Chromium Code Reviews Chromium Code Reviews
Issue 7624031:
Treat files downloaded from the address bar as "always safe" (including extensions per discussion... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| Index: chrome/browser/download/chrome_download_manager_delegate.cc |
| =================================================================== |
| --- chrome/browser/download/chrome_download_manager_delegate.cc (revision 97032) |
| +++ chrome/browser/download/chrome_download_manager_delegate.cc (working copy) |
| @@ -133,7 +133,8 @@ |
| } |
| void ChromeDownloadManagerDelegate::CheckDownloadUrlDone( |
| - int32 download_id, bool is_dangerous_url) { |
| + int32 download_id, |
| + bool is_dangerous_url) { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| DownloadItem* download = |
| @@ -144,11 +145,9 @@ |
| if (is_dangerous_url) |
| download->MarkUrlDangerous(); |
| - download_manager_->download_history()->CheckVisitedReferrerBefore( |
| - download_id, |
| - download->referrer_url(), |
| - NewCallback(this, |
| - &ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone)); |
| + download_manager_->download_history()->CheckVisitedReferrerBefore(download_id, |
| + download->referrer_url(), NewCallback(this, |
| + &ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone)); |
|
ahendrickson
2011/08/19 15:51:47
Nit: I think the indentation is wrong here.
Peter Kasting
2011/08/19 17:27:38
I'll indent the last line 4 more. I asked Brett w
|
| } |
| void ChromeDownloadManagerDelegate::CheckVisitedReferrerBeforeDone( |
| @@ -338,24 +337,30 @@ |
| bool visited_referrer_before) { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| - bool auto_open = ShouldOpenFileBasedOnExtension(state.suggested_path); |
| - download_util::DownloadDangerLevel danger_level = |
| - download_util::GetFileDangerLevel(state.suggested_path.BaseName()); |
| + // Anything loaded directly from the address bar is OK. |
| + if (state.transition_type & PageTransition::FROM_ADDRESS_BAR) |
| + return false; |
| - if (danger_level == download_util::Dangerous) |
| - return !(auto_open && state.has_user_gesture); |
| - |
| - if (danger_level == download_util::AllowOnUserGesture && |
| - (!state.has_user_gesture || !visited_referrer_before)) |
| - return true; |
| - |
| + // Extensions that are not from the gallery are considered dangerous. |
| if (state.is_extension_install) { |
| - // Extensions that are not from the gallery are considered dangerous. |
| ExtensionService* service = |
| download_manager_->profile()->GetExtensionService(); |
| if (!service || !service->IsDownloadFromGallery(download.GetURL(), |
| download.referrer_url())) |
| return true; |
| } |
| - return false; |
| + |
| + // Anything the user has marked auto-open is OK if it's user-initiated. |
| + if (ShouldOpenFileBasedOnExtension(state.suggested_path) && |
| + state.has_user_gesture) |
| + return false; |
| + |
| + // "Allow on user gesture" is OK when we have a user gesture and the hosting |
| + // page has been visited before today. |
| + download_util::DownloadDangerLevel danger_level = |
| + download_util::GetFileDangerLevel(state.suggested_path.BaseName()); |
| + if (danger_level == download_util::AllowOnUserGesture) |
| + return !state.has_user_gesture || !visited_referrer_before; |
| + |
| + return danger_level == download_util::Dangerous; |
| } |
