Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Side by Side Diff: chrome/browser/download/download_extensions.cc

Issue 1220333007: [Downloads] Consider Windows PowerShell file types as dangerous. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/download/download_stats.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "chrome/browser/download/download_extensions.h" 8 #include "chrome/browser/download/download_extensions.h"
9 9
10 #include "base/strings/string_util.h" 10 #include "base/strings/string_util.h"
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
103 103
104 // Flash files downloaded locally can sometimes access the local filesystem. 104 // Flash files downloaded locally can sometimes access the local filesystem.
105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN},
106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN},
107 107
108 // Chrome extensions should be obtained through the web store. Allowed to 108 // Chrome extensions should be obtained through the web store. Allowed to
109 // open automatically because Chrome displays a prompt prior to 109 // open automatically because Chrome displays a prompt prior to
110 // installation. 110 // installation.
111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
112 112
113 // Windows, all file categories. 113 // Windows, all file categories. The list is in alphabetical order of
114 // extensions. Exceptions are made for logical groupings of file types.
115 //
116 // Some file descriptions are based on
117 // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cdd c-17c3-4279-a30c-060ba0207372
114 #if defined(OS_WIN) 118 #if defined(OS_WIN)
115 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 119 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
116 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 120
117 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 121 // Microsoft Access related.
122 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension
123 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project.
124 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut.
125 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
126 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut.
127 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut.
128 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut.
129 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut.
130 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures.
131 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut.
132 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut.
133 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page.
134 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in.
135 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
136 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
137 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data.
138 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information.
139 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template.
140
141 // Executable Application.
118 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 142 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
119 143
120 // Microsoft ClickOnce depolyment manifest. By default, opens with 144 // Microsoft ClickOnce depolyment manifest. By default, opens with
121 // dfshim.dll which should prompt the user before running untrusted code. 145 // dfshim.dll which should prompt the user before running untrusted code.
122 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 146 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
123 147
124 // Active Server Pages source file. 148 // Active Server Pages source file.
125 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 149 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
126 150
127 // Advanced Stream Redirector. Contains a playlist of media files. 151 // Advanced Stream Redirector. Contains a playlist of media files.
(...skipping 21 matching lines...) Expand all
149 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 173 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
150 174
151 // Signed certificate file. 175 // Signed certificate file.
152 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 176 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
153 177
154 // Windows executables. 178 // Windows executables.
155 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, 179 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN},
156 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, 180 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN},
157 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 181 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
158 182
183 // Microsoft FoxPro Compiled Source.
159 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 184 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
160 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, 185 {"grp", DANGEROUS, ALLOW_AUTO_OPEN},
161 186
162 // Windows legacy help file format. 187 // Windows legacy help file format.
163 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 188 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
164 189
165 // HTML Application. Executes as a fully trusted application. 190 // HTML Application. Executes as a fully trusted application.
166 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 191 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
167 192
168 // Hypertext Template File. See https://support.microsoft.com/kb/181689. 193 // Hypertext Template File. See https://support.microsoft.com/kb/181689.
169 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 194 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
170 195
171 // Device installation information. 196 // Device installation information.
172 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 197 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
173 198
174 // Generic configuration file. 199 // Generic configuration file.
175 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, 200 {"ini", DANGEROUS, ALLOW_AUTO_OPEN},
176 201
202 // Microsoft IIS Internet Communication Settings.
177 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 203 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
204
205 // Microsoft IIS Internet Service Provider Settings.
178 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 206 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
179 207
180 // JavaScript file. May open using Windows Script Host with user level 208 // JavaScript file. May open using Windows Script Host with user level
181 // privileges. 209 // privileges.
182 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 210 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
211
212 // JScript encoded script file.
183 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 213 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
184 214
185 // Shortcuts. May open anything. 215 // Shortcuts. May open anything.
186 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 216 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
187 217
188 // .local files affect DLL search path for .exe file with same base name. 218 // .local files affect DLL search path for .exe file with same base name.
189 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, 219 {"local", DANGEROUS, ALLOW_AUTO_OPEN},
190 220
191 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
192 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
193 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
194 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
195
196 // While being a generic name, having a .manifest file with the same 221 // While being a generic name, having a .manifest file with the same
197 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search 222 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search
198 // order for the .exe file. Downloading this kind of file to the users' 223 // order for the .exe file. Downloading this kind of file to the users'
199 // download directory is almost always the wrong thing to do. 224 // download directory is almost always the wrong thing to do.
200 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, 225 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN},
201 226
202 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 227 // Media Attachment Unit.
203 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
204 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
205 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
206 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 228 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
207 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
208 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
209 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
210 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
211 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
212 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
213 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
214 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
215 229
216 // Multipart HTML. 230 // Multipart HTML.
217 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 231 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
218 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 232 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
219 233
220 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 234 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
221 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, 235 {"mof", DANGEROUS, ALLOW_AUTO_OPEN},
222 236
223 // Microsoft Management Console Snap-in. Contains executable code. 237 // Microsoft Management Console Snap-in. Contains executable code.
224 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 238 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
225 239
226 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 240 // Microsoft Shell.
