Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5733)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

Issue 1692503002: Functionality to allow blacklist and whitelist of custom schemes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixed review comments and merged Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h ('k') | components/policy/core/browser/url_blacklist_manager.h » ('j') | components/policy/core/browser/url_blacklist_manager.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
diff --git a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
index d42d630f9c8d14e758fb3f744990e1822cbb494e..539d77d4bb64894d1e617f608c6b849ceed301d8 100644
--- a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
+++ b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc
@@ -211,7 +211,8 @@ void LaunchURL(
int render_process_id,
const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,
ui::PageTransition page_transition,
- bool has_user_gesture) {
+ bool has_user_gesture,
+ bool is_whitelisted) {
// If there is no longer a WebContents, the request may have raced with tab
// closing. Don't fire the external request. (It may have been a prerender.)
content::WebContents* web_contents = web_contents_getter.Run();
@@ -227,9 +228,17 @@ void LaunchURL(
return;
}
- ExternalProtocolHandler::LaunchUrlWithDelegate(
- url, render_process_id, web_contents->GetRoutingID(), page_transition,
- has_user_gesture, g_external_protocol_handler_delegate);
+ // If the URL is in whitelist, we launch it without asking the user and
+ // without any additional security checks. Since the URL is whitelisted,
+ // we assume it can be executed.
+ if (is_whitelisted) {
+ ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck(
+ url, render_process_id, web_contents->GetRoutingID());
+ } else {
+ ExternalProtocolHandler::LaunchUrlWithDelegate(
+ url, render_process_id, web_contents->GetRoutingID(), page_transition,
+ has_user_gesture, g_external_protocol_handler_delegate);
+ }
}
#if !defined(DISABLE_NACL)
@@ -443,7 +452,8 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(
const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,
bool is_main_frame,
ui::PageTransition page_transition,
- bool has_user_gesture) {
+ bool has_user_gesture,
+ bool is_whitelisted) {
#if defined(ENABLE_EXTENSIONS)
// External protocols are disabled for guests. An exception is made for the
// "mailto" protocol, so that pages that utilize it work properly in a
@@ -464,7 +474,7 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
base::Bind(&LaunchURL, url, child_id, web_contents_getter,
- page_transition, has_user_gesture));
+ page_transition, has_user_gesture, is_whitelisted));
return true;
}
« no previous file with comments | « chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h ('k') | components/policy/core/browser/url_blacklist_manager.h » ('j') | components/policy/core/browser/url_blacklist_manager.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698