Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/download/download_extensions.h

Issue 1165893004: [Downloads] Prevent dangerous files from being opened automatically. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/download/download_commands.cc ('k') | chrome/browser/download/download_extensions.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/download/download_extensions.h
diff --git a/chrome/browser/download/download_extensions.h b/chrome/browser/download/download_extensions.h
index 67980caa662baa02bd5ad6c19fe121386a15eda4..5df7f437f3fc9b3abaa499c8b7544402c30f9eb8 100644
--- a/chrome/browser/download/download_extensions.h
+++ b/chrome/browser/download/download_extensions.h
@@ -12,14 +12,42 @@
namespace download_util {
enum DownloadDangerLevel {
+ // Safe. Or at least not known to be dangerous. Safe to download and open,
+ // even if the download was accidental.
NOT_DANGEROUS,
+
+ // Require confirmation before downloading. An additional user gesture may not
+ // be required if the download was from a familiar site and the download was
+ // initiated via a user action.
ALLOW_ON_USER_GESTURE,
+
+ // Always require confirmation when downloading.
DANGEROUS
};
// Determine the download danger level of a file.
DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path);
+// Returns true if the file specified by |path| is allowed to open
+// automatically.
+//
+// Not all downloads are initiated with the consent of the user. Even when the
+// user consents, the file written to disk may differ from the users'
+// expectations. I.e. a malicious website could drop a nefarious download
+// possibly by click jacking, or by serving a file that is different from what
+// the user intended to download.
+//
+// Any prompting done in order to validate a dangerous download is a speed bump
+// rather than a security measure. The user likely doesn't have the information
+// necessary to evaluate the safety of a downloaded file. In addition, downloads
+// with a danger type of ALLOW_ON_USER_GESTURE might not prompt at all. So
+// Chrome forces the user to manually open some file types by preventing them
+// from being opened automatically. See https://crbug.com/461858
+//
+// See DownloadAutoOpenHint for details on the criteria used to disallow
+// automatic opening for a file type.
+bool IsAllowedToOpenAutomatically(const base::FilePath& path);
+
// Tests if we think the server means for this mime_type to be executable.
bool IsExecutableMimeType(const std::string& mime_type);
« no previous file with comments | « chrome/browser/download/download_commands.cc ('k') | chrome/browser/download/download_extensions.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698