Revert of Move content:: scheme registrations from chrome/ to content/....

Revert of Move content:: scheme registrations from chrome/ to content/. (patchset #1 id:1 of https://codereview.chromium.org/1137103003/) Reason for revert: Breaks some layout tests BUG=489672 Original issue's description: > Move content:: scheme registrations from chrome/ to content/. > > Both 'chrome:' and 'chrome-devtools:' are content-level schemes; we > should do their various renderer-side scheme registrations in content > (RenderThreadImpl::RegisterSchemes) rather than in chrome > (ChromeContentRendererClient::RenderThreadStarted). > > R=jochen@chromium.org > > Committed: https://crrev.com/dcd7aad11d33ffd6dffe440ce32a0228c0843a67 > Cr-Commit-Position: refs/heads/master@{#330506} TBR=jochen@chromium.org,philipj@opera.com,sofbjornf@opera.com,mkwst@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1142213002 Cr-Commit-Position: refs/heads/master@{#330513}

Revert of Move content:: scheme registrations from chrome/ to content/....
Revert of Move content:: scheme registrations from chrome/ to content/. (patchset #1 id:1 of https://codereview.chromium.org/1137103003/) Reason for revert: Breaks some layout tests BUG=489672 Original issue's description: > Move content:: scheme registrations from chrome/ to content/. > > Both 'chrome:' and 'chrome-devtools:' are content-level schemes; we > should do their various renderer-side scheme registrations in content > (RenderThreadImpl::RegisterSchemes) rather than in chrome > (ChromeContentRendererClient::RenderThreadStarted). > > R=jochen@chromium.org > > Committed: https://crrev.com/dcd7aad11d33ffd6dffe440ce32a0228c0843a67 > Cr-Commit-Position: refs/heads/master@{#330506} TBR=jochen@chromium.org,philipj@opera.com,sofbjornf@opera.com,mkwst@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review URL: https://codereview.chromium.org/1142213002 Cr-Commit-Position: refs/heads/master@{#330513}
b2ecf6a9 · hiroshige · Commit bot · b5054646 · b2ecf6a9 · b2ecf6a9
Commit b2ecf6a9 authored May 19, 2015 by hiroshige Committed by Commit bot May 19, 2015
Showing with 18 additions and 19 deletions

chrome/renderer/chrome_content_renderer_client.cc chrome/renderer/chrome_content_renderer_client.cc +16 -6

content/renderer/render_thread_impl.cc content/renderer/render_thread_impl.cc +2 -13

No files found.
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -439,16 +439,22 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  if (command_line->HasSwitch(switches::kInstantProcess))
    thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
-  // chrome-search: and chrome-distiller: pages  should not be accessible by
+  // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
-  // normal content, and should also be unable to script anything but themselves
+  // should not be accessible by normal content, and should also be unable to
-  // (to help limit the damage that a corrupt page could cause).
+  // script anything but themselves (to help limit the damage that a corrupt
-  WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
+  // page could cause).
+  WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
+  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
+  WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
  // The Instant process can only display the content but not read it.  Other
  // processes can't display it or read it.
  if (!command_line->HasSwitch(switches::kInstantProcess))
    WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
+  WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
+  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
  WebString dom_distiller_scheme(
      ASCIIToUTF16(dom_distiller::kDomDistillerScheme));
  // TODO(nyquist): Add test to ensure this happens when the flag is set.
@@ -469,13 +475,16 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  }
 #endif
-  // chrome-search: pages should not be accessible by bookmarklets
+  // chrome: and chrome-search: pages should not be accessible by bookmarklets
  // or javascript: URLs typed in the omnibox.
+  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
+      chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
      chrome_search_scheme);
-  // chrome-search:, chrome-extension:, and chrome-extension-resource:
+  // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource:
  // resources shouldn't trigger insecure content warnings.
+  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
  WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
@@ -487,6 +496,7 @@ void ChromeContentRendererClient::RenderThreadStarted() {
  // chrome:, chrome-extension:, chrome-extension-resource: resources should be
  // allowed to receive CORS requests.
+  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme);
  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);

--- a/content/renderer/render_thread_impl.cc
+++ b/content/renderer/render_thread_impl.cc
@@ -1138,22 +1138,11 @@ void RenderThreadImpl::EnsureWebKitInitialized() {
 }
 void RenderThreadImpl::RegisterSchemes() {
-  // swappedout:
+  // swappedout: pages should not be accessible, and should also
+  // be treated as empty documents that can commit synchronously.
  WebString swappedout_scheme(base::ASCIIToUTF16(kSwappedOutScheme));
  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(swappedout_scheme);
  WebSecurityPolicy::registerURLSchemeAsEmptyDocument(swappedout_scheme);
-  // chrome:
-  WebString chrome_scheme(base::ASCIIToUTF16(kChromeUIScheme));
-  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_scheme);
-  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
-      chrome_scheme);
-  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_scheme);
-  WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_scheme);
-  // chrome-devtools:
-  WebString devtools_scheme(base::ASCIIToUTF16(kChromeDevToolsScheme));
-  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(devtools_scheme);
 }
 void RenderThreadImpl::NotifyTimezoneChange() {