chrome/browser/external_protocol_handler.cc - Issue 240002: Hook up external protocol handler to user gestures to prevent malicious sites...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/external_protocol_handler.cc

Issue 240002: Hook up external protocol handler to user gestures to prevent malicious sites... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Created 11 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/external_protocol_handler.cc

===================================================================

--- chrome/browser/external_protocol_handler.cc (revision 26890)

+++ chrome/browser/external_protocol_handler.cc (working copy)

@@ -20,6 +20,11 @@

#include "googleurl/src/gurl.h"

#include "net/base/escape.h"

+// Whether we accept requests for launching external protocols. This is set to

+// false every time an external protocol is requested, and set back to true on

+// each user gesture. This variable should only be accessed from the UI thread.

+static bool g_accept_requests = true;

// static

void ExternalProtocolHandler::PrepopulateDictionary(DictionaryValue* win_pref) {

static bool is_warm = false;

@@ -73,6 +78,10 @@

// static

ExternalProtocolHandler::BlockState ExternalProtocolHandler::GetBlockState(

const std::wstring& scheme) {

+ // If we are being carpet bombed, block the request.

+ if (!g_accept_requests)

+ return BLOCK;

if (scheme.length() == 1) {

// We have a URL that looks something like:

// C:/WINDOWS/system32/notepad.exe

@@ -104,6 +113,8 @@

void ExternalProtocolHandler::LaunchUrl(const GURL& url,

int render_process_host_id,

int tab_contents_id) {

+ DCHECK_EQ(MessageLoop::TYPE_UI, MessageLoop::current()->type());

// Escape the input scheme to be sure that the command does not

// have parameters unexpected by the external program.

std::string escaped_url_string = EscapeExternalHandlerValue(url.spec());

@@ -114,6 +125,7 @@

if (block_state == UNKNOWN) {

#if defined(OS_WIN) || defined(TOOLKIT_GTK)

+ g_accept_requests = false;

// Ask the user if they want to allow the protocol. This will call

// LaunchUrlWithoutSecurityCheck if the user decides to accept the protocol.

RunExternalProtocolDialog(escaped_url,

@@ -131,7 +143,7 @@

// static

void ExternalProtocolHandler::LaunchUrlWithoutSecurityCheck(const GURL& url) {

#if defined(OS_MACOSX)

- // This must run on the main thread on OS X.

+ // This must run on the UI thread on OS X.

platform_util::OpenExternal(url);

#else

// Otherwise put this work on the file thread. On Windows ShellExecute may

@@ -150,3 +162,9 @@

void ExternalProtocolHandler::RegisterPrefs(PrefService* prefs) {

prefs->RegisterDictionaryPref(prefs::kExcludedSchemes);

}

+// static

+void ExternalProtocolHandler::OnUserGesture() {

+ DCHECK_EQ(MessageLoop::TYPE_UI, MessageLoop::current()->type());

+ g_accept_requests = true;

« no previous file with comments | « chrome/browser/external_protocol_handler.h ('k') | chrome/browser/gtk/external_protocol_dialog_gtk.cc » ('j') | no next file with comments »