OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
9 | 9 |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 | 103 |
104 // Flash files downloaded locally can sometimes access the local filesystem. | 104 // Flash files downloaded locally can sometimes access the local filesystem. |
105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, | 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, |
106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, | 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, |
107 | 107 |
108 // Chrome extensions should be obtained through the web store. Allowed to | 108 // Chrome extensions should be obtained through the web store. Allowed to |
109 // open automatically because Chrome displays a prompt prior to | 109 // open automatically because Chrome displays a prompt prior to |
110 // installation. | 110 // installation. |
111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
112 | 112 |
113 // Windows, all file categories. | 113 // Windows, all file categories. The list is in alphabetical order of |
| 114 // extensions. Exceptions are made for logical groupings of file types. |
| 115 // |
| 116 // Some file descriptions are based on |
| 117 // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cdd
c-17c3-4279-a30c-060ba0207372 |
114 #if defined(OS_WIN) | 118 #if defined(OS_WIN) |
115 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 119 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
116 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 120 |
117 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 121 // Microsoft Access related. |
| 122 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension |
| 123 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project. |
| 124 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut. |
| 125 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 126 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut. |
| 127 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut. |
| 128 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut. |
| 129 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut. |
| 130 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures. |
| 131 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut. |
| 132 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut. |
| 133 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page. |
| 134 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in. |
| 135 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 136 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 137 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data. |
| 138 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information. |
| 139 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template. |
| 140 |
| 141 // Executable Application. |
118 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 142 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
119 | 143 |
120 // Microsoft ClickOnce depolyment manifest. By default, opens with | 144 // Microsoft ClickOnce depolyment manifest. By default, opens with |
121 // dfshim.dll which should prompt the user before running untrusted code. | 145 // dfshim.dll which should prompt the user before running untrusted code. |
122 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 146 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
123 | 147 |
124 // Active Server Pages source file. | 148 // Active Server Pages source file. |
125 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 149 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
126 | 150 |
127 // Advanced Stream Redirector. Contains a playlist of media files. | 151 // Advanced Stream Redirector. Contains a playlist of media files. |
(...skipping 21 matching lines...) Expand all Loading... |
149 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 173 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
150 | 174 |
151 // Signed certificate file. | 175 // Signed certificate file. |
152 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 176 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
153 | 177 |
154 // Windows executables. | 178 // Windows executables. |
155 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, | 179 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, |
156 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, | 180 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, |
157 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 181 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
158 | 182 |
| 183 // Microsoft FoxPro Compiled Source. |
159 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 184 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
160 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, | 185 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, |
161 | 186 |
162 // Windows legacy help file format. | 187 // Windows legacy help file format. |
163 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 188 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
164 | 189 |
165 // HTML Application. Executes as a fully trusted application. | 190 // HTML Application. Executes as a fully trusted application. |
166 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 191 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
167 | 192 |
168 // Hypertext Template File. See https://support.microsoft.com/kb/181689. | 193 // Hypertext Template File. See https://support.microsoft.com/kb/181689. |
169 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 194 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
170 | 195 |
171 // Device installation information. | 196 // Device installation information. |
172 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 197 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
173 | 198 |
174 // Generic configuration file. | 199 // Generic configuration file. |
175 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, | 200 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, |
176 | 201 |
| 202 // Microsoft IIS Internet Communication Settings. |
177 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 203 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 204 |
| 205 // Microsoft IIS Internet Service Provider Settings. |
178 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 206 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
179 | 207 |
180 // JavaScript file. May open using Windows Script Host with user level | 208 // JavaScript file. May open using Windows Script Host with user level |
181 // privileges. | 209 // privileges. |
182 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 210 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 211 |
| 212 // JScript encoded script file. |
183 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 213 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
184 | 214 |
185 // Shortcuts. May open anything. | 215 // Shortcuts. May open anything. |
186 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 216 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
187 | 217 |
188 // .local files affect DLL search path for .exe file with same base name. | 218 // .local files affect DLL search path for .exe file with same base name. |
189 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, | 219 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, |
190 | 220 |
191 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
192 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
193 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
194 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
195 | |
196 // While being a generic name, having a .manifest file with the same | 221 // While being a generic name, having a .manifest file with the same |
197 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search | 222 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search |
198 // order for the .exe file. Downloading this kind of file to the users' | 223 // order for the .exe file. Downloading this kind of file to the users' |
199 // download directory is almost always the wrong thing to do. | 224 // download directory is almost always the wrong thing to do. |
200 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, | 225 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, |
201 | 226 |
202 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 227 // Media Attachment Unit. |
203 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
204 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
205 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
206 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 228 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
207 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
208 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
209 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
210 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
211 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
212 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
213 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
214 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
215 | 229 |
216 // Multipart HTML. | 230 // Multipart HTML. |
217 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 231 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
218 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 232 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
219 | 233 |
220 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 234 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
