Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(731)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/download/download_target_determiner.cc

Issue 2090013006: [Downloads] Correctly test page transition when calculating danger level. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Update comment Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/download/download_target_determiner_unittest.cc » ('j') | chrome/browser/download/download_target_determiner_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/download/download_target_determiner.cc
diff --git a/chrome/browser/download/download_target_determiner.cc b/chrome/browser/download/download_target_determiner.cc
index 0c13dcd669467f724a7075fea077b136bc8f5f1e..492b8d181e91ce31a988d018e25ae5f6dcf4a8c7 100644
--- a/chrome/browser/download/download_target_determiner.cc
+++ b/chrome/browser/download/download_target_determiner.cc
@@ -884,17 +884,24 @@ DownloadFileType::DangerLevel DownloadTargetDeterminer::GetDangerLevel(
safe_browsing::FileTypePolicies::GetInstance()->GetFileDangerLevel(
virtual_path_.BaseName());
- // If the danger level is ALLOW_ON_USER_GESTURE and we have a user gesture AND
- // there was a recorded visit to the referrer prior to today, then we are
- // going to downgrade the danger_level to NOT_DANGEROUS. This prevents
- // spurious prompting for moderately dangerous files that are downloaded from
- // familiar sites.
- // TODO(asanka): Check PAGE_TRANSITION_FROM_ADDRESS_BAR bit instead of
- // comparing all bits with PageTransitionTypeIncludingQualifiersIs().
+ // A danger level of ALLOW_ON_USER_GESTURE is used to label potentially
+ // dangerous file types that have a high frequency of legitimate use. We would
+ // like to avoid prompting for the legitimate cases as much as possible. To
+ // that end, we consider a download to be legitimate if one of the following
+ // is true, and avoid prompting:
+ //
+ // * If the user navigated to the download URL via the omnibox (either by
Peter Kasting 2016/06/29 23:35:01 Nit: Remove "If" from both of these bullets (you a
asanka 2016/06/30 15:48:52 Done.
+ // typing the URL, pasting it, or using search).
+ //
+ // * If the navigation that initiated the download has a user gesture
+ // associated with it AND the user the user is familiar with the referring
+ // origin.
+ //
+ // A user is considered familiar with a referring origin if a visit for a page
Peter Kasting 2016/06/29 23:35:01 Nit: I'd move this to the end of the second bullet
asanka 2016/06/30 15:48:52 Done.
+ // from the same origin was recorded on the previous day or earlier.
if (danger_level == DownloadFileType::ALLOW_ON_USER_GESTURE &&
- (ui::PageTransitionTypeIncludingQualifiersIs(
- download_->GetTransitionType(),
- ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) ||
+ ((download_->GetTransitionType() &
+ ui::PAGE_TRANSITION_FROM_ADDRESS_BAR) != 0 ||
(download_->HasUserGesture() && visits == VISITED_REFERRER)))
return DownloadFileType::NOT_DANGEROUS;
return danger_level;
« no previous file with comments | « no previous file | chrome/browser/download/download_target_determiner_unittest.cc » ('j') | chrome/browser/download/download_target_determiner_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698