From 78c6d1d1158c82dcf45a5a521c22bfad0fab9fbf Mon Sep 17 00:00:00 2001 From: "Brian R. Bondy" Date: Tue, 8 Jan 2019 15:31:20 -0500 Subject: [PATCH] Merge pull request #1196 from brave/prevent_brave_scheme_loading_from_js Prevent loading brave scheme url from javascript --- .../brave_sync_page/brave_sync_page.html | 2 +- .../browser/profiles/profile_io_data.cc | 5 +++++ .../content/public/common/url_constants.cc | 10 ++++++++++ .../content/public/common/url_constants.h | 10 ++++++++++ .../brave_welcome_ui/components/app.tsx | 10 +++++----- ...-browser-profiles-profile_io_data.cc.patch | 14 ++++++++++++-- ...hild_process_security_policy_impl.cc.patch | 14 ++++++++++++++ ...ntent-renderer-render_thread_impl.cc.patch | 19 +++++++++++++++++++ 8 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 chromium_src/content/public/common/url_constants.cc create mode 100644 chromium_src/content/public/common/url_constants.h create mode 100644 patches/content-browser-child_process_security_policy_impl.cc.patch create mode 100644 patches/content-renderer-render_thread_impl.cc.patch diff --git a/browser/resources/settings/brave_sync_page/brave_sync_page.html b/browser/resources/settings/brave_sync_page/brave_sync_page.html index 5499ad4e2603..963b02bf92f3 100644 --- a/browser/resources/settings/brave_sync_page/brave_sync_page.html +++ b/browser/resources/settings/brave_sync_page/brave_sync_page.html @@ -12,7 +12,7 @@
- $i18n{braveSyncLabel} brave://sync + $i18n{braveSyncLabel} brave://sync
diff --git a/chromium_src/chrome/browser/profiles/profile_io_data.cc b/chromium_src/chrome/browser/profiles/profile_io_data.cc index 57fa82ae53fe..d6a9acf0dfd0 100644 --- a/chromium_src/chrome/browser/profiles/profile_io_data.cc +++ b/chromium_src/chrome/browser/profiles/profile_io_data.cc @@ -1,3 +1,8 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + #include "brave/browser/net/brave_profile_network_delegate.h" +#include "brave/common/url_constants.h" #include "../../../../../../chrome/browser/profiles/profile_io_data.cc" diff --git a/chromium_src/content/public/common/url_constants.cc b/chromium_src/content/public/common/url_constants.cc new file mode 100644 index 000000000000..fb315b8a3c71 --- /dev/null +++ b/chromium_src/content/public/common/url_constants.cc @@ -0,0 +1,10 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "../../../../../content/public/common/url_constants.cc" + +namespace content { +const char kBraveUIScheme[] = "brave"; +} + diff --git a/chromium_src/content/public/common/url_constants.h b/chromium_src/content/public/common/url_constants.h new file mode 100644 index 000000000000..18ba31bdb852 --- /dev/null +++ b/chromium_src/content/public/common/url_constants.h @@ -0,0 +1,10 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "../../../../../content/public/common/url_constants.h" + +namespace content { +CONTENT_EXPORT extern const char kBraveUIScheme[]; +} + diff --git a/components/brave_welcome_ui/components/app.tsx b/components/brave_welcome_ui/components/app.tsx index 42a4dd201b12..86170aec3a53 100644 --- a/components/brave_welcome_ui/components/app.tsx +++ b/components/brave_welcome_ui/components/app.tsx @@ -63,15 +63,15 @@ export class WelcomePage extends React.Component { } onClickConfirmDefaultSearchEngine = () => { - this.props.actions.goToTabRequested('brave://settings/search', '_blank') + this.props.actions.goToTabRequested('chrome://settings/search', '_blank') } onClickChooseYourTheme = () => { - this.props.actions.goToTabRequested('brave://settings/appearance', '_blank') + this.props.actions.goToTabRequested('chrome://settings/appearance', '_blank') } onClickRewardsGetStarted = () => { - this.props.actions.goToTabRequested('brave://rewards', '_blank') + this.props.actions.goToTabRequested('chrome://rewards', '_blank') } onClickSlideBullet = (nextScreen: