Neutralize dangerous subresource files during Save Page.

chrome/browser/resources/safe_browsing/README.md

Index: chrome/browser/resources/safe_browsing/README.md
diff --git a/chrome/browser/resources/safe_browsing/README.md b/chrome/browser/resources/safe_browsing/README.md
index d61aafff67c4d23b8dea5dddb84a0be33e5b5ccf..9740245c09ea396ea7ea6ea5a9663df60a08301a 100644
--- a/chrome/browser/resources/safe_browsing/README.md
+++ b/chrome/browser/resources/safe_browsing/README.md
@@ -66,6 +66,16 @@ See `download_file_types.proto` for all fields.
        3. The `default_file_type`'s settings will be filled in.
 
   * `platform_settings.danger_level`: (required)
+    Note that this policy affects how individual file downloads are handled as
+    well as how subresources are handled for *"Save As ..."* download of a
+    complete web page.
+
+    For *"Save As ..."* downloads, if any subresource ends up with a file type
+    that is considered `DANGEROUS` or `ALLOW_ON_USER_GESTURE`, then the filename
+    will be changed to end in `.download` to prevent the accidental opening of a
+    dangerous file that was only meant to be consumed as a subresource of a web
+    page.
+

[asanka, 2016/06/16 18:51:17]

+nparker: PTAL?

[Nathan Parker, 2016/06/16 20:34:03]

LGTM.  Thanks.

     * `NOT_DANGEROUS`: Safe to download and open, even if the download
        was accidental.
     * `DANGEROUS`: Always warn the user that this file may harm their