| Index: chrome/renderer/chrome_content_renderer_client.cc
|
| diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
|
| index 80c1d76293986e00fa93f5fca72bcf46706d51d0..c5bdf1e7733b8387e4fe70daa3118ee70a7ece3d 100644
|
| --- a/chrome/renderer/chrome_content_renderer_client.cc
|
| +++ b/chrome/renderer/chrome_content_renderer_client.cc
|
| @@ -439,22 +439,16 @@ void ChromeContentRendererClient::RenderThreadStarted() {
|
| if (command_line->HasSwitch(switches::kInstantProcess))
|
| thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
|
|
|
| - // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
|
| - // should not be accessible by normal content, and should also be unable to
|
| - // script anything but themselves (to help limit the damage that a corrupt
|
| - // page could cause).
|
| - WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
|
| - WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
|
| -
|
| + // chrome-search: and chrome-distiller: pages should not be accessible by
|
| + // normal content, and should also be unable to script anything but themselves
|
| + // (to help limit the damage that a corrupt page could cause).
|
| WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
|
| +
|
| // The Instant process can only display the content but not read it. Other
|
| // processes can't display it or read it.
|
| if (!command_line->HasSwitch(switches::kInstantProcess))
|
| WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
|
|
|
| - WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
|
| - WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
|
| -
|
| WebString dom_distiller_scheme(
|
| ASCIIToUTF16(dom_distiller::kDomDistillerScheme));
|
| // TODO(nyquist): Add test to ensure this happens when the flag is set.
|
| @@ -475,16 +469,13 @@ void ChromeContentRendererClient::RenderThreadStarted() {
|
| }
|
| #endif
|
|
|
| - // chrome: and chrome-search: pages should not be accessible by bookmarklets
|
| + // chrome-search: pages should not be accessible by bookmarklets
|
| // or javascript: URLs typed in the omnibox.
|
| WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
|
| - chrome_ui_scheme);
|
| - WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
|
| chrome_search_scheme);
|
|
|
| - // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource:
|
| + // chrome-search:, chrome-extension:, and chrome-extension-resource:
|
| // resources shouldn't trigger insecure content warnings.
|
| - WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
|
| WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
|
|
|
| WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
|
| @@ -496,7 +487,6 @@ void ChromeContentRendererClient::RenderThreadStarted() {
|
|
|
| // chrome:, chrome-extension:, chrome-extension-resource: resources should be
|
| // allowed to receive CORS requests.
|
| - WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme);
|
| WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
|
| WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
|
|
|
|
|
Chromium Code Reviews
Issue 1137103003:
Move content:: scheme registrations from chrome/ to content/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master