Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/resources/safe_browsing/README.md

Issue 2060923002: Neutralize dangerous subresource files during Save Page. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@save-package-cleanup-1
Patch Set: Add a note to safe_browsing/README.md about "Save as" downloads Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/download/save_page_browsertest.cc ('k') | chrome/test/data/save_page/dubious-subresources.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Behavior of Download File Types in Chrome 1 # Behavior of Download File Types in Chrome
2 2
3 This describes how to adjust file-type download behavior in 3 This describes how to adjust file-type download behavior in
4 Chrome including interactions with Safe Browsing. The metadata described 4 Chrome including interactions with Safe Browsing. The metadata described
5 here, and stored in `download_file_types.asciipb`, will be both baked into 5 here, and stored in `download_file_types.asciipb`, will be both baked into
6 Chrome released and pushable to Chrome between releases (via 6 Chrome released and pushable to Chrome between releases (via
7 `FileTypePolicies` class). http://crbug.com/596555 7 `FileTypePolicies` class). http://crbug.com/596555
8 8
9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/ master/chrome/browser/resources/safe_browsing/README.md 9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/ master/chrome/browser/resources/safe_browsing/README.md
10 10
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 59
60 1. If there's an entry matching the built platform, 60 1. If there's an entry matching the built platform,
61 that will be preferred. Otherwise, 61 that will be preferred. Otherwise,
62 62
63 2. If there's a "PLATFORM_ANY" (i.e. `platform` is not set), 63 2. If there's a "PLATFORM_ANY" (i.e. `platform` is not set),
64 that will be used. Otherwise, 64 that will be used. Otherwise,
65 65
66 3. The `default_file_type`'s settings will be filled in. 66 3. The `default_file_type`'s settings will be filled in.
67 67
68 * `platform_settings.danger_level`: (required) 68 * `platform_settings.danger_level`: (required)
69 Note that this policy affects how individual file downloads are handled as
70 well as how subresources are handled for *"Save As ..."* download of a
71 complete web page.
72
73 For *"Save As ..."* downloads, if any subresource ends up with a file type
74 that is considered `DANGEROUS` or `ALLOW_ON_USER_GESTURE`, then the filename
75 will be changed to end in `.download` to prevent the accidental opening of a
76 dangerous file that was only meant to be consumed as a subresource of a web
77 page.
78
asanka 2016/06/16 18:51:17 +nparker: PTAL?
Nathan Parker 2016/06/16 20:34:03 LGTM. Thanks.
69 * `NOT_DANGEROUS`: Safe to download and open, even if the download 79 * `NOT_DANGEROUS`: Safe to download and open, even if the download
70 was accidental. 80 was accidental.
71 * `DANGEROUS`: Always warn the user that this file may harm their 81 * `DANGEROUS`: Always warn the user that this file may harm their
72 computer. We let them continue or discard the file. If Safe 82 computer. We let them continue or discard the file. If Safe
73 Browsing returns a SAFE verdict, we still warn the user. 83 Browsing returns a SAFE verdict, we still warn the user.
74 * `ALLOW_ON_USER_GESTURE`: Warn the user normally but skip the warning 84 * `ALLOW_ON_USER_GESTURE`: Warn the user normally but skip the warning
75 if there was a user gesture or the user visited this site before 85 if there was a user gesture or the user visited this site before
76 midnight last night (i.e. is a repeat visit). If Safe Browsing 86 midnight last night (i.e. is a repeat visit). If Safe Browsing
77 returns a SAFE verdict for this file, it won't show a warning. 87 returns a SAFE verdict for this file, it won't show a warning.
78 88
(...skipping 28 matching lines...) Expand all
107 users' downloads with unknown extensions (or 117 users' downloads with unknown extensions (or
108 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0] 118 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0]
109 119
110 * `file_types`: The big list of all known file types. Keep them 120 * `file_types`: The big list of all known file types. Keep them
111 sorted by extension. 121 sorted by extension.
112 122
113 * `default_file_type`: Settings used if a downloaded file is not in 123 * `default_file_type`: Settings used if a downloaded file is not in
114 the above list. `extension` is ignored, but other settings are used. 124 the above list. `extension` is ignored, but other settings are used.
115 The ping_setting should be SAMPLED_PING for all platforms. 125 The ping_setting should be SAMPLED_PING for all platforms.
116 126
OLDNEW
« no previous file with comments | « chrome/browser/download/save_page_browsertest.cc ('k') | chrome/test/data/save_page/dubious-subresources.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698