Require user gesture for powerful download operations

content/renderer/web_ui_extension.cc

Index: content/renderer/web_ui_extension.cc
diff --git a/content/renderer/web_ui_extension.cc b/content/renderer/web_ui_extension.cc
index a793b4e215b1121be9f10b0a1623ca783c1214e7..cb42f6063ddc72b0f75e2269b802d50e0162cae1 100644
--- a/content/renderer/web_ui_extension.cc
+++ b/content/renderer/web_ui_extension.cc
@@ -7,6 +7,7 @@
 #include <memory>
 #include <utility>
 
+#include "base/strings/string_util.h"
 #include "base/values.h"
 #include "content/common/view_messages.h"
 #include "content/public/child/v8_value_converter.h"
@@ -21,6 +22,7 @@
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebKit.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
+#include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
 #include "third_party/WebKit/public/web/WebView.h"
 #include "url/gurl.h"
 #include "v8/include/v8.h"
@@ -96,6 +98,13 @@ void WebUIExtension::Send(gin::Arguments* args) {
     return;
   }
 
+  if (base::EndsWith(message, "RequiringGesture",
+                     base::CompareCase::SENSITIVE) &&
+      !blink::WebUserGestureIndicator::isProcessingUserGesture()) {
+    NOTREACHED();
+    return;
+  }
+
   // If they've provided an optional message parameter, convert that into a
   // Value to send to the browser process.
   std::unique_ptr<base::ListValue> content;