OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/render_view_host_impl.h" | 5 #include "content/browser/renderer_host/render_view_host_impl.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <string> | 8 #include <string> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 1324 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1335 return; | 1335 return; |
1336 | 1336 |
1337 WebDropData filtered_data(drop_data); | 1337 WebDropData filtered_data(drop_data); |
1338 ChildProcessSecurityPolicyImpl* policy = | 1338 ChildProcessSecurityPolicyImpl* policy = |
1339 ChildProcessSecurityPolicyImpl::GetInstance(); | 1339 ChildProcessSecurityPolicyImpl::GetInstance(); |
1340 | 1340 |
1341 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. | 1341 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. |
1342 if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme)) | 1342 if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme)) |
1343 FilterURL(policy, GetProcess()->GetID(), true, &filtered_data.url); | 1343 FilterURL(policy, GetProcess()->GetID(), true, &filtered_data.url); |
1344 FilterURL(policy, GetProcess()->GetID(), false, &filtered_data.html_base_url); | 1344 FilterURL(policy, GetProcess()->GetID(), false, &filtered_data.html_base_url); |
1345 // Filter out any paths that the renderer didn't have access to. This prevents | |
1346 // the following attack on a malicious renderer: | |
1347 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it | |
1348 // doesn't have read permissions for. | |
1349 // 2. We initiate a native DnD operation. | |
1350 // 3. DnD operation immediately ends since mouse is not held down. DnD events | |
1351 // still fire though, which causes read permissions to be granted to the | |
1352 // renderer for any file paths in the drop. | |
1353 filtered_data.filenames.clear(); | |
1354 for (std::vector<string16>::const_iterator it = drop_data.filenames.begin(); | |
1355 it != drop_data.filenames.end(); ++it) { | |
1356 FilePath path(FilePath::FromUTF8Unsafe(UTF16ToUTF8(*it))); | |
1357 if (policy->CanReadFile(GetProcess()->GetID(), path)) | |
1358 filtered_data.filenames.push_back(*it); | |
1359 } | |
1345 view->StartDragging(filtered_data, drag_operations_mask, image, image_offset); | 1360 view->StartDragging(filtered_data, drag_operations_mask, image, image_offset); |
sky
2012/05/03 21:07:05
What happens if you end up here and everything was
dcheng
2012/05/03 21:14:49
We'll start a drag but there won't be any data con
| |
1346 } | 1361 } |
1347 | 1362 |
1348 void RenderViewHostImpl::OnUpdateDragCursor(WebDragOperation current_op) { | 1363 void RenderViewHostImpl::OnUpdateDragCursor(WebDragOperation current_op) { |
1349 RenderViewHostDelegate::View* view = delegate_->GetViewDelegate(); | 1364 RenderViewHostDelegate::View* view = delegate_->GetViewDelegate(); |
1350 if (view) | 1365 if (view) |
1351 view->UpdateDragCursor(current_op); | 1366 view->UpdateDragCursor(current_op); |
1352 } | 1367 } |
1353 | 1368 |
1354 void RenderViewHostImpl::OnTargetDropACK() { | 1369 void RenderViewHostImpl::OnTargetDropACK() { |
1355 content::NotificationService::current()->Notify( | 1370 content::NotificationService::current()->Notify( |
(...skipping 468 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1824 is_waiting_for_beforeunload_ack_ = false; | 1839 is_waiting_for_beforeunload_ack_ = false; |
1825 is_waiting_for_unload_ack_ = false; | 1840 is_waiting_for_unload_ack_ = false; |
1826 has_timed_out_on_unload_ = false; | 1841 has_timed_out_on_unload_ = false; |
1827 } | 1842 } |
1828 | 1843 |
1829 void RenderViewHostImpl::ClearPowerSaveBlockers() { | 1844 void RenderViewHostImpl::ClearPowerSaveBlockers() { |
1830 STLDeleteValues(&power_save_blockers_); | 1845 STLDeleteValues(&power_save_blockers_); |
1831 } | 1846 } |
1832 | 1847 |
1833 } // namespace content | 1848 } // namespace content |
OLD | NEW |