OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #import "chrome/browser/ui/cocoa/toolbar/toolbar_controller.h" | 5 #import "chrome/browser/ui/cocoa/toolbar/toolbar_controller.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/mac/bundle_locations.h" | 9 #include "base/mac/bundle_locations.h" |
10 #include "base/mac/foundation_util.h" | 10 #include "base/mac/foundation_util.h" |
(...skipping 1132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1143 } | 1143 } |
1144 | 1144 |
1145 // TODO(viettrungluu): dropping multiple URLs? | 1145 // TODO(viettrungluu): dropping multiple URLs? |
1146 if ([urls count] > 1) | 1146 if ([urls count] > 1) |
1147 NOTIMPLEMENTED(); | 1147 NOTIMPLEMENTED(); |
1148 | 1148 |
1149 // Get the first URL and fix it up. | 1149 // Get the first URL and fix it up. |
1150 GURL url(url_formatter::FixupURL( | 1150 GURL url(url_formatter::FixupURL( |
1151 base::SysNSStringToUTF8([urls objectAtIndex:0]), std::string())); | 1151 base::SysNSStringToUTF8([urls objectAtIndex:0]), std::string())); |
1152 | 1152 |
1153 // Security: Sanitize text to prevent self-XSS | |
Avi (use Gerrit)
2016/09/16 18:31:09
Comments are full sentences; end them with a full-
elawrence
2016/09/16 19:02:16
Done.
| |
1153 if (url.SchemeIs(url::kJavaScriptScheme)) { | 1154 if (url.SchemeIs(url::kJavaScriptScheme)) { |
1154 browser_->window()->GetLocationBar()->GetOmniboxView()->SetUserText( | 1155 browser_->window()->GetLocationBar()->GetOmniboxView()->SetUserText( |
1155 OmniboxView::StripJavascriptSchemas(base::UTF8ToUTF16(url.spec()))); | 1156 OmniboxView::StripJavascriptSchemas(base::UTF8ToUTF16(url.spec()))); |
1157 return; | |
1156 } | 1158 } |
1159 | |
1157 OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB, | 1160 OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB, |
1158 ui::PAGE_TRANSITION_TYPED, false); | 1161 ui::PAGE_TRANSITION_TYPED, false); |
1159 browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); | 1162 browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); |
1160 } | 1163 } |
1161 | 1164 |
1162 // (URLDropTargetController protocol) | 1165 // (URLDropTargetController protocol) |
1163 - (void)dropText:(NSString*)text inView:(NSView*)view at:(NSPoint)point { | 1166 - (void)dropText:(NSString*)text inView:(NSView*)view at:(NSPoint)point { |
1164 // TODO(viettrungluu): This code is more or less copied from the code in | 1167 // TODO(viettrungluu): This code is more or less copied from the code in |
1165 // |TabStripController|. I'll refactor this soon to make it common and expand | 1168 // |TabStripController|. I'll refactor this soon to make it common and expand |
1166 // its capabilities (e.g., allow text DnD). | 1169 // its capabilities (e.g., allow text DnD). |
1167 | 1170 |
1168 // If the input is plain text, classify the input and make the URL. | 1171 // If the input is plain text, classify the input and make the URL. |
1169 AutocompleteMatch match; | 1172 AutocompleteMatch match; |
1170 AutocompleteClassifierFactory::GetForProfile(browser_->profile())->Classify( | 1173 AutocompleteClassifierFactory::GetForProfile(browser_->profile())->Classify( |
1171 base::SysNSStringToUTF16(text), false, false, | 1174 base::SysNSStringToUTF16(text), false, false, |
1172 metrics::OmniboxEventProto::BLANK, &match, NULL); | 1175 metrics::OmniboxEventProto::BLANK, &match, NULL); |
1173 GURL url(match.destination_url); | 1176 GURL url(match.destination_url); |
1174 | 1177 |
1178 // Security: Block JavaScript to prevent self-XSS | |
Avi (use Gerrit)
2016/09/16 18:31:09
ditto.
elawrence
2016/09/16 19:02:16
Done.
| |
1179 if (url.SchemeIs(url::kJavaScriptScheme)) { | |
1180 return; | |
1181 } | |
1182 | |
1175 OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB, | 1183 OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB, |
1176 ui::PAGE_TRANSITION_TYPED, false); | 1184 ui::PAGE_TRANSITION_TYPED, false); |
1177 browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); | 1185 browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); |
1178 } | 1186 } |
1179 | 1187 |
1180 // (URLDropTargetController protocol) | 1188 // (URLDropTargetController protocol) |
1181 - (void)indicateDropURLsInView:(NSView*)view at:(NSPoint)point { | 1189 - (void)indicateDropURLsInView:(NSView*)view at:(NSPoint)point { |
1182 // Do nothing. | 1190 // Do nothing. |
1183 } | 1191 } |
1184 | 1192 |
1185 // (URLDropTargetController protocol) | 1193 // (URLDropTargetController protocol) |
1186 - (void)hideDropURLsIndicatorInView:(NSView*)view { | 1194 - (void)hideDropURLsIndicatorInView:(NSView*)view { |
1187 // Do nothing. | 1195 // Do nothing. |
1188 } | 1196 } |
1189 | 1197 |
1190 // (URLDropTargetController protocol) | 1198 // (URLDropTargetController protocol) |
1191 - (BOOL)isUnsupportedDropData:(id<NSDraggingInfo>)info { | 1199 - (BOOL)isUnsupportedDropData:(id<NSDraggingInfo>)info { |
1192 return drag_util::IsUnsupportedDropData(profile_, info); | 1200 return drag_util::IsUnsupportedDropData(profile_, info); |
1193 } | 1201 } |
1194 | 1202 |
1195 @end | 1203 @end |
OLD | NEW |