| OLD | NEW |
|---|
| 1 # Behavior of Download File Types in Chrome | 1 # Behavior of Download File Types in Chrome |
| 2 | 2 |
| 3 This describes how to adjust file-type download behavior in | 3 This describes how to adjust file-type download behavior in |
| 4 Chrome including interactions with Safe Browsing. The metadata described | 4 Chrome including interactions with Safe Browsing. The metadata described |
| 5 here, and stored in `download_file_types.asciipb`, will be both baked into | 5 here, and stored in `download_file_types.asciipb`, will be both baked into |
| 6 Chrome released and pushable to Chrome between releases (via | 6 Chrome released and pushable to Chrome between releases (via |
| 7 `FileTypePolicies` class). http://crbug.com/596555 | 7 `FileTypePolicies` class). http://crbug.com/596555 |
| 8 | 8 |
| 9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/
master/chrome/browser/resources/safe_browsing/README.md | 9 Rendered version of this file: https://chromium.googlesource.com/chromium/src/+/
master/chrome/browser/resources/safe_browsing/README.md |
| 10 | 10 |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 70 ping. This applies to all file types where `ping_setting` is either | 70 ping. This applies to all file types where `ping_setting` is either |
| 71 `SAMPLED_PING` or `NO_PING`, and downloads where the Safe Browsing ping | 71 `SAMPLED_PING` or `NO_PING`, and downloads where the Safe Browsing ping |
| 72 either fails, is disabled, or returns an `UNKNOWN` verdict. Exceptions are | 72 either fails, is disabled, or returns an `UNKNOWN` verdict. Exceptions are |
| 73 noted below. | 73 noted below. |
| 74 | 74 |
| 75 The warning controlled here is a generic "This file may harm your computer." | 75 The warning controlled here is a generic "This file may harm your computer." |
| 76 If the Safe Browsing verdict is `UNCOMMON`, `POTENTIALLY_UNWANTED`, | 76 If the Safe Browsing verdict is `UNCOMMON`, `POTENTIALLY_UNWANTED`, |
| 77 `DANGEROUS_HOST`, or `DANGEROUS`, Chrome will show that more severe warning | 77 `DANGEROUS_HOST`, or `DANGEROUS`, Chrome will show that more severe warning |
| 78 regardless of this setting. | 78 regardless of this setting. |
| 79 | 79 |
| 80 This policy also affects also how subresources are handled for *"Save As |
| 81 ..."* downloads of complete web pages. If any subresource ends up with a |
| 82 file type that is considered `DANGEROUS` or `ALLOW_ON_USER_GESTURE`, then |
| 83 the filename will be changed to end in `.download`. This is done to prevent |
| 84 the file from being opened accidentally. |
| 85 |
| 80 * `NOT_DANGEROUS`: Safe to download and open, even if the download | 86 * `NOT_DANGEROUS`: Safe to download and open, even if the download |
| 81 was accidental. No additional warnings are necessary. | 87 was accidental. No additional warnings are necessary. |
| 82 * `DANGEROUS`: Always warn the user that this file may harm their | 88 * `DANGEROUS`: Always warn the user that this file may harm their |
| 83 computer. We let them continue or discard the file. If Safe | 89 computer. We let them continue or discard the file. If Safe |
| 84 Browsing returns a `SAFE` verdict, we still warn the user. | 90 Browsing returns a `SAFE` verdict, we still warn the user. |
| 85 * `ALLOW_ON_USER_GESTURE`: Potentially dangerous, but is likely harmless if | 91 * `ALLOW_ON_USER_GESTURE`: Potentially dangerous, but is likely harmless if |
| 86 the user is familiar with host and if the download was intentional. Chrome | 92 the user is familiar with host and if the download was intentional. Chrome |
| 87 doesn't warn the user if both of the following conditions are true: | 93 doesn't warn the user if both of the following conditions are true: |
| 88 | 94 |
| 89 * There is a user gesture associated with the network request that | 95 * There is a user gesture associated with the network request that |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 users' downloads with unknown extensions (or | 133 users' downloads with unknown extensions (or |
| 128 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0] | 134 ping_setting=SAMPLED_PING) should we send light-pings? [0.0 .. 1.0] |
| 129 | 135 |
| 130 * `file_types`: The big list of all known file types. Keep them | 136 * `file_types`: The big list of all known file types. Keep them |
| 131 sorted by extension. | 137 sorted by extension. |
| 132 | 138 |
| 133 * `default_file_type`: Settings used if a downloaded file is not in | 139 * `default_file_type`: Settings used if a downloaded file is not in |
| 134 the above list. `extension` is ignored, but other settings are used. | 140 the above list. `extension` is ignored, but other settings are used. |
| 135 The ping_setting should be SAMPLED_PING for all platforms. | 141 The ping_setting should be SAMPLED_PING for all platforms. |
| 136 | 142 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2060923002:
Neutralize dangerous subresource files during Save Page. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@save-package-cleanup-1