forked from uazo/cromite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRevert-Delete-block-external-form-redirects.patch
128 lines (118 loc) · 6.66 KB
/
Revert-Delete-block-external-form-redirects.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
From: csagan5 <[email protected]>
Date: Thu, 16 Jun 2022 23:23:43 +0200
Subject: Revert "Delete block-external-form-redirects"
This reverts commit b710cefb53b558a8bcd884f6baf0229ba4225721 and
enables IntentBlockExternalFormRedirectsNoGesture.
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
---
.../android/external_intents_features.cc | 7 ++++++-
.../android/external_intents_features.h | 1 +
.../ExternalIntentsFeatures.java | 6 ++++++
.../ExternalNavigationHandler.java | 21 +++++++++++++++++++
...t-Delete-block-external-form-redirects.inc | 15 +++++++++++++
5 files changed, 49 insertions(+), 1 deletion(-)
create mode 100644 cromite_flags/chrome/browser/about_flags_cc/Revert-Delete-block-external-form-redirects.inc
diff --git a/components/external_intents/android/external_intents_features.cc b/components/external_intents/android/external_intents_features.cc
--- a/components/external_intents/android/external_intents_features.cc
+++ b/components/external_intents/android/external_intents_features.cc
@@ -20,7 +20,6 @@ namespace {
const base::Feature* kFeaturesExposedToJava[] = {
&kExternalNavigationDebugLogs, &kBlockFrameRenavigations,
&kBlockIntentsToSelf, &kTrustedClientGestureBypass};
-
} // namespace
// Alphabetical:
@@ -41,7 +40,13 @@ BASE_FEATURE(kTrustedClientGestureBypass,
"TrustedClientGestureBypass",
base::FEATURE_ENABLED_BY_DEFAULT);
+CROMITE_FEATURE(kIntentBlockExternalFormRedirectsNoGesture,
+ "IntentBlockExternalFormRedirectsNoGesture",
+ base::FEATURE_ENABLED_BY_DEFAULT);
+
static jlong JNI_ExternalIntentsFeatures_GetFeature(JNIEnv* env, jint ordinal) {
+ if (ordinal == -1)
+ return reinterpret_cast<jlong>(&kIntentBlockExternalFormRedirectsNoGesture);
return reinterpret_cast<jlong>(kFeaturesExposedToJava[ordinal]);
}
diff --git a/components/external_intents/android/external_intents_features.h b/components/external_intents/android/external_intents_features.h
--- a/components/external_intents/android/external_intents_features.h
+++ b/components/external_intents/android/external_intents_features.h
@@ -9,6 +9,7 @@
namespace external_intents {
+BASE_DECLARE_FEATURE(kIntentBlockExternalFormRedirectsNoGesture);
BASE_DECLARE_FEATURE(kExternalNavigationDebugLogs);
BASE_DECLARE_FEATURE(kBlockFrameRenavigations);
BASE_DECLARE_FEATURE(kBlockIntentsToSelf);
diff --git a/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalIntentsFeatures.java b/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalIntentsFeatures.java
--- a/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalIntentsFeatures.java
+++ b/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalIntentsFeatures.java
@@ -18,6 +18,12 @@ import org.chromium.base.Features;
*/
@JNINamespace("external_intents")
public class ExternalIntentsFeatures extends Features {
+ public static final String INTENT_BLOCK_EXTERNAL_FORM_REDIRECT_NO_GESTURE_NAME =
+ "IntentBlockExternalFormRedirectsNoGesture";
+
+ public static final ExternalIntentsFeatures INTENT_BLOCK_EXTERNAL_FORM_REDIRECT_NO_GESTURE =
+ new ExternalIntentsFeatures(-1, INTENT_BLOCK_EXTERNAL_FORM_REDIRECT_NO_GESTURE_NAME);
+
public static final String EXTERNAL_NAVIGATION_DEBUG_LOGS_NAME = "ExternalNavigationDebugLogs";
public static final String BLOCK_FRAME_RENAVIGATIONS_NAME = "BlockFrameRenavigations3";
public static final String BLOCK_INTENTS_TO_SELF_NAME = "BlockIntentsToSelf";
diff --git a/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalNavigationHandler.java b/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalNavigationHandler.java
--- a/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalNavigationHandler.java
+++ b/components/external_intents/android/java/src/org/chromium/components/external_intents/ExternalNavigationHandler.java
@@ -1551,6 +1551,12 @@ public class ExternalNavigationHandler {
|| ignoreBackForwardNav(params);
}
+ /** Wrapper of check against the feature to support overriding for testing. */
+ @VisibleForTesting
+ boolean blockExternalFormRedirectsWithoutGesture() {
+ return ExternalIntentsFeatures.INTENT_BLOCK_EXTERNAL_FORM_REDIRECT_NO_GESTURE.isEnabled();
+ }
+
private OverrideUrlLoadingResult shouldOverrideUrlLoadingInternal(
ExternalNavigationParams params,
Intent targetIntent,
@@ -1614,6 +1620,21 @@ public class ExternalNavigationHandler {
return OverrideUrlLoadingResult.forNoOverride();
}
+ // http://crbug.com/839751: Require user gestures for form submits to external
+ // protocols.
+ // TODO(tedchoc): Turn this on by default once we verify this change does
+ // not break the world.
+ int pageTransitionCore = params.getPageTransition() & PageTransition.CORE_MASK;
+ boolean isFormSubmit = pageTransitionCore == PageTransition.FORM_SUBMIT;
+ boolean isRedirectFromFormSubmit = isFormSubmit && params.isRedirect();
+ if (isRedirectFromFormSubmit && !incomingIntentRedirect && !params.hasUserGesture()
+ && blockExternalFormRedirectsWithoutGesture()) {
+ if (debug()) {
+ Log.i(TAG, "Incoming form intent attempting to redirect without user gesture");
+ }
+ return OverrideUrlLoadingResult.forNoOverride();
+ }
+
if (hasInternalScheme(params.getUrl(), targetIntent)
|| hasContentScheme(params.getUrl(), targetIntent)
|| hasFileSchemeInIntentURI(params.getUrl(), targetIntent)) {
diff --git a/cromite_flags/chrome/browser/about_flags_cc/Revert-Delete-block-external-form-redirects.inc b/cromite_flags/chrome/browser/about_flags_cc/Revert-Delete-block-external-form-redirects.inc
new file mode 100644
--- /dev/null
+++ b/cromite_flags/chrome/browser/about_flags_cc/Revert-Delete-block-external-form-redirects.inc
@@ -0,0 +1,15 @@
+#if BUILDFLAG(IS_ANDROID)
+
+#ifdef FLAG_SECTION
+
+ {"block-external-form-redirects-no-gesture",
+ "Block intents from form submissions without user gesture",
+ "Require a user gesture that triggered a form submission in order to "
+ "allow for redirecting to an external intent.",
+ kOsAndroid,
+ FEATURE_VALUE_TYPE(
+ external_intents::kIntentBlockExternalFormRedirectsNoGesture)},
+
+#endif
+
+#endif
--