content/browser/web_contents/web_drag_dest_mac.h - Issue 2580843003: Prevent drag-and-drop events from firing over cross-site, same-page frames. (Mac)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/web_contents/web_drag_dest_mac.h

Issue 2580843003: Prevent drag-and-drop events from firing over cross-site, same-page frames. (Mac) (Closed)

Patch Set: Addressed grammar nits. Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: content/browser/web_contents/web_drag_dest_mac.h

diff --git a/content/browser/web_contents/web_drag_dest_mac.h b/content/browser/web_contents/web_drag_dest_mac.h

index cab64ff4d55cd5187c015a0ac1fa6a853c68b687..da4427bca57814b671c22a900781a77116adc526 100644

--- a/content/browser/web_contents/web_drag_dest_mac.h

+++ b/content/browser/web_contents/web_drag_dest_mac.h

@@ -7,6 +7,7 @@

#include <memory>

#include "base/strings/string16.h"

+#include "content/browser/loader/global_routing_id.h"

#include "content/common/content_export.h"

#include "content/public/common/drop_data.h"

#include "ui/gfx/geometry/point.h"

@@ -44,6 +45,15 @@ CONTENT_EXPORT

// during a drag, we need to re-send the DragEnter message.

RenderViewHostIdentifier currentRVH_;

+ // Tracks the IDs of the source RenderProcessHost and RenderViewHost from

+ // which the current drag originated. These are set in

+ // -setDragStartTrackersForProcess:, and are used to ensure that drag events

+ // do not fire over a cross-site frame (with respect to the source frame) in

+ // the same page (see crbug.com/666858). See

+ // WebContentsViewAura::drag_start_process_id_ for additional information.

+ int dragStartProcessID_;

+ content::GlobalRoutingID dragStartViewID_;

// The data for the current drag, or NULL if none is in progress.

std::unique_ptr<content::DropData> dropData_;

@@ -79,6 +89,14 @@ CONTENT_EXPORT

GetRenderWidgetHostAtPoint:(const NSPoint&)viewPoint

transformedPt:(gfx::Point*)transformedPt;

+// Sets |dragStartProcessID_| and |dragStartViewID_|.

+- (void)setDragStartTrackersForProcess:(int)processID;

+// Returns whether |targetRWH| is a valid RenderWidgetHost to be dragging

+// over. This enforces that same-page, cross-site drags are not allowed. See

+// crbug.com/666858.

+- (bool)isValidDragTarget:(content::RenderWidgetHostImpl*)targetRWH;

@end

// Public use only for unit tests.