chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm - Issue 2346023002: Ignore Javascript urls dropped on tabs (Mac version)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

Issue 2346023002: Ignore Javascript urls dropped on tabs (Mac version) (Closed)

Patch Set: Move return to a new line Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

diff --git a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

index f52d2b9526d9caf3ff25cfc48aa8a7c2b647416c..a8851d3e0b815ac94ffbbf0f206f3dbafa9bb665 100644

--- a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

+++ b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm

@@ -1150,10 +1150,13 @@ class NotificationBridge : public AppMenuIconController::Delegate {

GURL url(url_formatter::FixupURL(

base::SysNSStringToUTF8([urls objectAtIndex:0]), std::string()));

+ // Security: Sanitize text to prevent self-XSS.

if (url.SchemeIs(url::kJavaScriptScheme)) {

browser_->window()->GetLocationBar()->GetOmniboxView()->SetUserText(

OmniboxView::StripJavascriptSchemas(base::UTF8ToUTF16(url.spec())));

+ return;

}

OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB,

ui::PAGE_TRANSITION_TYPED, false);

browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params);

@@ -1172,6 +1175,10 @@ class NotificationBridge : public AppMenuIconController::Delegate {

metrics::OmniboxEventProto::BLANK, &match, NULL);

GURL url(match.destination_url);

+ // Security: Block JavaScript to prevent self-XSS.

+ if (url.SchemeIs(url::kJavaScriptScheme))

+ return;

OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB,

ui::PAGE_TRANSITION_TYPED, false);

browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params);

« no previous file with comments | « chrome/browser/ui/cocoa/tabs/tab_strip_controller.mm ('k') | no next file » | no next file with comments »