Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2504)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/web_contents/web_drag_source_gtk.cc

Issue 207013003: Mark drags starting in web content as tainted to avoid file path forgery (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Cleanup Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/renderer_host/render_view_host_impl.cc ('K') | « content/browser/web_contents/web_drag_dest_mac.mm ('k') | content/public/common/drop_data.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/web_contents/web_drag_source_gtk.h" 5 #include "content/browser/web_contents/web_drag_source_gtk.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/nix/mime_util_xdg.h" 9 #include "base/nix/mime_util_xdg.h"
10 #include "base/strings/utf_string_conversions.h" 10 #include "base/strings/utf_string_conversions.h"
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after
72 WebDragOperationsMask allowed_ops, 72 WebDragOperationsMask allowed_ops,
73 GdkEventButton* last_mouse_down, 73 GdkEventButton* last_mouse_down,
74 const SkBitmap& image, 74 const SkBitmap& image,
75 const gfx::Vector2d& image_offset) { 75 const gfx::Vector2d& image_offset) {
76 // Guard against re-starting before previous drag completed. 76 // Guard against re-starting before previous drag completed.
77 if (drag_context_) { 77 if (drag_context_) {
78 NOTREACHED(); 78 NOTREACHED();
79 return false; 79 return false;
80 } 80 }
81 81
82 int targets_mask = 0; 82 int targets_mask = ui::RENDERER_TAINT;
83 83
84 if (!drop_data.text.string().empty()) 84 if (!drop_data.text.string().empty())
85 targets_mask |= ui::TEXT_PLAIN; 85 targets_mask |= ui::TEXT_PLAIN;
86 if (drop_data.url.is_valid()) { 86 if (drop_data.url.is_valid()) {
87 targets_mask |= ui::TEXT_URI_LIST; 87 targets_mask |= ui::TEXT_URI_LIST;
88 targets_mask |= ui::CHROME_NAMED_URL; 88 targets_mask |= ui::CHROME_NAMED_URL;
89 targets_mask |= ui::NETSCAPE_URL; 89 targets_mask |= ui::NETSCAPE_URL;
90 } 90 }
91 if (!drop_data.html.string().empty()) 91 if (!drop_data.html.string().empty())
92 targets_mask |= ui::TEXT_HTML; 92 targets_mask |= ui::TEXT_HTML;
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
278 ui::WriteCustomDataToPickle(drop_data_->custom_data, &custom_data); 278 ui::WriteCustomDataToPickle(drop_data_->custom_data, &custom_data);
279 gtk_selection_data_set( 279 gtk_selection_data_set(
280 selection_data, 280 selection_data,
281 ui::GetAtomForTarget(ui::CUSTOM_DATA), 281 ui::GetAtomForTarget(ui::CUSTOM_DATA),
282 kBitsPerByte, 282 kBitsPerByte,
283 reinterpret_cast<const guchar*>(custom_data.data()), 283 reinterpret_cast<const guchar*>(custom_data.data()),
284 custom_data.size()); 284 custom_data.size());
285 break; 285 break;
286 } 286 }
287 287
288 case ui::RENDERER_TAINT: {
289 static const char kPlaceholder[] = "x";
290 gtk_selection_data_set(
291 selection_data,
292 ui::GetAtomForTarget(ui::RENDERER_TAINT),
293 kBitsPerByte,
294 reinterpret_cast<const guchar*>(kPlaceholder),
295 strlen(kPlaceholder));
296 break;
297 }
298
288 default: 299 default:
289 NOTREACHED(); 300 NOTREACHED();
290 } 301 }
291 } 302 }
292 303
293 gboolean WebDragSourceGtk::OnDragFailed(GtkWidget* sender, 304 gboolean WebDragSourceGtk::OnDragFailed(GtkWidget* sender,
294 GdkDragContext* context, 305 GdkDragContext* context,
295 GtkDragResult result) { 306 GtkDragResult result) {
296 drag_failed_ = true; 307 drag_failed_ = true;
297 308
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
394 cairo_clip(cr); 405 cairo_clip(cr);
395 cairo_set_operator(cr, CAIRO_OPERATOR_SOURCE); 406 cairo_set_operator(cr, CAIRO_OPERATOR_SOURCE);
396 gdk_cairo_set_source_pixbuf(cr, drag_pixbuf_, 0, 0); 407 gdk_cairo_set_source_pixbuf(cr, drag_pixbuf_, 0, 0);
397 cairo_paint(cr); 408 cairo_paint(cr);
398 cairo_destroy(cr); 409 cairo_destroy(cr);
399 410
400 return TRUE; 411 return TRUE;
401 } 412 }
402 413
403 } // namespace content 414 } // namespace content
OLDNEW
« content/browser/renderer_host/render_view_host_impl.cc ('K') | « content/browser/web_contents/web_drag_dest_mac.mm ('k') | content/public/common/drop_data.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698