221 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, | 235 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, |
222 | 236 |
223 // Microsoft Management Console Snap-in. Contains executable code. | 237 // Microsoft Management Console Snap-in. Contains executable code. |
224 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 238 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
225 | 239 |
226 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 240 // Microsoft Shell. |
227 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 241 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 242 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 243 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 244 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 245 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 246 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
228 | 247 |
229 // Windows Installer | 248 // Windows Installer. |
230 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 249 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
231 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 250 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
232 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 251 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
233 | 252 |
234 // ActiveX Control | 253 // ActiveX Control. |
235 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, | 254 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, |
236 | 255 |
| 256 // Microsoft Office Profile Settings File. |
237 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 257 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 258 |
| 259 // Microsoft Visual Test. |
238 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 260 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
239 | 261 |
240 // Program Information File. Originally intended to configure execution | 262 // Program Information File. Originally intended to configure execution |
241 // environment for legacy DOS files. They aren't meant to contain executable | 263 // environment for legacy DOS files. They aren't meant to contain executable |
242 // code. But Windows may execute a PIF file that is sniffed as a PE file. | 264 // code. But Windows may execute a PIF file that is sniffed as a PE file. |
243 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 265 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
244 | 266 |
| 267 // Developer Studio Build Log. |
245 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 268 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 269 |
| 270 // Windows System File. |
246 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 271 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 272 |
| 273 // Program File. |
247 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 274 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 275 |
| 276 // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder |
| 277 // File. |
248 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 278 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
249 | 279 |
| 280 // Microsoft Windows PowerShell. |
| 281 {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 282 {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 283 {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 284 {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 285 {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 286 {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 287 |
250 // Registry file. Opening may cause registry settings to change. Users still | 288 // Registry file. Opening may cause registry settings to change. Users still |
251 // need to click through a prompt. So we could consider relaxing the | 289 // need to click through a prompt. So we could consider relaxing the |
252 // DISALLOW_AUTO_OPEN restriction. | 290 // DISALLOW_AUTO_OPEN restriction. |
253 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 291 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
254 | 292 |
| 293 // Microsoft Windows Explorer Command. |
255 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 294 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
256 | 295 |
257 // These are also executables. | 296 // Microsoft Windows Screen Saver. |
258 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 297 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
259 | 298 |
| 299 // Microsoft Windows Script Component. Microsoft FoxPro Screen. |
260 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 300 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 301 |
| 302 // Microsoft Windows Shortcut into a document. |
261 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 303 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 304 |
| 305 // Shell Scrap Object File. |
262 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 306 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
263 | 307 |
264 // System executable. Windows tries hard to prevent you from opening these | 308 // System executable. Windows tries hard to prevent you from opening these |
265 // types of files. | 309 // types of files. |
266 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, | 310 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, |
267 | 311 |
268 // Internet Shortcut. See description for .website below. | 312 // Internet Shortcut (new since IE9). Both .url and .website are .ini files |
| 313 // that describe a shortcut that points to a URL. They can point at |
| 314 // anything. Dropping a download of this type and opening it automatically |
| 315 // can in effect sidestep origin restrictions etc. |
269 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, | 316 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, |
270 | 317 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, |
271 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
272 | 318 |
273 // VBScript files. My open with Windows Script Host and execute with user | 319 // VBScript files. My open with Windows Script Host and execute with user |
274 // privileges. | 320 // privileges. |
| 321 {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
275 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 322 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
276 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 323 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
277 | 324 |
278 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 325 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 326 |
| 327 // Microsoft Visual Studio Binary-based Macro Project. |
279 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 328 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 329 |
280 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 330 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
281 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 331 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 332 |
| 333 // Microsoft Visio Workspace. |
282 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 334 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
283 | 335 |
284 // Internet Shortcut (new since IE9). Both .url and .website are .ini files | |
285 // that describe a shortcut that points to a URL. They can point at | |
286 // anything. Dropping a download of this type and opening it automatically | |
287 // can in effect sidestep origin restrictions etc. | |
288 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
289 | |
290 // Windows Script Host related. | 336 // Windows Script Host related. |
291 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 337 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
292 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 338 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
293 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 339 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
294 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 340 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
295 | 341 |
296 // XAML Browser Application. | 342 // XAML Browser Application. |
297 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, | 343 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 344 |
| 345 // Microsoft Exchange Public Folder Shortcut. |
| 346 {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
298 #endif // OS_WIN | 347 #endif // OS_WIN |
299 | 348 |
300 // Java. | 349 // Java. |
301 #if !defined(OS_CHROMEOS) | 350 #if !defined(OS_CHROMEOS) |
302 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, | 351 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, |
303 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, | 352 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, |
304 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, | 353 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, |
305 #endif | 354 #endif |
306 | 355 |
307 // Scripting languages. (Shells are handled below.) | 356 // Scripting languages. (Shells are handled below.) |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 | 422 |
374 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { | 423 DownloadDangerLevel GetFileDangerLevel(const base::FilePath& path) { |
375 return GetFileType(path).danger_level; | 424 return GetFileType(path).danger_level; |
376 } | 425 } |
377 | 426 |
378 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { | 427 bool IsAllowedToOpenAutomatically(const base::FilePath& path) { |
379 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; | 428 return GetFileType(path).auto_open_hint == ALLOW_AUTO_OPEN; |
380 } | 429 } |
381 | 430 |
382 } // namespace download_util | 431 } // namespace download_util |
OLD | NEW |