Add chrome-search: access from Instant overlay

chrome/renderer/chrome_content_renderer_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_content_renderer_client.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 221 matching lines @@
 
   if (command_line->HasSwitch(switches::kPlaybackMode) ||
       command_line->HasSwitch(switches::kRecordMode) ||
       command_line->HasSwitch(switches::kNoJsRandomness)) {
     thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
   }
 
   if (command_line->HasSwitch(switches::kEnableIPCFuzzing)) {
     thread->GetChannel()->set_outgoing_message_filter(LoadExternalIPCFuzzer());
   }
-  // chrome:, chrome-devtools:, and chrome-internal: pages should not be
-  // accessible by normal content, and should also be unable to script
-  // anything but themselves (to help limit the damage that a corrupt
+  // chrome:, chrome-search:, chrome-devtools:, and chrome-internal: pages
+  // should not be accessible by normal content, and should also be unable to
+  // script anything but themselves (to help limit the damage that a corrupt
   // page could cause).
   WebString chrome_ui_scheme(ASCIIToUTF16(chrome::kChromeUIScheme));
   WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
 
+  WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
+  WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
+
   WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme));
   WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
 
   WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme));
   WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme);
 
 #if defined(OS_CHROMEOS)
   WebString drive_scheme(ASCIIToUTF16(chrome::kDriveScheme));
   WebSecurityPolicy::registerURLSchemeAsLocal(drive_scheme);
 #endif
 
-  // chrome: pages should not be accessible by bookmarklets or javascript:
-  // URLs typed in the omnibox.
+  // chrome: and chrome-search: pages should not be accessible by bookmarklets
+  // or javascript: URLs typed in the omnibox.
   WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
       chrome_ui_scheme);
+  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
+      chrome_search_scheme);
 
-  // chrome:, and chrome-extension: resources shouldn't trigger insecure
-  // content warnings.
+  // chrome:, chrome-search:, and chrome-extension: resources shouldn't trigger
+  // insecure content warnings.
   WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
+  WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
 
   WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
   WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
 
   // chrome-extension: resources should be allowed to receive CORS requests.
   WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
 
   WebString extension_resource_scheme(
       ASCIIToUTF16(chrome::kExtensionResourceScheme));
   WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
@@ skipping 831 matching lines @@
   if (container->element().shadowHost().tagName().equals(
           WebKit::WebString::fromUTF8(kWebViewTagName))) {
     return true;
   } else {
     return CommandLine::ForCurrentProcess()->HasSwitch(
         switches::kEnableBrowserPluginForAllViewTypes);
   }
 }
 
 }  // namespace chrome