| Index: chrome/browser/extensions/extension_bookmarks_module.cc
|
| ===================================================================
|
| --- chrome/browser/extensions/extension_bookmarks_module.cc (revision 81909)
|
| +++ chrome/browser/extensions/extension_bookmarks_module.cc (working copy)
|
| @@ -31,6 +31,7 @@
|
| #include "chrome/browser/ui/browser_list.h"
|
| #include "chrome/common/chrome_paths.h"
|
| #include "chrome/common/pref_names.h"
|
| +#include "content/browser/child_process_security_policy.h"
|
| #include "content/common/notification_service.h"
|
| #include "grit/generated_resources.h"
|
| #include "ui/base/l10n/l10n_util.h"
|
| @@ -468,8 +469,13 @@
|
| json->GetString(keys::kTitleKey, &title); // Optional.
|
| std::string url_string;
|
| json->GetString(keys::kUrlKey, &url_string); // Optional.
|
| +
|
| + // Ensure the bookmark URL is a valid URL and has a web safe scheme.
|
| GURL url(url_string);
|
| - if (!url.is_empty() && !url.is_valid()) {
|
| + ChildProcessSecurityPolicy *policy =
|
| + ChildProcessSecurityPolicy::GetInstance();
|
| + if (!url.is_empty() &&
|
| + (!url.is_valid() || !policy->IsWebSafeScheme(url.scheme()))) {
|
| error_ = keys::kInvalidUrlError;
|
| return false;
|
| }
|
|
|
Chromium Code Reviews
Issue 6879047:
Make sure that extensions can launch web urls, create bookmark url with web safe schemes only. (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/