Index: chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm |
diff --git a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm |
index f378828cfdf1d40db7a1f5e4733f2a893c25afbf..d38709ad5dec5bf05e3d7ba3d99b187c9d62fd41 100644 |
--- a/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm |
+++ b/chrome/browser/ui/cocoa/toolbar/toolbar_controller.mm |
@@ -1028,24 +1028,19 @@ class NotificationBridge : public AppMenuIconController::Delegate { |
return; |
} |
- // TODO(viettrungluu): dropping multiple URLs? |
- if ([urls count] > 1) |
- NOTIMPLEMENTED(); |
- |
- // Get the first URL and fix it up. |
- GURL url(url_formatter::FixupURL( |
- base::SysNSStringToUTF8([urls objectAtIndex:0]), std::string())); |
- |
- // Security: Sanitize text to prevent self-XSS. |
- if (url.SchemeIs(url::kJavaScriptScheme)) { |
- browser_->window()->GetLocationBar()->GetOmniboxView()->SetUserText( |
- OmniboxView::StripJavascriptSchemas(base::UTF8ToUTF16(url.spec()))); |
- return; |
+ for (id urlString in urls) { |
+ GURL url(GURL(url_formatter::FixupURL(base::SysNSStringToUTF8(urlString), |
+ std::string()))); |
Avi (use Gerrit)
2016/11/13 22:55:56
Same as above.
shahriar
2016/11/13 23:40:34
Done.
|
+ |
+ // If the URL isn't valid, don't bother. |
+ if (!url.is_valid()) |
+ continue; |
+ |
Avi (use Gerrit)
2016/11/13 22:55:55
You lost the anti-self-XSS code.
shahriar
2016/11/13 23:40:34
Agree, I removed it because I thought we are no lo
|
+ OpenURLParams params(url, Referrer(), |
+ WindowOpenDisposition::NEW_FOREGROUND_TAB, |
+ ui::PAGE_TRANSITION_TYPED, false); |
+ browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); |
} |
- |
- OpenURLParams params(url, Referrer(), WindowOpenDisposition::CURRENT_TAB, |
- ui::PAGE_TRANSITION_TYPED, false); |
- browser_->tab_strip_model()->GetActiveWebContents()->OpenURL(params); |
} |
// (URLDropTargetController protocol) |