Add WebUI allowlist for Alloy-style browsers (fixes #3763)

2024-08-07 14:12:08 -04:00 · 2024-08-07 14:12:08 -04:00 · ebb3c962da
parent 64a2f681aa
commit ebb3c962da
1 changed files with 52 additions and 2 deletions
--- a/libcef/browser/alloy/alloy_browser_host_impl.cc
+++ b/libcef/browser/alloy/alloy_browser_host_impl.cc
@ -33,6 +33,7 @@
 #include "cef/libcef/common/values_impl.h"
 #include "chrome/browser/file_select_helper.h"
 #include "chrome/browser/picture_in_picture/picture_in_picture_window_manager.h"
 #include "chrome/common/webui_url_constants.h"
 #include "components/input/native_web_keyboard_event.h"
 #include "components/zoom/page_zoom.h"
 #include "content/browser/gpu/compositor_util.h"
@ -57,6 +58,47 @@ namespace {
 static constexpr base::TimeDelta kRecentlyAudibleTimeout = base::Seconds(2);
 // List of WebUI hosts that have been tested to work in Alloy-style browsers.
 // Do not add new hosts to this list without also manually testing all related
 // functionality in CEF.
 const char* kAllowedWebUIHosts[] = {
    chrome::kChromeUIAccessibilityHost,
    content::kChromeUIBlobInternalsHost,
    chrome::kChromeUIChromeURLsHost,
    chrome::kChromeUICreditsHost,
    content::kChromeUIGpuHost,
    content::kChromeUIHistogramHost,
    content::kChromeUIIndexedDBInternalsHost,
    chrome::kChromeUILicenseHost,
    content::kChromeUIMediaInternalsHost,
    chrome::kChromeUINetExportHost,
    chrome::kChromeUINetInternalsHost,
    content::kChromeUINetworkErrorHost,
    content::kChromeUINetworkErrorsListingHost,
    chrome::kChromeUIPrintHost,
    content::kChromeUIProcessInternalsHost,
    content::kChromeUIResourcesHost,
 #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
    chrome::kChromeUISandboxHost,
 #endif
    content::kChromeUIServiceWorkerInternalsHost,
    chrome::kChromeUISystemInfoHost,
    chrome::kChromeUITermsHost,
    chrome::kChromeUIThemeHost,
    content::kChromeUITracingHost,
    chrome::kChromeUIVersionHost,
    content::kChromeUIWebRTCInternalsHost,
 };
 bool IsAllowedWebUIHost(const std::string_view& host) {
  for (auto& allowed_host : kAllowedWebUIHosts) {
    if (base::EqualsCaseInsensitiveASCII(allowed_host, host)) {
      return true;
    }
  }
  return false;
 }
 }  // namespace
 // AlloyBrowserHostImpl static methods.
@ -567,8 +609,8 @@ bool AlloyBrowserHostImpl::MaybeAllowNavigation(
    // The PDF viewer will load the PDF extension in the guest view, and print
    // preview will load chrome://print in the guest view. The PDF renderer
    // used with PdfUnseasoned will set |params.is_pdf| when loading the PDF
-    // stream (see PdfNavigationThrottle::WillStartRequest). All other
+    // stream (see PdfNavigationThrottle::WillStartRequest). All other guest
-    // navigations are passed to the owner browser.
+    // view navigations are passed to the owner browser.
    CEF_POST_TASK(CEF_UIT,
                  base::BindOnce(
                      base::IgnoreResult(&AlloyBrowserHostImpl::OpenURLFromTab),
@ -577,6 +619,14 @@ bool AlloyBrowserHostImpl::MaybeAllowNavigation(
    return false;
  }
  if (!is_guest_view && params.url.SchemeIs(content::kChromeUIScheme) &&
      !IsAllowedWebUIHost(params.url.host_piece())) {
    // Block navigation to non-allowlisted WebUI pages.
    LOG(WARNING) << "Navigation to " << params.url.spec()
                 << " is blocked in Alloy-style browser.";
    return false;
  }
  return true;
 }