| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
| 9 | 9 |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 | 103 |
| 104 // Flash files downloaded locally can sometimes access the local filesystem. | 104 // Flash files downloaded locally can sometimes access the local filesystem. |
| 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, | 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, | 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 107 | 107 |
| 108 // Chrome extensions should be obtained through the web store. Allowed to | 108 // Chrome extensions should be obtained through the web store. Allowed to |
| 109 // open automatically because Chrome displays a prompt prior to | 109 // open automatically because Chrome displays a prompt prior to |
| 110 // installation. | 110 // installation. |
| 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 112 | 112 |
| 113 // Windows, all file categories. | 113 // Windows, all file categories. The list is in alphabetical order of |
| 114 // extensions. Exceptions are made for logical groupings of file types. |
| 115 // |
| 116 // Some file descriptions are based on |
| 117 // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cdd
c-17c3-4279-a30c-060ba0207372 |
| 114 #if defined(OS_WIN) | 118 #if defined(OS_WIN) |
| 115 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 119 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 116 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 120 |
| 117 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 121 // Microsoft Access related. |
| 122 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension |
| 123 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project. |
| 124 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut. |
| 125 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 126 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut. |
| 127 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut. |
| 128 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut. |
| 129 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut. |
| 130 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures. |
| 131 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut. |
| 132 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut. |
| 133 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page. |
| 134 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in. |
| 135 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 136 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 137 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data. |
| 138 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information. |
| 139 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template. |
| 140 |
| 141 // Executable Application. |
| 118 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 142 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 119 | 143 |
| 120 // Microsoft ClickOnce depolyment manifest. By default, opens with | 144 // Microsoft ClickOnce depolyment manifest. By default, opens with |
| 121 // dfshim.dll which should prompt the user before running untrusted code. | 145 // dfshim.dll which should prompt the user before running untrusted code. |
| 122 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 146 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 123 | 147 |
| 124 // Active Server Pages source file. | 148 // Active Server Pages source file. |
| 125 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 149 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 126 | 150 |
| 127 // Advanced Stream Redirector. Contains a playlist of media files. | 151 // Advanced Stream Redirector. Contains a playlist of media files. |
| (...skipping 21 matching lines...) Expand all Loading... |
| 149 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 173 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 150 | 174 |
| 151 // Signed certificate file. | 175 // Signed certificate file. |
| 152 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 176 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 153 | 177 |
| 154 // Windows executables. | 178 // Windows executables. |
| 155 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, | 179 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 156 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, | 180 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 157 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 181 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 158 | 182 |
| 183 // Microsoft FoxPro Compiled Source. |
| 159 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 184 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 160 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, | 185 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 161 | 186 |
| 162 // Windows legacy help file format. | 187 // Windows legacy help file format. |
| 163 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 188 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 164 | 189 |
| 165 // HTML Application. Executes as a fully trusted application. | 190 // HTML Application. Executes as a fully trusted application. |
| 166 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 191 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 167 | 192 |
| 168 // Hypertext Template File. See https://support.microsoft.com/kb/181689. | 193 // Hypertext Template File. See https://support.microsoft.com/kb/181689. |
| 169 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 194 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 170 | 195 |
| 171 // Device installation information. | 196 // Device installation information. |
| 172 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 197 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 173 | 198 |
| 174 // Generic configuration file. | 199 // Generic configuration file. |
| 175 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, | 200 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 176 | 201 |
| 202 // Microsoft IIS Internet Communication Settings. |
| 177 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 203 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 204 |
| 205 // Microsoft IIS Internet Service Provider Settings. |
| 178 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 206 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 179 | 207 |
| 180 // JavaScript file. May open using Windows Script Host with user level | 208 // JavaScript file. May open using Windows Script Host with user level |
| 181 // privileges. | 209 // privileges. |
| 182 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 210 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 211 |
| 212 // JScript encoded script file. |
| 183 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 213 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 184 | 214 |
| 185 // Shortcuts. May open anything. | 215 // Shortcuts. May open anything. |
| 186 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 216 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 187 | 217 |
| 188 // .local files affect DLL search path for .exe file with same base name. | 218 // .local files affect DLL search path for .exe file with same base name. |
| 189 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, | 219 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 190 | 220 |
| 191 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 192 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 193 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 194 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 195 | |
| 196 // While being a generic name, having a .manifest file with the same | 221 // While being a generic name, having a .manifest file with the same |
| 197 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search | 222 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search |
| 198 // order for the .exe file. Downloading this kind of file to the users' | 223 // order for the .exe file. Downloading this kind of file to the users' |
| 199 // download directory is almost always the wrong thing to do. | 224 // download directory is almost always the wrong thing to do. |
| 200 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, | 225 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 201 | 226 |
| 202 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 227 // Media Attachment Unit. |
| 203 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 204 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 205 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 206 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 228 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 207 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 208 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 209 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 210 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 211 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 212 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 213 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 214 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 215 | 229 |
| 216 // Multipart HTML. | 230 // Multipart HTML. |
| 217 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 231 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 218 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 232 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 219 | 233 |
| 220 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 234 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 221 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, | 235 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, |
| 222 | 236 |
