From 9f580dd4232e1ece022789d2f11512af3982c7ac Mon Sep 17 00:00:00 2001 From: bridiver Date: Thu, 2 Aug 2018 22:21:14 -0700 Subject: [PATCH] do not allow any loading of brave:// urls from anywhere auditors @darkdh @diracdeltas --- brave/browser/brave_content_browser_client.cc | 9 +++++++++ brave/browser/brave_content_browser_client.h | 2 ++ 2 files changed, 11 insertions(+) diff --git a/brave/browser/brave_content_browser_client.cc b/brave/browser/brave_content_browser_client.cc index 02071e4d9a..a21a39eb8f 100644 --- a/brave/browser/brave_content_browser_client.cc +++ b/brave/browser/brave_content_browser_client.cc @@ -845,9 +845,18 @@ void BraveContentBrowserClient::GetAdditionalWebUISchemes( additional_schemes->push_back(content::kChromeDevToolsScheme); } +bool BraveContentBrowserClient::CanCommitURL( + content::RenderProcessHost* process_host, const GURL& url) { + if (url.SchemeIs("brave")) + return false; + return true; +} + bool BraveContentBrowserClient::ShouldAllowOpenURL( content::SiteInstance* site_instance, const GURL& url) { GURL from_url = site_instance->GetSiteURL(); + if (url.SchemeIs("brave")) + return false; #if BUILDFLAG(ENABLE_EXTENSIONS) bool result; if (AtomBrowserClientExtensionsPart::ShouldAllowOpenURL( diff --git a/brave/browser/brave_content_browser_client.h b/brave/browser/brave_content_browser_client.h index 845275d4c6..64f491cfd9 100644 --- a/brave/browser/brave_content_browser_client.h +++ b/brave/browser/brave_content_browser_client.h @@ -118,6 +118,8 @@ class BraveContentBrowserClient : public atom::AtomBrowserClient { std::vector* additional_allowed_schemes) override; void GetAdditionalWebUISchemes( std::vector* additional_schemes) override; + bool CanCommitURL( + content::RenderProcessHost* process_host, const GURL& url) override; bool ShouldAllowOpenURL(content::SiteInstance* site_instance, const GURL& url) override; bool IsURLAcceptableForWebUI(content::BrowserContext* browser_context,