| Index: content/browser/renderer_host/render_view_host_impl.cc
|
| diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
|
| index 463b5d1e0432dda6abf647fba21089dde042d18f..c38fda8b8387bf30cb65f29b070ffdc0ae494ea6 100644
|
| --- a/content/browser/renderer_host/render_view_host_impl.cc
|
| +++ b/content/browser/renderer_host/render_view_host_impl.cc
|
| @@ -856,7 +856,6 @@ bool RenderViewHostImpl::OnMessageReceived(const IPC::Message& msg) {
|
| OnDidContentsPreferredSizeChange)
|
| IPC_MESSAGE_HANDLER(ViewHostMsg_RouteCloseEvent,
|
| OnRouteCloseEvent)
|
| - IPC_MESSAGE_HANDLER(DragHostMsg_StartDragging, OnStartDragging)
|
| IPC_MESSAGE_HANDLER(DragHostMsg_UpdateDragCursor, OnUpdateDragCursor)
|
| IPC_MESSAGE_HANDLER(ViewHostMsg_TakeFocus, OnTakeFocus)
|
| IPC_MESSAGE_HANDLER(ViewHostMsg_FocusedNodeChanged, OnFocusedNodeChanged)
|
| @@ -999,63 +998,6 @@ void RenderViewHostImpl::OnRouteCloseEvent() {
|
| delegate_->RouteCloseEvent(this);
|
| }
|
|
|
| -void RenderViewHostImpl::OnStartDragging(
|
| - const DropData& drop_data,
|
| - WebDragOperationsMask drag_operations_mask,
|
| - const SkBitmap& bitmap,
|
| - const gfx::Vector2d& bitmap_offset_in_dip,
|
| - const DragEventSourceInfo& event_info) {
|
| - RenderViewHostDelegateView* view = delegate_->GetDelegateView();
|
| - if (!view) {
|
| - // Need to clear drag and drop state in blink.
|
| - DragSourceSystemDragEnded();
|
| - return;
|
| - }
|
| -
|
| - DropData filtered_data(drop_data);
|
| - RenderProcessHost* process = GetProcess();
|
| - ChildProcessSecurityPolicyImpl* policy =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| -
|
| - // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar.
|
| - if (!filtered_data.url.SchemeIs(url::kJavaScriptScheme))
|
| - process->FilterURL(true, &filtered_data.url);
|
| - process->FilterURL(false, &filtered_data.html_base_url);
|
| - // Filter out any paths that the renderer didn't have access to. This prevents
|
| - // the following attack on a malicious renderer:
|
| - // 1. StartDragging IPC sent with renderer-specified filesystem paths that it
|
| - // doesn't have read permissions for.
|
| - // 2. We initiate a native DnD operation.
|
| - // 3. DnD operation immediately ends since mouse is not held down. DnD events
|
| - // still fire though, which causes read permissions to be granted to the
|
| - // renderer for any file paths in the drop.
|
| - filtered_data.filenames.clear();
|
| - for (std::vector<ui::FileInfo>::const_iterator it =
|
| - drop_data.filenames.begin();
|
| - it != drop_data.filenames.end();
|
| - ++it) {
|
| - if (policy->CanReadFile(GetProcess()->GetID(), it->path))
|
| - filtered_data.filenames.push_back(*it);
|
| - }
|
| -
|
| - storage::FileSystemContext* file_system_context =
|
| - BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(),
|
| - GetSiteInstance())
|
| - ->GetFileSystemContext();
|
| - filtered_data.file_system_files.clear();
|
| - for (size_t i = 0; i < drop_data.file_system_files.size(); ++i) {
|
| - storage::FileSystemURL file_system_url =
|
| - file_system_context->CrackURL(drop_data.file_system_files[i].url);
|
| - if (policy->CanReadFileSystemFile(GetProcess()->GetID(), file_system_url))
|
| - filtered_data.file_system_files.push_back(drop_data.file_system_files[i]);
|
| - }
|
| -
|
| - float scale = GetScaleFactorForView(GetWidget()->GetView());
|
| - gfx::ImageSkia image(gfx::ImageSkiaRep(bitmap, scale));
|
| - view->StartDragging(filtered_data, drag_operations_mask, image,
|
| - bitmap_offset_in_dip, event_info);
|
| -}
|
| -
|
| void RenderViewHostImpl::OnUpdateDragCursor(WebDragOperation current_op) {
|
| RenderViewHostDelegateView* view = delegate_->GetDelegateView();
|
| if (view)
|
|
|