-
Frédéric Wang authored
Logic to validate custom handlers is required on both the web and browser processes. This CL introduces a new API in third_party/blink/public/common in order to reduce duplication. As a starting point, a new helper function allows to verify whether the following condition is satisfied [1]: > If scheme is neither a safelisted scheme nor a string starting with > "web+" followed by one or more ASCII lower alphas' In order to keep this CL small, more advanced aspects like same-origin condition (currently performed in WebContentsImpl), validation of the schemes of the registered URLs [2] [3] or other tests that are currently only performed on the web process are not considered. This can be refine later if needed. This CL makes the check on the browser process slighty stronger. Previously the only requirement for URLs starting with "web+" was to be sure they are not just equal to "web+". This CL might also make verification on the web process slightly less efficient, if the conversion from WTF::String to base::StringPiece requires a buffer allocation. However, it seems unlikely to be a performance bottleneck for the current use cases. [1] https://html.spec.whatwg.org/multipage/system-state.html#normalize-protocol-handler-parameters [2] https://crbug.com/1112268 [3] https://crbug.com/64100 Bug: 971917, 952974 Change-Id: Iaada22200d7b7d834ad878bbc51cc40ea67d6332 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2362802 Commit-Queue: Frédéric Wang <fwang@igalia.com> Reviewed-by:
Mike West <mkwst@chromium.org> Reviewed-by:
Dominick Ng <dominickn@chromium.org> Cr-Commit-Position: refs/heads/master@{#800948}
dde6d04f