number) => { @@ -83,11 +83,11 @@ export class WelcomePage extends React.Component { } onClickDone = () => { - this.props.actions.goToTabRequested('brave://newtab', '_self') + this.props.actions.goToTabRequested('chrome://newtab', '_self') } onClickSkip = () => { - this.props.actions.goToTabRequested('brave://newtab', '_self') + this.props.actions.goToTabRequested('chrome://newtab', '_self') } render () { diff --git a/patches/chrome-browser-profiles-profile_io_data.cc.patch b/patches/chrome-browser-profiles-profile_io_data.cc.patch index bd7202cff9c3..74f032574232 100644 --- a/patches/chrome-browser-profiles-profile_io_data.cc.patch +++ b/patches/chrome-browser-profiles-profile_io_data.cc.patch @@ -1,5 +1,5 @@ diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc -index 5664ba395badcea25fdbb33a274b522747b7b2cf..d3f5e852b0d0ff5909da6cc0760e51142115d7bc 100644 +index 5664ba395badcea25fdbb33a274b522747b7b2cf..b14d6e5150c2bab6c15acaf164cd4b4ad139122c 100644 --- a/chrome/browser/profiles/profile_io_data.cc +++ b/chrome/browser/profiles/profile_io_data.cc @@ -25,6 +25,7 @@ @@ -10,7 +10,17 @@ index 5664ba395badcea25fdbb33a274b522747b7b2cf..d3f5e852b0d0ff5909da6cc0760e5114 #include "build/build_config.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/chrome_notification_types.h" -@@ -966,7 +967,7 @@ void ProfileIOData::Init( +@@ -657,6 +658,9 @@ bool ProfileIOData::IsHandledProtocol(const std::string& scheme) { + extensions::kExtensionScheme, + #endif + content::kChromeUIScheme, ++#if defined(BRAVE_CHROMIUM_BUILD) ++ kBraveUIScheme, ++#endif + url::kDataScheme, + #if defined(OS_CHROMEOS) + content::kExternalFileScheme, +@@ -966,7 +970,7 @@ void ProfileIOData::Init( std::make_unique(); std::unique_ptr chrome_network_delegate( diff --git a/patches/content-browser-child_process_security_policy_impl.cc.patch b/patches/content-browser-child_process_security_policy_impl.cc.patch new file mode 100644 index 000000000000..da24f8216b9a --- /dev/null +++ b/patches/content-browser-child_process_security_policy_impl.cc.patch @@ -0,0 +1,14 @@ +diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc +index 65abcbd4bb87a0a3e9661c97e8fd38556ee19f8b..06adc3f5b231e863d7a2ceaa43a227ac5c046ed3 100644 +--- a/content/browser/child_process_security_policy_impl.cc ++++ b/content/browser/child_process_security_policy_impl.cc +@@ -691,6 +691,9 @@ void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id, + + // Web UI bindings need the ability to request chrome: URLs. + state->second->GrantRequestScheme(kChromeUIScheme); ++#if defined(BRAVE_CHROMIUM_BUILD) ++ state->second->GrantRequestScheme(kBraveUIScheme); ++#endif + + // Web UI pages can contain links to file:// URLs. + state->second->GrantRequestScheme(url::kFileScheme); diff --git a/patches/content-renderer-render_thread_impl.cc.patch b/patches/content-renderer-render_thread_impl.cc.patch new file mode 100644 index 000000000000..8cf73559aaad --- /dev/null +++ b/patches/content-renderer-render_thread_impl.cc.patch @@ -0,0 +1,19 @@ +diff --git a/content/renderer/render_thread_impl.cc b/content/renderer/render_thread_impl.cc +index 68682fd876dd8a07d2548e32a0ce453ca41a339b..4fb31f452139df4043fc0b8816b2a2bd42fcc27b 100644 +--- a/content/renderer/render_thread_impl.cc ++++ b/content/renderer/render_thread_impl.cc +@@ -1246,6 +1246,14 @@ void RenderThreadImpl::InitializeWebKit( + } + + void RenderThreadImpl::RegisterSchemes() { ++#if defined(BRAVE_CHROMIUM_BUILD) ++ // brave: ++ WebString brave_scheme(WebString::FromASCII(kBraveUIScheme)); ++ WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(brave_scheme); ++ WebSecurityPolicy::RegisterURLSchemeAsNotAllowingJavascriptURLs( ++ brave_scheme); ++#endif ++ + // chrome: + WebString chrome_scheme(WebString::FromASCII(kChromeUIScheme)); + WebSecurityPolicy::RegisterURLSchemeAsDisplayIsolated(chrome_scheme);