Mark drags starting in web content as tainted to avoid file path forgery

ui/base/dragdrop/os_exchange_data_provider_aurax11.cc

Index: ui/base/dragdrop/os_exchange_data_provider_aurax11.cc
diff --git a/ui/base/dragdrop/os_exchange_data_provider_aurax11.cc b/ui/base/dragdrop/os_exchange_data_provider_aurax11.cc
index 15ab97d357b2ce28ddab63ed4f9a97ac137f4c9f..fb54cc9ab74366f2920d1d40f8a82ae7c34dc3a4 100644
--- a/ui/base/dragdrop/os_exchange_data_provider_aurax11.cc
+++ b/ui/base/dragdrop/os_exchange_data_provider_aurax11.cc
@@ -25,6 +25,7 @@ namespace ui {
 namespace {
 
 const char kDndSelection[] = "XdndSelection";
+const char kRendererTaint[] = "chromium/x-renderer-taint";
 
 const char* kAtomsToCache[] = {
   kString,
@@ -34,6 +35,7 @@ const char* kAtomsToCache[] = {
   Clipboard::kMimeTypeURIList,
   kMimeTypeMozillaURL,
   Clipboard::kMimeTypeText,
+  kRendererTaint,
   NULL
 };
 
@@ -108,6 +110,18 @@ OSExchangeData::Provider* OSExchangeDataProviderAuraX11::Clone() const {
   return ret;
 }
 
+void OSExchangeDataProviderAuraX11::MarkRendererTainted() {
+  std::string empty;
+  format_map_.Insert(atom_cache_.GetAtom(kRendererTaint),
+                     scoped_refptr<base::RefCountedMemory>(
+                         base::RefCountedString::TakeString(&empty)));
+}
+
+bool OSExchangeDataProviderAuraX11::IsRendererTainted() const {
+  return format_map_.find(atom_cache_.GetAtom(kRendererTaint)) !=
+         format_map_.end();

[tony, 2014/03/21 23:09:00]

Nit: Is this the correct indent?  I thought it was always 4 spaces.

[dcheng, 2014/03/21 23:57:07]

This is what clang-format said. I didn't clang format the entire CL though, as
it results in some more radical changes that would be better to avoid for ease
of merges.

+}
+
 void OSExchangeDataProviderAuraX11::SetString(const base::string16& text_data) {
   std::string utf8 = base::UTF16ToUTF8(text_data);
   scoped_refptr<base::RefCountedMemory> mem(