chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc - Issue 1692503002: Functionality to allow blacklist and whitelist of custom schemes

Unified Diff: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

Issue 1692503002: Functionality to allow blacklist and whitelist of custom schemes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed review comments Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.h ('k') | components/policy/core/browser/url_blacklist_manager.h » ('j') | content/browser/loader/resource_dispatcher_host_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

diff --git a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

index d42d630f9c8d14e758fb3f744990e1822cbb494e..539d77d4bb64894d1e617f608c6b849ceed301d8 100644

--- a/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

+++ b/chrome/browser/renderer_host/chrome_resource_dispatcher_host_delegate.cc

@@ -211,7 +211,8 @@ void LaunchURL(

int render_process_id,

const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,

ui::PageTransition page_transition,

- bool has_user_gesture) {

+ bool has_user_gesture,

+ bool is_whitelisted) {

// If there is no longer a WebContents, the request may have raced with tab

// closing. Don't fire the external request. (It may have been a prerender.)

content::WebContents* web_contents = web_contents_getter.Run();

@@ -227,9 +228,17 @@ void LaunchURL(

return;

}

- ExternalProtocolHandler::LaunchUrlWithDelegate(

- url, render_process_id, web_contents->GetRoutingID(), page_transition,

- has_user_gesture, g_external_protocol_handler_delegate);

+ // If the URL is in whitelist, we launch it without asking the user and

+ // without any additional security checks. Since the URL is whitelisted,

+ // we assume it can be executed.

+ if (is_whitelisted) {

+ ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck(

+ url, render_process_id, web_contents->GetRoutingID());

+ } else {

+ ExternalProtocolHandler::LaunchUrlWithDelegate(

+ url, render_process_id, web_contents->GetRoutingID(), page_transition,

+ has_user_gesture, g_external_protocol_handler_delegate);

+ }

}

#if !defined(DISABLE_NACL)

@@ -443,7 +452,8 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(

const content::ResourceRequestInfo::WebContentsGetter& web_contents_getter,

bool is_main_frame,

ui::PageTransition page_transition,

- bool has_user_gesture) {

+ bool has_user_gesture,

+ bool is_whitelisted) {

#if defined(ENABLE_EXTENSIONS)

// External protocols are disabled for guests. An exception is made for the

// "mailto" protocol, so that pages that utilize it work properly in a

@@ -464,7 +474,7 @@ bool ChromeResourceDispatcherHostDelegate::HandleExternalProtocol(

BrowserThread::PostTask(

BrowserThread::UI, FROM_HERE,

base::Bind(&LaunchURL, url, child_id, web_contents_getter,

- page_transition, has_user_gesture));

+ page_transition, has_user_gesture, is_whitelisted));

return true;

}