chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc - Issue 1692503002: Functionality to allow blacklist and whitelist of custom schemes

Unified Diff: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

Issue 1692503002: Functionality to allow blacklist and whitelist of custom schemes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Another variable set as const Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h ('k') | components/policy/core/browser/url_blacklist_manager.h » ('j') | components/policy/core/browser/url_blacklist_manager.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

diff --git a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

index a7fbe76bf326d8d2cf3f2bc994394a626a596451..dfde7baea2d4a4dda8c9be2b979a5d17f7d7dba5 100644

--- a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

+++ b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

@@ -221,7 +221,8 @@ void LaunchURL(

int render_process_id,

const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,

ui::PageTransition page_transition,

- bool has_user_gesture) {

+ bool has_user_gesture,

+ bool is_whitelisted) {

// If there is no longer a WebContents, the request may have raced with tab

// closing. Don't fire the external request. (It may have been a prerender.)

content::WebContents* web_contents = web_contents_getter.Run();

@@ -237,9 +238,17 @@ void LaunchURL(

return;

}

- ExternalProtocolHandler::LaunchUrlWithDelegate(

- url, render_process_id, web_contents->GetRoutingID(), page_transition,

- has_user_gesture, g_external_protocol_handler_delegate);

+ // If the URL is in whitelist, we launch it without asking the user and

+ // without any additional security checks. Since the URL is whitelisted,

bartfab (slow) 2016/03/10 13:49:41 What security checks exactly are we skipping here

+ // we assume it can be executed.

+ if (is_whitelisted) {

+ ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck(

+ url, render_process_id, web_contents->GetRoutingID());

+ } else {

+ ExternalProtocolHandler::LaunchUrlWithDelegate(

+ url, render_process_id, web_contents->GetRoutingID(), page_transition,

+ has_user_gesture, g_external_protocol_handler_delegate);

+ }

}

#if !defined(DISABLE_NACL)

@@ -451,7 +460,8 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(

const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,

bool is_main_frame,

ui::PageTransition page_transition,

- bool has_user_gesture) {

+ bool has_user_gesture,

+ bool is_whitelisted) {

#if defined(ENABLE_EXTENSIONS)

// External protocols are disabled for guests. An exception is made for the

// "mailto" protocol, so that pages that utilize it work properly in a

@@ -472,7 +482,7 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(

BrowserThread::PostTask(

BrowserThread::UI, FROM_HERE,

base::Bind(&LaunchURL, url, child_id, web_contents_getter,

- page_transition, has_user_gesture));

+ page_transition, has_user_gesture, is_whitelisted));

return true;

}