Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Side by Side Diff: chrome/browser/download/download_extensions.cc

Issue 1236613003: [Merge to M44] [SafeBrowsing] Send pingbacks for additional file types. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@2403
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/safe_browsing/download_protection_service.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "chrome/browser/download/download_extensions.h" 8 #include "chrome/browser/download/download_extensions.h"
9 9
10 #include "base/strings/string_util.h" 10 #include "base/strings/string_util.h"
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after
103 103
104 // Flash files downloaded locally can sometimes access the local filesystem. 104 // Flash files downloaded locally can sometimes access the local filesystem.
105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN}, 105 {"swf", DANGEROUS, DISALLOW_AUTO_OPEN},
106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN}, 106 {"spl", DANGEROUS, DISALLOW_AUTO_OPEN},
107 107
108 // Chrome extensions should be obtained through the web store. Allowed to 108 // Chrome extensions should be obtained through the web store. Allowed to
109 // open automatically because Chrome displays a prompt prior to 109 // open automatically because Chrome displays a prompt prior to
110 // installation. 110 // installation.
111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 111 {"crx", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
112 112
113 // Windows, all file categories. 113 // Windows, all file categories. The list is in alphabetical order of
114 // extensions. Exceptions are made for logical groupings of file types.
115 //
116 // Some file descriptions are based on
117 // https://support.office.com/article/Blocked-attachments-in-Outlook-3811cdd c-17c3-4279-a30c-060ba0207372
114 #if defined(OS_WIN) 118 #if defined(OS_WIN)
115 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 119 {"ad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
116 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 120
117 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 121 // Microsoft Access related.
122 {"ade", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project extension
123 {"adp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Project.
124 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Module Shortcut.
125 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
126 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Diagram Shortcut.
127 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Macro Shortcut.
128 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Query Shortcut.
129 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Report Shortcut.
130 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Stored Procedures.
131 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Table Shortcut.
132 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // View Shortcut.
133 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Data Access Page.
134 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Access Add-in.
135 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
136 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Database.
137 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Add-in Data.
138 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Workgroup Information.
139 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, // Wizard Template.
140
141 // Executable Application.
118 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 142 {"app", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
119 143
120 // Microsoft ClickOnce depolyment manifest. By default, opens with 144 // Microsoft ClickOnce depolyment manifest. By default, opens with
121 // dfshim.dll which should prompt the user before running untrusted code. 145 // dfshim.dll which should prompt the user before running untrusted code.
122 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 146 {"application", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
123 147
124 // Active Server Pages source file. 148 // Active Server Pages source file.
125 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 149 {"asp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
126 150
127 // Advanced Stream Redirector. Contains a playlist of media files. 151 // Advanced Stream Redirector. Contains a playlist of media files.
(...skipping 21 matching lines...) Expand all
149 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 173 {"cpl", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
150 174
151 // Signed certificate file. 175 // Signed certificate file.
152 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 176 {"crt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
153 177
154 // Windows executables. 178 // Windows executables.
155 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN}, 179 {"dll", DANGEROUS, DISALLOW_AUTO_OPEN},
156 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN}, 180 {"drv", DANGEROUS, DISALLOW_AUTO_OPEN},
157 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 181 {"exe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
158 182
183 // Microsoft FoxPro Compiled Source.
159 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 184 {"fxp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
160 {"grp", DANGEROUS, ALLOW_AUTO_OPEN}, 185 {"grp", DANGEROUS, ALLOW_AUTO_OPEN},
161 186
162 // Windows legacy help file format. 187 // Windows legacy help file format.
163 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 188 {"hlp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
164 189
165 // HTML Application. Executes as a fully trusted application. 190 // HTML Application. Executes as a fully trusted application.
166 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 191 {"hta", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
167 192
168 // Hypertext Template File. See https://support.microsoft.com/kb/181689. 193 // Hypertext Template File. See https://support.microsoft.com/kb/181689.
169 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 194 {"htt", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
170 195
171 // Device installation information. 196 // Device installation information.
172 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 197 {"inf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
173 198
174 // Generic configuration file. 199 // Generic configuration file.
175 {"ini", DANGEROUS, ALLOW_AUTO_OPEN}, 200 {"ini", DANGEROUS, ALLOW_AUTO_OPEN},
176 201
202 // Microsoft IIS Internet Communication Settings.
177 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 203 {"ins", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
204
205 // Microsoft IIS Internet Service Provider Settings.
