Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(337)

Issue 18070: Block Adobe Reader from issuing NPN_GetURL/NPN_GetURLRequests for URL schemes... (Closed)

Created:
10 years, 7 months ago by ananta
Modified:
8 years, 2 months ago
Reviewers:
jam
CC:
chromium-reviews_googlegroups.com
Visibility:
Public.

Description

Block Adobe Reader from issuing NPN_GetURL/NPN_GetURLRequests for URL schemes other than http/https/ftp. This mimics Firefox behavior and works around bug http://b/issue?id=1543405 which is a XSS vulnerability in the Adobe Reader plugin where it allows javascript in the parameters passed in to the URL.Bug=1543405 R=jam Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=8159

Patch Set 1 #

Total comments: 2

Patch Set 2 : '' #

Patch Set 3 : '' #

Patch Set 4 : '' #

Patch Set 5 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+15 lines, -0 lines) Patch
M chrome/plugin/webplugin_proxy.cc View 4 1 chunk +13 lines, -0 lines 0 comments Download
M webkit/glue/plugins/webplugin_delegate_impl.h View 3 4 1 chunk +1 line, -0 lines 0 comments Download
M webkit/glue/plugins/webplugin_delegate_impl.cc View 1 2 3 4 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 4 (0 generated)
ananta
10 years, 7 months ago (2009-01-14 23:15:33 UTC) #1
jam
http://codereview.chromium.org/18070/diff/1/2 File webkit/glue/plugins/plugin_host.cc (right): http://codereview.chromium.org/18070/diff/1/2#newcode332 Line 332: if (!target && plugin->block_non_standard_url_schemes()) { This comment doesn't ...
10 years, 7 months ago (2009-01-15 01:15:58 UTC) #2
ananta
On 2009/01/15 01:15:58, John Abd-El-Malek wrote: > http://codereview.chromium.org/18070/diff/1/2 > File webkit/glue/plugins/plugin_host.cc (right): > > http://codereview.chromium.org/18070/diff/1/2#newcode332 ...
10 years, 7 months ago (2009-01-15 04:32:23 UTC) #3
jam
10 years, 7 months ago (2009-01-15 22:06:39 UTC) #4
lgtm

Powered by Google App Engine
This is Rietveld 408576698