Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Unified Diff: webkit/plugins/npapi/plugin_list.cc

Issue 18364005: Don't override application/octet-stream MIME type. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Merge with r212359 Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: webkit/plugins/npapi/plugin_list.cc
diff --git a/webkit/plugins/npapi/plugin_list.cc b/webkit/plugins/npapi/plugin_list.cc
index 71c5ef2cf4a743ce4e2d6909603ddd55364a2f08..394660e0afd2874479ed21705717bac316ea9699 100644
--- a/webkit/plugins/npapi/plugin_list.cc
+++ b/webkit/plugins/npapi/plugin_list.cc
@@ -26,31 +26,8 @@ namespace {
using webkit::npapi::PluginList;
-const char kApplicationOctetStream[] = "application/octet-stream";
-
base::LazyInstance<PluginList> g_singleton = LAZY_INSTANCE_INITIALIZER;
-bool AllowMimeTypeMismatch(const std::string& orig_mime_type,
- const std::string& actual_mime_type) {
- if (orig_mime_type == actual_mime_type) {
- NOTREACHED();
- return true;
- }
-
- // We do not permit URL-sniff based plug-in MIME type overrides aside from
- // the case where the "type" was initially missing or generic
- // (application/octet-stream).
- // We collected stats to determine this approach isn't a major compat issue,
- // and we defend against content confusion attacks in various cases, such
- // as when the user doesn't have the Flash plug-in enabled.
- bool allow = orig_mime_type.empty() ||
- orig_mime_type == kApplicationOctetStream;
- LOG_IF(INFO, !allow) << "Ignoring plugin with unexpected MIME type "
- << actual_mime_type << " (expected " << orig_mime_type
- << ")";
- return allow;
-}
-
} // namespace
namespace webkit {
@@ -403,16 +380,20 @@ void PluginList::GetPluginInfoArray(
}
// Add in plugins by url.
+ // We do not permit URL-sniff based plug-in MIME type overrides aside from
+ // the case where the "type" was initially missing.
+ // We collected stats to determine this approach isn't a major compat issue,
+ // and we defend against content confusion attacks in various cases, such
+ // as when the user doesn't have the Flash plug-in enabled.
std::string path = url.path();
std::string::size_type last_dot = path.rfind('.');
- if (last_dot != std::string::npos) {
+ if (last_dot != std::string::npos && mime_type.empty()) {
std::string extension = StringToLowerASCII(std::string(path, last_dot+1));
std::string actual_mime_type;
for (size_t i = 0; i < plugins_list_.size(); ++i) {
if (SupportsExtension(plugins_list_[i], extension, &actual_mime_type)) {
base::FilePath path = plugins_list_[i].path;
- if (visited_plugins.insert(path).second &&
- AllowMimeTypeMismatch(mime_type, actual_mime_type)) {
+ if (visited_plugins.insert(path).second) {
info->push_back(plugins_list_[i]);
if (actual_mime_types)
actual_mime_types->push_back(actual_mime_type);

Powered by Google App Engine
This is Rietveld 408576698