Mark drags starting in web content as tainted to avoid file path forgery

ui/base/dragdrop/os_exchange_data.h

Index: ui/base/dragdrop/os_exchange_data.h
diff --git a/ui/base/dragdrop/os_exchange_data.h b/ui/base/dragdrop/os_exchange_data.h
index 8b848ce9ae6176478da534a93e353a03d89711f3..eba463beea4f4f3fb8702dce3e6be0d2b956e23b 100644
--- a/ui/base/dragdrop/os_exchange_data.h
+++ b/ui/base/dragdrop/os_exchange_data.h
@@ -102,6 +102,9 @@ class UI_BASE_EXPORT OSExchangeData {
 
     virtual Provider* Clone() const = 0;
 
+    virtual void MarkOriginatedFromRenderer() = 0;
+    virtual bool DidOriginateFromRenderer() const = 0;
+
     virtual void SetString(const base::string16& data) = 0;
     virtual void SetURL(const GURL& url, const base::string16& title) = 0;
     virtual void SetFilename(const base::FilePath& path) = 0;
@@ -163,6 +166,12 @@ class UI_BASE_EXPORT OSExchangeData {
   const Provider& provider() const { return *provider_; }
   Provider& provider() { return *provider_; }
 
+  // Marks drag data as tainted if it originates from the renderer. This is used
+  // to avoid granting privileges to a renderer when dragging in tainted data,
+  // since it could allow potential escalation of privileges.
+  void MarkOriginatedFromRenderer();
+  bool DidOriginateFromRenderer() const;
+
   // These functions add data to the OSExchangeData object of various Chrome
   // types. The OSExchangeData object takes care of translating the data into
   // a format suitable for exchange with the OS.