OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "chrome/browser/download/download_extensions.h" | 8 #include "chrome/browser/download/download_extensions.h" |
9 | 9 |
10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 | 103 |
104 // Flash files downloaded locally can sometimes access the local filesystem. | 104 // Flash files downloaded locally can sometimes access the local filesystem. |
105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, | 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, |
106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, | 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, |
107 | 107 |
108 // Chrome extensions should be obtained through the web store. Allowed to | 108 // Chrome extensions should be obtained through the web store. Allowed to |
109 // open automatically because Chrome displays a prompt prior to | 109 // open automatically because Chrome displays a prompt prior to |
110 // installation. | 110 // installation. |
111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
112 | 112 |
113 // Windows, all file categories. | 113 // Windows, all file categories. The list is in alphabetical order of |
| 114 // extensions. Exceptions are made for logical groupings of file types. |
| 115 // |
| 116 // Some file descriptions are based on |
| 117 // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cdd
c-17c3-4279-a30c-060ba0207372 |
114 #if defined(OS_WIN) | 118 #if defined(OS_WIN) |
115 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 119 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
116 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 120 |
117 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 121 // Microsoft Access related. |
| 122 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension |
| 123 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project. |
| 124 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut. |
| 125 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 126 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut. |
| 127 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut. |
| 128 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut. |
| 129 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut. |
| 130 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures. |
| 131 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut. |
| 132 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut. |
| 133 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page. |
| 134 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in. |
| 135 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 136 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database. |
| 137 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data. |
| 138 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information. |
| 139 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template. |
| 140 |
| 141 // Executable Application. |
118 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 142 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
119 | 143 |
120 // Microsoft ClickOnce depolyment manifest. By default, opens with | 144 // Microsoft ClickOnce depolyment manifest. By default, opens with |
121 // dfshim.dll which should prompt the user before running untrusted code. | 145 // dfshim.dll which should prompt the user before running untrusted code. |
122 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 146 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
123 | 147 |
124 // Active Server Pages source file. | 148 // Active Server Pages source file. |
125 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 149 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
126 | 150 |
127 // Advanced Stream Redirector. Contains a playlist of media files. | 151 // Advanced Stream Redirector. Contains a playlist of media files. |
(...skipping 21 matching lines...) Expand all Loading... |
149 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 173 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
150 | 174 |
151 // Signed certificate file. | 175 // Signed certificate file. |
152 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 176 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
153 | 177 |
154 // Windows executables. | 178 // Windows executables. |
155 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, | 179 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, |
156 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, | 180 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, |
157 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 181 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
158 | 182 |
| 183 // Microsoft FoxPro Compiled Source. |
159 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 184 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
160 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, | 185 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, |
161 | 186 |
162 // Windows legacy help file format. | 187 // Windows legacy help file format. |
163 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 188 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
164 | 189 |
165 // HTML Application. Executes as a fully trusted application. | 190 // HTML Application. Executes as a fully trusted application. |
166 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 191 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
167 | 192 |
168 // Hypertext Template File. See https://support.microsoft.com/kb/181689. | 193 // Hypertext Template File. See https://support.microsoft.com/kb/181689. |
169 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 194 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
170 | 195 |
171 // Device installation information. | 196 // Device installation information. |
172 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 197 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
173 | 198 |
174 // Generic configuration file. | 199 // Generic configuration file. |
175 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, | 200 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, |
176 | 201 |
| 202 // Microsoft IIS Internet Communication Settings. |
177 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 203 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 204 |
| 205 // Microsoft IIS Internet Service Provider Settings. |
178 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 206 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
179 | 207 |
180 // JavaScript file. May open using Windows Script Host with user level | 208 // JavaScript file. May open using Windows Script Host with user level |
181 // privileges. | 209 // privileges. |
182 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 210 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 211 |
| 212 // JScript encoded script file. Usually produced by running Microsoft Script |
| 213 // Encoder over a .js file. |
| 214 // See https://msdn.microsoft.com/library/d14c8zsc.aspx |
183 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 215 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
184 | 216 |
185 // Shortcuts. May open anything. | 217 // Shortcuts. May open anything. |
186 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 218 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
187 | 219 |
188 // .local files affect DLL search path for .exe file with same base name. | 220 // .local files affect DLL search path for .exe file with same base name. |
189 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, | 221 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, |
190 | 222 |
191 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
192 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
193 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
194 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
195 | |
196 // While being a generic name, having a .manifest file with the same | 223 // While being a generic name, having a .manifest file with the same |
197 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search | 224 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search |
198 // order for the .exe file. Downloading this kind of file to the users' | 225 // order for the .exe file. Downloading this kind of file to the users' |
199 // download directory is almost always the wrong thing to do. | 226 // download directory is almost always the wrong thing to do. |
200 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, | 227 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, |
201 | 228 |
202 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 229 // Media Attachment Unit. |
203 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
204 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
205 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
206 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 230 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
207 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
208 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
209 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
210 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
211 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
212 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
213 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
214 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
215 | 231 |
216 // Multipart HTML. | 232 // Multipart HTML. |
217 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 233 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
218 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 234 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
219 | 235 |
220 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 236 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
221 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, | 237 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, |
