Index: chrome/renderer/chrome_content_renderer_client.cc |
=================================================================== |
--- chrome/renderer/chrome_content_renderer_client.cc (revision 98255) |
+++ chrome/renderer/chrome_content_renderer_client.cc (working copy) |
@@ -206,6 +206,13 @@ |
// chrome-extension: resources shouldn't trigger insecure content warnings. |
WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme)); |
WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |
+ |
+ // chrome: and chrome-extension: pages should not be accessible by |
+ // bookmarklets or javascript: URLs typed in the omnibox. |
+ WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( |
+ chrome_ui_scheme); |
+ WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( |
+ extension_scheme); |
Mihai Parparita -not on Chrome
2011/08/25 18:30:56
This also includes packaged apps, users might expe
|
} |
void ChromeContentRendererClient::RenderViewCreated(RenderView* render_view) { |