Merge 259353 "Mark drags starting in web content as tainted to a..."

ui/base/dragdrop/os_exchange_data.h

Index: ui/base/dragdrop/os_exchange_data.h
===================================================================
--- ui/base/dragdrop/os_exchange_data.h	(revision 259999)
+++ ui/base/dragdrop/os_exchange_data.h	(working copy)
@@ -102,6 +102,9 @@
 
     virtual Provider* Clone() const = 0;
 
+    virtual void MarkOriginatedFromRenderer() = 0;
+    virtual bool DidOriginateFromRenderer() const = 0;
+
     virtual void SetString(const base::string16& data) = 0;
     virtual void SetURL(const GURL& url, const base::string16& title) = 0;
     virtual void SetFilename(const base::FilePath& path) = 0;
@@ -163,6 +166,12 @@
   const Provider& provider() const { return *provider_; }
   Provider& provider() { return *provider_; }
 
+  // Marks drag data as tainted if it originates from the renderer. This is used
+  // to avoid granting privileges to a renderer when dragging in tainted data,
+  // since it could allow potential escalation of privileges.
+  void MarkOriginatedFromRenderer();
+  bool DidOriginateFromRenderer() const;
+
   // These functions add data to the OSExchangeData object of various Chrome
   // types. The OSExchangeData object takes care of translating the data into
   // a format suitable for exchange with the OS.