227 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 241 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
242 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
243 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
244 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
245 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
246 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
228 247
229 // Windows Installer 248 // Windows Installer.
230 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 249 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
231 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 250 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
232 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 251 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
233 252
234 // ActiveX Control 253 // ActiveX Control.
235 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, 254 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN},
palmer 2015/07/07 20:54:42 This seems wrong.
asanka 2015/07/07 22:40:53 Changed to DISALLOW_AUTO_OPEN.
236 255
256 // Microsoft Office Profile Settings File.
237 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 257 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
258
259 // Microsoft Visual Test.
238 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 260 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
239 261
240 // Program Information File. Originally intended to configure execution 262 // Program Information File. Originally intended to configure execution
241 // environment for legacy DOS files. They aren't meant to contain executable 263 // environment for legacy DOS files. They aren't meant to contain executable
242 // code. But Windows may execute a PIF file that is sniffed as a PE file. 264 // code. But Windows may execute a PIF file that is sniffed as a PE file.
243 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 265 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
244 266
267 // Developer Studio Build Log.
245 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 268 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
269
270 // Windows System File.
246 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 271 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
272
273 // Program File.
247 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 274 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
275
276 // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder
277 // File.
248 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 278 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
249 279
280 // Microsoft Windows PowerShell.
281 {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
282 {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
283 {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
284 {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
285 {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
286 {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
287
250 // Registry file. Opening may cause registry settings to change. Users still 288 // Registry file. Opening may cause registry settings to change. Users still
251 // need to click through a prompt. So we could consider relaxing the 289 // need to click through a prompt. So we could consider relaxing the
252 // DISALLOW_AUTO_OPEN restriction. 290 // DISALLOW_AUTO_OPEN restriction.
253 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 291 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
254 292
293 // Microsoft Windows Explorer Command.
255 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 294 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
256 295
257 // These are also executables. 296 // Microsoft Windows Screen Saver.
258 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 297 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
259 298
299 // Microsoft Windows Script Component. Microsoft FoxPro Screen.
260 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 300 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
301
302 // Microsoft Windows Shortcut into a document.
261 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 303 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
304
305 // Shell Scrap Object File.
262 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 306 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
263 307
264 // System executable. Windows tries hard to prevent you from opening these 308 // System executable. Windows tries hard to prevent you from opening these
265 // types of files. 309 // types of files.
266 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, 310 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN},
267 311
268 // Internet Shortcut. See description for .website below. 312 // Internet Shortcut (new since IE9). Both .url and .website are .ini files
313 // that describe a shortcut that points to a URL. They can point at
314 // anything. Dropping a download of this type and opening it automatically
315 // can in effect sidestep origin restrictions etc.
Randy Smith (Not in Mondays) 2015/07/07 20:35:47 nit, not even a suggestion: I do find myself think
asanka 2015/07/07 22:40:53 Acknowledged. Note that since SB now handles these
269 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, 316 {"url", DANGEROUS, DISALLOW_AUTO_OPEN},
270 317 {"website", DANGEROUS, DISALLOW_AUTO_OPEN},
271 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
272 318
273 // VBScript files. My open with Windows Script Host and execute with user 319 // VBScript files. My open with Windows Script Host and execute with user
274 // privileges. 320 // privileges.
321 {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
275 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 322 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
276 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 323 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
277 324
278 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 325 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
326
327 // Microsoft Visual Studio Binary-based Macro Project.
279 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 328 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
329
280 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 330 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
281 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 331 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
332
333 // Microsoft Visio Workspace.
282 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 334 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
283 335
284 // Internet Shortcut (new since IE9). Both .url and .website are .ini files
285 // that describe a shortcut that points to a URL. They can point at
286 // anything. Dropping a download of this type and opening it automatically
287 // can in effect sidestep origin restrictions etc.
288 {"website", DANGEROUS, DISALLOW_AUTO_OPEN},
289
290 // Windows Script Host related. 336 // Windows Script Host related.
291 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 337 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
292 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 338 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
293 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 339 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
294 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 340 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
295 341
296 // XAML Browser Application. 342 // XAML Browser Application.
297 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, 343 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN},
344
345 // Microsoft Exchange Public Folder Shortcut.
346 {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
298 #endif // OS_WIN 347 #endif // OS_WIN
299 348
300 // Java. 349 // Java.
301 #if !defined(OS_CHROMEOS) 350 #if !defined(OS_CHROMEOS)
302 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, 351 {"class", DANGEROUS, DISALLOW_AUTO_OPEN},
303 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, 352 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN},
304 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, 353 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN},
305 #endif 354 #endif
306 355
307 // Scripting languages. (Shells are handled below.) 356 // Scripting languages. (Shells are handled below.)
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
373 422
374 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { 423 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) {
375 return GetFileType(path).danger_level; 424 return GetFileType(path).danger_level;
376 } 425 }
377 426
378 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { 427 bool IsAllowedToOpenAutomatically(const base::FilePath& path) {
379 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; 428 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN;
380 } 429 }
381 430
382 } // namespace download_util 431 } // namespace download_util
OLDNEW
« no previous file with comments | « no previous file | content/browser/download/download_stats.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698