 Chromium Code Reviews
 Chromium Code Reviews Issue 207013003:
  Mark drags starting in web content as tainted to avoid file path forgery  (Closed) 
  Base URL: svn://svn.chromium.org/chrome/trunk/src
    
  
    Issue 207013003:
  Mark drags starting in web content as tainted to avoid file path forgery  (Closed) 
  Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/browser/renderer_host/render_view_host_impl.cc | 
| diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc | 
| index d7b5686b9f8ec631b0b3de789ef6a6700c85fd1c..494f256ad755136a3d5c1ae1cc7fc4aaedf5e8a6 100644 | 
| --- a/content/browser/renderer_host/render_view_host_impl.cc | 
| +++ b/content/browser/renderer_host/render_view_host_impl.cc | 
| @@ -749,6 +749,9 @@ void RenderViewHostImpl::DragTargetDragEnter( | 
| // and can't be interpreted as a capability. | 
| DropData filtered_data(drop_data); | 
| GetProcess()->FilterURL(true, &filtered_data.url); | 
| + if (drop_data.did_originate_from_renderer) { | 
| 
Charlie Reis
2014/03/24 21:19:10
nit: No need for braces here.
 | 
| + filtered_data.filenames.clear(); | 
| + } | 
| // The filenames vector, on the other hand, does represent a capability to | 
| // access the given files. |