Move content:: scheme registrations from chrome/ to content/.

Both 'chrome:' and 'chrome-devtools:' are content-level schemes; we should do their various renderer-side scheme registrations in content (RenderThreadImpl::RegisterSchemes) rather than in chrome (ChromeContentRendererClient::RenderThreadStarted). Patch 1: https://codereview.chromium.org/1143593006 Patch 2: [This patch] Patch 3: https://codereview.chromium.org/1139053004/ This is a re-land of https://codereview.chromium.org/1137103003/, which was reverted due to trivial layout test changes. TBR=jochen@chromium.org,philipj@opera.com,sofbjornf@opera.com,hiroshige@chromium.org BUG=489672 Review URL: https://codereview.chromium.org/1134303009 Cr-Commit-Position: refs/heads/master@{#330700}

Move content:: scheme registrations from chrome/ to content/.
Both 'chrome:' and 'chrome-devtools:' are content-level schemes; we should do their various renderer-side scheme registrations in content (RenderThreadImpl::RegisterSchemes) rather than in chrome (ChromeContentRendererClient::RenderThreadStarted). Patch 1: https://codereview.chromium.org/1143593006 Patch 2: [This patch] Patch 3: https://codereview.chromium.org/1139053004/ This is a re-land of https://codereview.chromium.org/1137103003/, which was reverted due to trivial layout test changes. TBR=jochen@chromium.org,philipj@opera.com,sofbjornf@opera.com,hiroshige@chromium.org BUG=489672 Review URL: https://codereview.chromium.org/1134303009 Cr-Commit-Position: refs/heads/master@{#330700}
8e94fb30 · mkwst · Commit bot · ceff908a · 8e94fb30 · 8e94fb30
Commit 8e94fb30 authored May 19, 2015 by mkwst Committed by Commit bot May 20, 2015
Showing with 19 additions and 18 deletions

chrome/renderer/chrome_content_renderer_client.cc chrome/renderer/chrome_content_renderer_client.cc +6 -16

content/renderer/render_thread_impl.cc content/renderer/render_thread_impl.cc +13 -2

No files found.
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -439,22 +439,16 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  if (command_line->HasSwitch(switches::kInstantProcess))
    thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
-  // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
+  // chrome-search: and chrome-distiller: pages  should not be accessible by
-  // should not be accessible by normal content, and should also be unable to
+  // normal content, and should also be unable to script anything but themselves
-  // script anything but themselves (to help limit the damage that a corrupt
+  // (to help limit the damage that a corrupt page could cause).
-  // page could cause).
-  WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
-  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
  WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
  // The Instant process can only display the content but not read it.  Other
  // processes can't display it or read it.
  if (!command_line->HasSwitch(switches::kInstantProcess))
    WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
-  WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
-  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
  WebString dom_distiller_scheme(
      ASCIIToUTF16(dom_distiller::kDomDistillerScheme));
  // TODO(nyquist): Add test to ensure this happens when the flag is set.
@@ -475,16 +469,13 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  }
 #endif
-  // chrome: and chrome-search: pages should not be accessible by bookmarklets
+  // chrome-search: pages should not be accessible by bookmarklets
  // or javascript: URLs typed in the omnibox.
-  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
-      chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
      chrome_search_scheme);
-  // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource:
+  // chrome-search:, chrome-extension:, and chrome-extension-resource:
  // resources shouldn't trigger insecure content warnings.
-  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
  WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
@@ -496,7 +487,6 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  // chrome:, chrome-extension:, chrome-extension-resource: resources should be
  // allowed to receive CORS requests.
-  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);

--- a/content/renderer/render_thread_impl.cc
+++ b/content/renderer/render_thread_impl.cc
@@ -1138,11 +1138,22 @@ void RenderThreadImpl::EnsureWebKitInitialized() {
 }
 void RenderThreadImpl::RegisterSchemes() {
-  // swappedout: pages should not be accessible, and should also
+  // swappedout:
-  // be treated as empty documents that can commit synchronously.
  WebString swappedout_scheme(base::ASCIIToUTF16(kSwappedOutScheme));
  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(swappedout_scheme);
  WebSecurityPolicy::registerURLSchemeAsEmptyDocument(swappedout_scheme);
+  // chrome:
+  WebString chrome_scheme(base::ASCIIToUTF16(kChromeUIScheme));
+  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_scheme);
+  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
+      chrome_scheme);
+  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_scheme);
+  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_scheme);
+  // chrome-devtools:
+  WebString devtools_scheme(base::ASCIIToUTF16(kChromeDevToolsScheme));
+  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(devtools_scheme);
 }
 void RenderThreadImpl::NotifyTimezoneChange() {