Block renderer-initiated main frame navigations to data URLs
This CL implements the blocking of data URL navigations as described in the
blink intent to deprecate and remove thread at https://goo.gl/BaZAea.
The blocking is done in two separate places:
- blink::FrameLoader: This is a renderer side check that blocks all top-frame
loads for known mime types. This check ignores unknown mime types as those
can end up as downloads or be handled by plugins.
- content::DataURLNavigationThrottler: This is a browser side check that
handles data URLs that were ignored by the renderer check. By this point, the
determination of whether the URL is a download or not has already been made.
This check allows downloads and blocks remaining URLs (ie. mime types that
are handled by plugins). When browser side navigation is enabled, all blocking
is done in this throttler instead of some checks being in blink::FrameLoader.
This CL moves data URL navigation tests to a separate file, and removes layout
tests that are no longer realistic.
TEST=data_url_navigation_browsertest.cc
BUG=594215
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation
Review-Url: https://codereview.chromium.org/2702503002
Cr-Commit-Position: refs/heads/master@{#466504}
46 files changed