178 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 206 {"isp", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
179 207
180 // JavaScript file. May open using Windows Script Host with user level 208 // JavaScript file. May open using Windows Script Host with user level
181 // privileges. 209 // privileges.
182 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 210 {"js", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
211
212 // JScript encoded script file. Usually produced by running Microsoft Script
213 // Encoder over a .js file.
214 // See https://msdn.microsoft.com/library/d14c8zsc.aspx
183 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 215 {"jse", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
184 216
185 // Shortcuts. May open anything. 217 // Shortcuts. May open anything.
186 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 218 {"lnk", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
187 219
188 // .local files affect DLL search path for .exe file with same base name. 220 // .local files affect DLL search path for .exe file with same base name.
189 {"local", DANGEROUS, ALLOW_AUTO_OPEN}, 221 {"local", DANGEROUS, ALLOW_AUTO_OPEN},
190 222
191 {"mad", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
192 {"maf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
193 {"mag", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
194 {"mam", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
195
196 // While being a generic name, having a .manifest file with the same 223 // While being a generic name, having a .manifest file with the same
197 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search 224 // basename as .exe file (foo.exe + foo.exe.manifest) changes the dll search
198 // order for the .exe file. Downloading this kind of file to the users' 225 // order for the .exe file. Downloading this kind of file to the users'
199 // download directory is almost always the wrong thing to do. 226 // download directory is almost always the wrong thing to do.
200 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN}, 227 {"manifest", DANGEROUS, ALLOW_AUTO_OPEN},
201 228
202 {"maq", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 229 // Media Attachment Unit.
203 {"mar", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
204 {"mas", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
205 {"mat", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
206 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 230 {"mau", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
207 {"mav", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
208 {"maw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
209 {"mda", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
210 {"mdb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
211 {"mde", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
212 {"mdt", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
213 {"mdw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
214 {"mdz", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
215 231
216 // Multipart HTML. 232 // Multipart HTML.
217 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 233 {"mht", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
218 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 234 {"mhtml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
219 235
220 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 236 {"mmc", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
221 {"mof", DANGEROUS, ALLOW_AUTO_OPEN}, 237 {"mof", DANGEROUS, ALLOW_AUTO_OPEN},
222 238
223 // Microsoft Management Console Snap-in. Contains executable code. 239 // Microsoft Management Console Snap-in. Contains executable code.
224 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 240 {"msc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
225 241
226 {"msh", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 242 // Microsoft Shell.
227 {"mshxml", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 243 {"msh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
244 {"msh1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
245 {"msh2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
246 {"mshxml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
247 {"msh1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
248 {"msh2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
228 249
229 // Windows Installer 250 // Windows Installer.
230 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 251 {"msi", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
231 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 252 {"msp", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
232 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 253 {"mst", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
233 254
234 // ActiveX Control 255 // ActiveX Control.
235 {"ocx", DANGEROUS, ALLOW_AUTO_OPEN}, 256 {"ocx", DANGEROUS, DISALLOW_AUTO_OPEN},
236 257
258 // Microsoft Office Profile Settings File.
237 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 259 {"ops", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
260
261 // Microsoft Visual Test.
238 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 262 {"pcd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
239 263
240 // Program Information File. Originally intended to configure execution 264 // Program Information File. Originally intended to configure execution
241 // environment for legacy DOS files. They aren't meant to contain executable 265 // environment for legacy DOS files. They aren't meant to contain executable
242 // code. But Windows may execute a PIF file that is sniffed as a PE file. 266 // code. But Windows may execute a PIF file that is sniffed as a PE file.
243 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 267 {"pif", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
244 268
269 // Developer Studio Build Log.
245 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 270 {"plg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
271
272 // Windows System File.
246 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 273 {"prf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
274
275 // Program File.
247 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 276 {"prg", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
277
278 // Microsoft Exchange Address Book File. Microsoft Outlook Personal Folder
279 // File.
248 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 280 {"pst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
249 281
282 // Microsoft Windows PowerShell.
283 {"ps1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
284 {"ps1xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
285 {"ps2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
286 {"ps2xml", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
287 {"psc1", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
288 {"psc2", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
289
250 // Registry file. Opening may cause registry settings to change. Users still 290 // Registry file. Opening may cause registry settings to change. Users still
251 // need to click through a prompt. So we could consider relaxing the 291 // need to click through a prompt. So we could consider relaxing the
252 // DISALLOW_AUTO_OPEN restriction. 292 // DISALLOW_AUTO_OPEN restriction.
253 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 293 {"reg", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
254 294
295 // Microsoft Windows Explorer Command.
