web-ui: Introduce ChromeUntrustedWebUIControllerFactory
Currently WebUI properties, e.g. CSPs, requesting schemes, host, mojo,
etc. are stored in WebUIControllers themselves. The lifetime of a
WebUIController is bound to the frame, which makes it hard to use for
some use cases. A non-dynamically allocated class where clients could
query a WebUIs properties would be easier to use and audit.
Introduces a new WebUIConfig class that stores properties of WebUIs. For
now the two properties are 1. the WebUI's host and 2. if the WebUI
is enabled. In the future this class could include information like
CSPs, if we should enable Mojo, if we should enable chrome.send(), if
we should allow network requests, URLDataSource, etc.
For now all WebUIConfigs are owned by
ChromeUntrustedWebUIControllerFactory but that could be moved somewhere
else so that anyone could retrieve a WebUIConfig and check its
properties.
ChromeUntrustedWebUIControllerFactory holds a map of hosts to
WebUIConfigs and implements WebUIControllerFactory methods by querying
the appropriate config for its properties.
Bug: 1080384
Change-Id: Ieebb0ded877f57d00d6f47aa5b9304cd250b1bf1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2315572
Commit-Queue: Giovanni Ortuño Urquidi <[email protected]>
Reviewed-by: dpapad <[email protected]>
Reviewed-by: Scott Violet <[email protected]>
Reviewed-by: Jiewei Qian <[email protected]>
Reviewed-by: calamity <[email protected]>
Cr-Commit-Position: refs/heads/master@{#836974}
diff --git a/ui/webui/untrusted_web_ui_controller.h b/ui/webui/untrusted_web_ui_controller.h
new file mode 100644
index 0000000..a74f048
--- /dev/null
+++ b/ui/webui/untrusted_web_ui_controller.h
@@ -0,0 +1,28 @@
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef UI_WEBUI_UNTRUSTED_WEB_UI_CONTROLLER_H_
+#define UI_WEBUI_UNTRUSTED_WEB_UI_CONTROLLER_H_
+
+#include "content/public/browser/web_ui_controller.h"
+
+namespace content {
+class WebUI;
+}
+
+namespace ui {
+
+// UntrustedWebUIController is intended for WebUI pages that process untrusted
+// content. These WebUIController should never request WebUI bindings.
+class UntrustedWebUIController : public content::WebUIController {
+ public:
+ explicit UntrustedWebUIController(content::WebUI* contents);
+ ~UntrustedWebUIController() override;
+ UntrustedWebUIController(UntrustedWebUIController&) = delete;
+ UntrustedWebUIController& operator=(const UntrustedWebUIController&) = delete;
+};
+
+} // namespace ui
+
+#endif // UI_WEBUI_UNTRUSTED_WEB_UI_CONTROLLER_H_
