Google Git
Sign in
chromium / chromium / src.git / dde6d04f8e4887cf11280cc035aa1a2842fae715
commitdde6d04f8e4887cf11280cc035aa1a2842fae715[log] [tgz]
authorFrédéric Wang <[email protected]>Mon Aug 24 10:27:03 2020
committerCommit Bot <[email protected]>Mon Aug 24 10:27:03 2020
treede5c1217741ebdb51889c483a7c09adb87b1bcb5
parente4acfd753fccb57f1ed453d7a1ca608083227f04 [diff]
Introduce common browser/web API for validation of custom handlers

Logic to validate custom handlers is required on both the web and
browser processes. This CL introduces a new API in
third_party/blink/public/common in order to reduce duplication. As a
starting point, a new helper function allows to verify whether the
following condition is satisfied [1]:

> If scheme is neither a safelisted scheme nor a string starting with
> "web+" followed by one or more ASCII lower alphas'

In order to keep this CL small, more advanced aspects like same-origin
condition (currently performed in WebContentsImpl), validation of the
schemes of the registered URLs [2] [3] or other tests that are currently
only performed on the web process are not considered. This can be refine
later if needed.

This CL makes the check on the browser process slighty stronger.
Previously the only requirement for URLs starting with "web+" was to be
sure they are not just equal to "web+".

This CL might also make verification on the web process slightly less
efficient, if the conversion from WTF::String to base::StringPiece
requires a buffer allocation. However, it seems unlikely to be a
performance bottleneck for the current use cases.

[1] https://html.spec.whatwg.org/multipage/system-state.html#normalize-protocol-handler-parameters
[2] https://crbug.com/1112268
[3] https://crbug.com/64100

Bug: 971917, 952974
Change-Id: Iaada22200d7b7d834ad878bbc51cc40ea67d6332
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2362802
Commit-Queue: Frédéric Wang <[email protected]>
Reviewed-by: Mike West <[email protected]>
Reviewed-by: Dominick Ng <[email protected]>
Cr-Commit-Position: refs/heads/master@{#800948}
7 files changed
tree: de5c1217741ebdb51889c483a7c09adb87b1bcb5
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. .vpython3
  61. .yapfignore
  62. AUTHORS
  63. BUILD.gn
  64. CODE_OF_CONDUCT.md
  65. codereview.settings
  66. DEPS
  67. DIR_METADATA
  68. ENG_REVIEW_OWNERS
  69. LICENSE
  70. LICENSE.chromium_os
  71. OWNERS
  72. PRESUBMIT.py
  73. PRESUBMIT_test.py
  74. PRESUBMIT_test_mocks.py
  75. README.md
  76. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.