222 | 238 |
223 // Microsoft Management Console Snap-in. Contains executable code. | 239 // Microsoft Management Console Snap-in. Contains executable code. |
224 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 240 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
225 | 241 |
226 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 242 // Microsoft Shell. |
227 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 243 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 244 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 245 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 246 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 247 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 248 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
228 | 249 |
229 // Windows Installer | 250 // Windows Installer. |
230 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 251 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
231 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 252 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
232 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 253 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
233 | 254 |
234 // ActiveX Control | 255 // ActiveX Control. |
235 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, | 256 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN}, |
236 | 257 |
| 258 // Microsoft Office Profile Settings File. |
237 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 259 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 260 |
| 261 // Microsoft Visual Test. |
238 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 262 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
239 | 263 |
240 // Program Information File. Originally intended to configure execution | 264 // Program Information File. Originally intended to configure execution |
241 // environment for legacy DOS files. They aren't meant to contain executable | 265 // environment for legacy DOS files. They aren't meant to contain executable |
242 // code. But Windows may execute a PIF file that is sniffed as a PE file. | 266 // code. But Windows may execute a PIF file that is sniffed as a PE file. |
243 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 267 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
244 | 268 |
| 269 // Developer Studio Build Log. |
245 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 270 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 271 |
| 272 // Windows System File. |
246 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 273 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 274 |
| 275 // Program File. |
247 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 276 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 277 |
| 278 // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder |
| 279 // File. |
248 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 280 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
249 | 281 |
| 282 // Microsoft Windows PowerShell. |
| 283 {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 284 {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 285 {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 286 {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 287 {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 288 {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
| 289 |
250 // Registry file. Opening may cause registry settings to change. Users still | 290 // Registry file. Opening may cause registry settings to change. Users still |
251 // need to click through a prompt. So we could consider relaxing the | 291 // need to click through a prompt. So we could consider relaxing the |
252 // DISALLOW_AUTO_OPEN restriction. | 292 // DISALLOW_AUTO_OPEN restriction. |
253 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 293 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
254 | 294 |
| 295 // Microsoft Windows Explorer Command. |
| 296 // See https://support.microsoft.com/kb/190355 for an example. |
255 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 297 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
256 | 298 |
257 // These are also executables. | 299 // Microsoft Windows Screen Saver. |
258 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 300 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
259 | 301 |
| 302 // Microsoft Windows Script Component. Microsoft FoxPro Screen. |
| 303 // A Script Component is a COM component created using script. |
| 304 // See https://msdn.microsoft.com/library/aa233148.aspx for an example. |
260 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 305 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 306 |
| 307 // Microsoft Windows Shortcut into a document. |
| 308 // See https://support.microsoft.com/kb/212344 |
261 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 309 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 310 |
| 311 // Shell Scrap Object File. |
262 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 312 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
263 | 313 |
264 // System executable. Windows tries hard to prevent you from opening these | 314 // System executable. Windows tries hard to prevent you from opening these |
265 // types of files. | 315 // types of files. |
266 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, | 316 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, |
267 | 317 |
268 // Internet Shortcut. See description for .website below. | 318 // Internet Shortcut (new since IE9). Both .url and .website are .ini files |
| 319 // that describe a shortcut that points to a URL. They can point at |
| 320 // anything. Dropping a download of this type and opening it automatically |
| 321 // can in effect sidestep origin restrictions etc. |
269 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, | 322 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, |
270 | 323 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, |
271 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | |
272 | 324 |
273 // VBScript files. My open with Windows Script Host and execute with user | 325 // VBScript files. My open with Windows Script Host and execute with user |
274 // privileges. | 326 // privileges. |
| 327 {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
275 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 328 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
276 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 329 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
277 | 330 |
278 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 331 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 332 |
| 333 // Microsoft Visual Studio Binary-based Macro Project. |
279 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 334 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 335 |
280 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 336 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
281 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 337 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
| 338 |
| 339 // Microsoft Visio Workspace. |
282 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, | 340 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
283 | 341 |
284 // Internet Shortcut (new since IE9). Both .url and .website are .ini files | |
285 // that describe a shortcut that points to a URL. They can point at | |
286 // anything. Dropping a download of this type and opening it automatically | |
287 // can in effect sidestep origin restrictions etc. | |
288 {"website", DANGEROUS, DISALLOW_AUTO_OPEN}, | |
289 | |
290 // Windows Script Host related. | 342 // Windows Script Host related. |
291 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 343 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
292 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 344 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
293 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 345 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
294 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, | 346 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, |
295 | 347 |
296 // XAML Browser Application. | 348 // XAML Browser Application. |
297 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, | 349 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, |
| 350 |
| 351 // Microsoft Exchange Public Folder Shortcut. |
| 352 {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, |
298 #endif // OS_WIN | 353 #endif // OS_WIN |
299 | 354 |
300 // Java. | 355 // Java. |
301 #if !defined(OS_CHROMEOS) | 356 #if !defined(OS_CHROMEOS) |
302 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, | 357 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, |
303 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, | 358 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, |
304 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, | 359 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, |
305 #endif | 360 #endif |
306 | 361 |
307 // Scripting languages. (Shells are handled below.) | 362 // Scripting languages. (Shells are handled below.) |
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
406 } | 461 } |
407 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { | 462 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { |
408 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) | 463 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) |
409 return false; | 464 return false; |
410 } | 465 } |
411 // We consider only other application types to be executable. | 466 // We consider only other application types to be executable. |
412 return net::MatchesMimeType("application/*", mime_type); | 467 return net::MatchesMimeType("application/*", mime_type); |
413 } | 468 } |
414 | 469 |
415 } // namespace download_util | 470 } // namespace download_util |
OLD | NEW |