| 223 // Microsoft Management Console Snap-in. Contains executable code. | 237 // Microsoft Management Console Snap-in. Contains executable code. |
| 224 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 238 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 225 | 239 |
| 226 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 240 // Microsoft Shell. |
| 227 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 241 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 242 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 243 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 244 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 245 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 246 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 228 | 247 |
| 229 // Windows Installer | 248 // Windows Installer. |
| 230 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 249 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 231 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 250 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 232 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 251 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 233 | 252 |
| 234 // ActiveX Control | 253 // ActiveX Control. |
| 235 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, | 254 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 236 | 255 |
| 256 // Microsoft Office Profile Settings File. |
| 237 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 257 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 258 |
| 259 // Microsoft Visual Test. |
| 238 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 260 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 239 | 261 |
| 240 // Program Information File. Originally intended to configure execution | 262 // Program Information File. Originally intended to configure execution |
| 241 // environment for legacy DOS files. They aren't meant to contain executable | 263 // environment for legacy DOS files. They aren't meant to contain executable |
| 242 // code. But Windows may execute a PIF file that is sniffed as a PE file. | 264 // code. But Windows may execute a PIF file that is sniffed as a PE file. |
| 243 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 265 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 244 | 266 |
| 267 // Developer Studio Build Log. |
| 245 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 268 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 269 |
| 270 // Windows System File. |
| 246 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 271 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 272 |
| 273 // Program File. |
| 247 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 274 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 275 |
| 276 // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder |
| 277 // File. |
| 248 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 278 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 249 | 279 |
| 280 // Microsoft Windows PowerShell. |
| 281 {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 282 {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 283 {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 284 {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 285 {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 286 {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 287 |
| 250 // Registry file. Opening may cause registry settings to change. Users still | 288 // Registry file. Opening may cause registry settings to change. Users still |
| 251 // need to click through a prompt. So we could consider relaxing the | 289 // need to click through a prompt. So we could consider relaxing the |
| 252 // DISALLOW_AUTO_OPEN restriction. | 290 // DISALLOW_AUTO_OPEN restriction. |
| 253 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 291 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 254 | 292 |
| 293 // Microsoft Windows Explorer Command. |
| 255 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 294 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 256 | 295 |
| 257 // These are also executables. | 296 // Microsoft Windows Screen Saver. |
| 258 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 297 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 259 | 298 |
| 299 // Microsoft Windows Script Component. Microsoft FoxPro Screen. |
| 260 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 300 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 301 |
| 302 // Microsoft Windows Shortcut into a document. |
| 261 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 303 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 304 |
| 305 // Shell Scrap Object File. |
| 262 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 306 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 263 | 307 |
| 264 // System executable. Windows tries hard to prevent you from opening these | 308 // System executable. Windows tries hard to prevent you from opening these |
| 265 // types of files. | 309 // types of files. |
| 266 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, | 310 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 267 | 311 |
| 268 // Internet Shortcut. See description for .website below. | 312 // Internet Shortcut (new since IE9). Both .url and .website are .ini files |
| 313 // that describe a shortcut that points to a URL. They can point at |
| 314 // anything. Dropping a download of this type and opening it automatically |
| 315 // can in effect sidestep origin restrictions etc. |
| 269 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, | 316 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 270 | 317 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 271 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
| 272 | 318 |
| 273 // VBScript files. My open with Windows Script Host and execute with user | 319 // VBScript files. My open with Windows Script Host and execute with user |
| 274 // privileges. | 320 // privileges. |
| 321 {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 275 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 322 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 276 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 323 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 277 | 324 |
| 278 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 325 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 326 |
| 327 // Microsoft Visual Studio Binary-based Macro Project. |
| 279 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 328 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 329 |
| 280 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 330 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 281 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 331 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 332 |
| 333 // Microsoft Visio Workspace. |
| 282 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 334 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 283 | 335 |
| 284 // Internet Shortcut (new since IE9). Both .url and .website are .ini files | |
| 285 // that describe a shortcut that points to a URL. They can point at | |
| 286 // anything. Dropping a download of this type and opening it automatically | |
| 287 // can in effect sidestep origin restrictions etc. | |
| 288 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
| 289 | |
| 290 // Windows Script Host related. | 336 // Windows Script Host related. |
| 291 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 337 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 292 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 338 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 293 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 339 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 294 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 340 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 295 | 341 |
| 296 // XAML Browser Application. | 342 // XAML Browser Application. |
| 297 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, | 343 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 344 |
| 345 // Microsoft Exchange Public Folder Shortcut. |
| 346 {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 298 #endif // OS_WIN | 347 #endif // OS_WIN |
| 299 | 348 |
| 300 // Java. | 349 // Java. |
| 301 #if !defined(OS_CHROMEOS) | 350 #if !defined(OS_CHROMEOS) |
| 302 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, | 351 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 303 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, | 352 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 304 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, | 353 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 305 #endif | 354 #endif |
| 306 | 355 |
| 307 // Scripting languages. (Shells are handled below.) | 356 // Scripting languages. (Shells are handled below.) |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 373 | 422 |
| 374 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | 423 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { |
| 375 return GetFileType(path).danger_level; | 424 return GetFileType(path).danger_level; |
| 376 } | 425 } |
| 377 | 426 |
| 378 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { | 427 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { |
| 379 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; | 428 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; |
| 380 } | 429 } |
| 381 | 430 |
| 382 } // namespace download_util | 431 } // namespace download_util |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1220333007:
[Downloads] Consider Windows PowerShell file types as dangerous. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master