Mark drags starting in web content as tainted to avoid file path forgery

ui/base/dragdrop/gtk_dnd_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ui/base/dragdrop/gtk_dnd_util.h"
 
 #include <string>
 
 #include "base/logging.h"
 #include "base/pickle.h"
@@ skipping 37 matching lines @@
     case ui::DIRECT_SAVE_FILE:
       gtk_target_list_add(targets,
           ui::GetAtomForTarget(ui::DIRECT_SAVE_FILE), 0, ui::DIRECT_SAVE_FILE);
       break;
 
     case ui::CUSTOM_DATA:
       gtk_target_list_add(targets,
           ui::GetAtomForTarget(ui::CUSTOM_DATA), 0, ui::CUSTOM_DATA);
       break;
 
+    case ui::RENDERER_TAINT:
+      gtk_target_list_add(targets,
+          ui::GetAtomForTarget(ui::RENDERER_TAINT), 0, ui::RENDERER_TAINT);
+      break;
+
     default:
       NOTREACHED() << " Unexpected target code: " << target_code;
   }
 }
 
 }  // namespace
 
 GdkAtom GetAtomForTarget(int target) {
   switch (target) {
     case CHROME_TAB:
@@ skipping 39 matching lines @@
     case DIRECT_SAVE_FILE:
       static const GdkAtom kXdsAtom = gdk_atom_intern(
           "XdndDirectSave0", false);
       return kXdsAtom;
 
     case CUSTOM_DATA:
       static const GdkAtom kCustomData = gdk_atom_intern(
           kMimeTypeWebCustomData, false);
       return kCustomData;
 
+    case RENDERER_TAINT:
+      static const GdkAtom kRendererTaint = gdk_atom_intern(
+          "chromium/x-renderer-taint", false);
+      return kRendererTaint;
+
     default:
       NOTREACHED();
   }
 
   return NULL;
 }
 
 GtkTargetList* GetTargetListFromCodeMask(int code_mask) {
   GtkTargetList* targets = gtk_target_list_new(NULL, 0);
 
@@ skipping 139 matching lines @@
   GURL gurl(data.substr(0, newline));
   if (!gurl.is_valid())
     return false;
 
   *url = gurl;
   *title = base::UTF8ToUTF16(data.substr(newline + 1));
   return true;
 }
 
 }  // namespace ui