebString brave_scheme(WebString::FromASCII(kBraveUIScheme)); | ||
+ WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(brave_scheme); | ||
+ WebSecurityPolicy::RegisterURLSchemeAsNotAllowingJavascriptURLs( | ||
+ brave_scheme); | ||
+#endif | ||
+ | ||
// chrome: | ||
WebString chrome_scheme(WebString::FromASCII(kChromeUIScheme)); | ||
WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(chrome_scheme); |