|
|
Merge 259353 "Mark drags starting in web content as tainted to a..."
> Mark drags starting in web content as tainted to avoid file path forgery
>
> This patch takes the simplest possible approach and simply clears any
> filename data when the browser-side dragenter handler notices that a
> drag originated from a Chrome renderer. This breaks file:// URL dragging
> within Chrome, but it turns out this is already mostly broken anyway.
> Dragging file:// URLs is filtered out by FilterURL, since we don't
> GrantRequestSpecificFileURL to the renderer, so it generally ends up
> loading about:blank anyway.
>
> The ChromeOS bits are left unimplemented for the moment. The specific
> security issues fixed by this patch don't presently affect Aura because
> it doesn't implement the DownloadURL protocol at all, and it doesn't
> get confused between URLs and filenames like Linux. While it would be
> nice to implement this for ChromeOS, doing so breaks drags from the
> File Manager app.
>
> BUG= 346135
> R=creis@chromium.org, erg@chromium.org, sky@chromium.org, tony@chromium.org, tsepez@chromium.org
>
> Review URL: https://codereview.chromium.org/207013003
TBR=dcheng@chromium.org
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=260001
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+119 lines, -8 lines) |
Patch |
 |
M |
content/browser/renderer_host/render_view_host_impl.cc
|
View
|
|
1 chunk |
+3 lines, -0 lines |
0 comments
|
Download
|
|
M |
content/browser/web_contents/web_contents_view_aura.cc
|
View
|
|
2 chunks |
+3 lines, -0 lines |
0 comments
|
Download
|
|
M |
content/browser/web_contents/web_drag_dest_gtk.cc
|
View
|
|
2 chunks |
+6 lines, -1 line |
0 comments
|
Download
|
|
M |
content/browser/web_contents/web_drag_dest_mac.mm
|
View
|
|
1 chunk |
+3 lines, -0 lines |
0 comments
|
Download
|
|
M |
content/browser/web_contents/web_drag_source_gtk.cc
|
View
|
|
2 chunks |
+12 lines, -1 line |
0 comments
|
Download
|
|
M |
content/public/common/drop_data.h
|
View
|
|
2 chunks |
+6 lines, -1 line |
0 comments
|
Download
|
|
M |
content/public/common/drop_data.cc
|
View
|
|
1 chunk |
+2 lines, -2 lines |
0 comments
|
Download
|
|
M |
ui/base/clipboard/clipboard_aurax11.cc
|
View
|
|
1 chunk |
+5 lines, -2 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/gtk_dnd_util.h
|
View
|
|
1 chunk |
+5 lines, -1 line |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/gtk_dnd_util.cc
|
View
|
|
2 chunks |
+10 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data.h
|
View
|
|
2 chunks |
+9 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data.cc
|
View
|
|
1 chunk |
+8 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_aura.h
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_aura.cc
|
View
|
|
1 chunk |
+9 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_aurax11.h
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_aurax11.cc
|
View
|
|
3 chunks |
+14 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_win.h
|
View
|
|
1 chunk |
+2 lines, -0 lines |
0 comments
|
Download
|
|
M |
ui/base/dragdrop/os_exchange_data_provider_win.cc
|
View
|
|
2 chunks |
+18 lines, -0 lines |
0 comments
|
Download
|
Total messages: 2 (0 generated)
|
Chromium Code Reviews
Issue
212693004:
Merge 259353 "Mark drags starting in web content as tainted to a..." (Closed)
