Fix the handling of user gestures for external protocol handler dialogs.

chrome/browser/external_protocol/external_protocol_handler.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTERNAL_PROTOCOL_EXTERNAL_PROTOCOL_HANDLER_H_
 #define CHROME_BROWSER_EXTERNAL_PROTOCOL_EXTERNAL_PROTOCOL_HANDLER_H_
 
 #include <string>
 
 #include "chrome/browser/shell_integration.h"
@@ skipping 37 matching lines @@
 
   // Checks to see if the protocol is allowed, if it is whitelisted,
   // the application associated with the protocol is launched on the io thread,
   // if it is blacklisted, returns silently. Otherwise, an
   // ExternalProtocolDialog is created asking the user. If the user accepts,
   // LaunchUrlWithoutSecurityCheck is called on the io thread and the
   // application is launched.
   // Must run on the UI thread.
   static void LaunchUrl(const GURL& url, int render_process_host_id,
                         int tab_contents_id) {
-      LaunchUrlWithDelegate(url, render_process_host_id, tab_contents_id, NULL);
+      LaunchUrlWithDelegate(
+          url, render_process_host_id, tab_contents_id, NULL);

[not at google - send to devlin, 2014/03/28 18:54:23]

doesn't seem like a necessary change, but "git cl format" would probably fix
that?

[meacer, 2014/03/28 19:53:11]

Yes, this remained from the previous patchset.

   }
 
   // Version of LaunchUrl allowing use of a delegate to facilitate unit
   // testing.
   static void LaunchUrlWithDelegate(const GURL& url, int render_process_host_id,
                                     int tab_contents_id, Delegate* delegate);
 
   // Creates and runs a External Protocol dialog box.
   // |url| - The url of the request.
   // |render_process_host_id| and |routing_id| are used by
@@ skipping 20 matching lines @@
   // url you have has been checked against the blacklist, and has been escaped.
   // All calls to this function should originate in some way from LaunchUrl.
   static void LaunchUrlWithoutSecurityCheck(const GURL& url,
                                             int render_process_host_id,
                                             int tab_contents_id);
 
   // Prepopulates the dictionary with known protocols to deny or allow, if
   // preferences for them do not already exist.
   static void PrepopulateDictionary(base::DictionaryValue* win_pref);
 
-  // Allows LaunchUrl to proceed with launching an external protocol handler.
-  // This is typically triggered by a user gesture, but is also called for
-  // each extension API function. Note that each call to LaunchUrl resets
-  // the state to false (not allowed).
-  static void PermitLaunchUrl();
+  class ScopedUserGesture {
+   public:
+     ScopedUserGesture() {
+       ExternalProtocolHandler::EnableUserGesture();
+     }
+     ~ScopedUserGesture() {
+       ExternalProtocolHandler::DisableUserGesture();

[not at google - send to devlin, 2014/03/28 18:54:23]

that's not quite right, it would break nested scopes. consider an int for
g_user_gesture or something along those lines.

I think it would be better to implement the constructor/destructor inside the
.cc file so that you can contain the state even better by not needing the
EnableUserGesture/DisableUserGesture exposed anywhere. You could access
g_user_gesture directly.

[meacer, 2014/03/28 19:53:11]

Done.

+     }
+   private:
+    DISALLOW_COPY_AND_ASSIGN(ScopedUserGesture);
+  };
+
+ private:
+   static void EnableUserGesture();
+   static void DisableUserGesture();
+   DISALLOW_COPY_AND_ASSIGN(ExternalProtocolHandler);
 };
 
+
 #endif  // CHROME_BROWSER_EXTERNAL_PROTOCOL_EXTERNAL_PROTOCOL_HANDLER_H_