296 // See https://support.microsoft.com/kb/190355 for an example.
255 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 297 {"scf", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
256 298
257 // These are also executables. 299 // Microsoft Windows Screen Saver.
258 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 300 {"scr", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
259 301
302 // Microsoft Windows Script Component. Microsoft FoxPro Screen.
303 // A Script Component is a COM component created using script.
304 // See https://msdn.microsoft.com/library/aa233148.aspx for an example.
260 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 305 {"sct", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
306
307 // Microsoft Windows Shortcut into a document.
308 // See https://support.microsoft.com/kb/212344
261 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 309 {"shb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
310
311 // Shell Scrap Object File.
262 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 312 {"shs", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
263 313
264 // System executable. Windows tries hard to prevent you from opening these 314 // System executable. Windows tries hard to prevent you from opening these
265 // types of files. 315 // types of files.
266 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN}, 316 {"sys", DANGEROUS, DISALLOW_AUTO_OPEN},
267 317
268 // Internet Shortcut. See description for .website below. 318 // Internet Shortcut (new since IE9). Both .url and .website are .ini files
319 // that describe a shortcut that points to a URL. They can point at
320 // anything. Dropping a download of this type and opening it automatically
321 // can in effect sidestep origin restrictions etc.
269 {"url", DANGEROUS, DISALLOW_AUTO_OPEN}, 322 {"url", DANGEROUS, DISALLOW_AUTO_OPEN},
270 323 {"website", DANGEROUS, DISALLOW_AUTO_OPEN},
271 {"vb", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
272 324
273 // VBScript files. My open with Windows Script Host and execute with user 325 // VBScript files. My open with Windows Script Host and execute with user
274 // privileges. 326 // privileges.
327 {"vb", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
275 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 328 {"vbe", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
276 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 329 {"vbs", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
277 330
278 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 331 {"vsd", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
332
333 // Microsoft Visual Studio Binary-based Macro Project.
279 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 334 {"vsmacros", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
335
280 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 336 {"vss", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
281 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 337 {"vst", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
338
339 // Microsoft Visio Workspace.
282 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN}, 340 {"vsw", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
283 341
284 // Internet Shortcut (new since IE9). Both .url and .website are .ini files
285 // that describe a shortcut that points to a URL. They can point at
286 // anything. Dropping a download of this type and opening it automatically
287 // can in effect sidestep origin restrictions etc.
288 {"website", DANGEROUS, DISALLOW_AUTO_OPEN},
289
290 // Windows Script Host related. 342 // Windows Script Host related.
291 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 343 {"ws", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
292 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 344 {"wsc", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
293 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 345 {"wsf", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
294 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN}, 346 {"wsh", ALLOW_ON_USER_GESTURE, DISALLOW_AUTO_OPEN},
295 347
296 // XAML Browser Application. 348 // XAML Browser Application.
297 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN}, 349 {"xbap", DANGEROUS, DISALLOW_AUTO_OPEN},
350
351 // Microsoft Exchange Public Folder Shortcut.
352 {"xnk", ALLOW_ON_USER_GESTURE, ALLOW_AUTO_OPEN},
298 #endif // OS_WIN 353 #endif // OS_WIN
299 354
300 // Java. 355 // Java.
301 #if !defined(OS_CHROMEOS) 356 #if !defined(OS_CHROMEOS)
302 {"class", DANGEROUS, DISALLOW_AUTO_OPEN}, 357 {"class", DANGEROUS, DISALLOW_AUTO_OPEN},
303 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN}, 358 {"jar", DANGEROUS, DISALLOW_AUTO_OPEN},
304 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN}, 359 {"jnlp", DANGEROUS, DISALLOW_AUTO_OPEN},
305 #endif 360 #endif
306 361
307 // Scripting languages. (Shells are handled below.) 362 // Scripting languages. (Shells are handled below.)
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
406 } 461 }
407 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) { 462 for (size_t i = 0; i < arraysize(kExecutableBlackList); ++i) {
408 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type)) 463 if (net::MatchesMimeType(kExecutableBlackList[i], mime_type))
409 return false; 464 return false;
410 } 465 }
411 // We consider only other application types to be executable. 466 // We consider only other application types to be executable.
412 return net::MatchesMimeType("application/*", mime_type); 467 return net::MatchesMimeType("application/*", mime_type);
413 } 468 }
414 469
415 } // namespace download_util 470 } // namespace download_util
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/safe_browsing/download_protection_service.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698