Add check for file:-navigations from PDFs

chrome/browser/resources/pdf/navigator.js

Index: chrome/browser/resources/pdf/navigator.js
diff --git a/chrome/browser/resources/pdf/navigator.js b/chrome/browser/resources/pdf/navigator.js
index 1e9a13c6b25e366f3f663e714387d9c66f9771a3..ba6b7e0e84c84d388990f6c36b866f27ac118965 100644
--- a/chrome/browser/resources/pdf/navigator.js
+++ b/chrome/browser/resources/pdf/navigator.js
@@ -8,12 +8,9 @@
  * Creates a new NavigatorDelegate for calling browser-specific functions to
  * do the actual navigating.
  * @param {boolean} isInTab Indicates if the PDF viewer is displayed in a tab.
- * @param {boolean} isSourceFileUrl Indicates if the navigation source is a
- *     file:// URL.
  */
-function NavigatorDelegate(isInTab, isSourceFileUrl) {
+function NavigatorDelegate(isInTab) {
   this.isInTab_ = isInTab;
-  this.isSourceFileUrl_ = isSourceFileUrl;
 }
 
 /**
@@ -41,7 +38,7 @@ NavigatorDelegate.prototype = {
   navigateInCurrentTab: function(url) {
     // When the PDFviewer is inside a browser tab, prefer the tabs API because
     // it can navigate from one file:// URL to another.
-    if (chrome.tabs && this.isInTab_ && this.isSourceFileUrl_)
+    if (chrome.tabs && this.isInTab_)
       chrome.tabs.update({url: url});
     else
       window.location.href = url;
@@ -174,7 +171,7 @@ Navigator.prototype = {
 
   /**
    * @private
-   * Checks if the URL starts with a scheme and s not just a scheme.
+   * Checks if the URL starts with a scheme and is not just a scheme.
    * @param {string} The input URL
    * @return {boolean} Whether the url is valid.
    */
@@ -188,6 +185,11 @@ Navigator.prototype = {
       return false;
     }
 
+    // Navigations to file:-URLs are only allowed from file:-URLs.
+    if (url.startsWith('file:') && !this.originalUrl_.startsWith('file:'))
+      return false;
+
+
     // Make sure |url| is not only a scheme.
     if (url == 'http://' ||
         url == 'https://' ||