OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/render_view_host_impl.h" | 5 #include "content/browser/renderer_host/render_view_host_impl.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <string> | 8 #include <string> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 1285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1296 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); | 1296 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); |
1297 if (!view) | 1297 if (!view) |
1298 return; | 1298 return; |
1299 | 1299 |
1300 DropData filtered_data(drop_data); | 1300 DropData filtered_data(drop_data); |
1301 RenderProcessHost* process = GetProcess(); | 1301 RenderProcessHost* process = GetProcess(); |
1302 ChildProcessSecurityPolicyImpl* policy = | 1302 ChildProcessSecurityPolicyImpl* policy = |
1303 ChildProcessSecurityPolicyImpl::GetInstance(); | 1303 ChildProcessSecurityPolicyImpl::GetInstance(); |
1304 | 1304 |
1305 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. | 1305 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. |
1306 if (!filtered_data.url.SchemeIs(kJavaScriptScheme)) | 1306 if (!filtered_data.url.SchemeIs(url::kJavaScriptScheme)) |
1307 process->FilterURL(true, &filtered_data.url); | 1307 process->FilterURL(true, &filtered_data.url); |
1308 process->FilterURL(false, &filtered_data.html_base_url); | 1308 process->FilterURL(false, &filtered_data.html_base_url); |
1309 // Filter out any paths that the renderer didn't have access to. This prevents | 1309 // Filter out any paths that the renderer didn't have access to. This prevents |
1310 // the following attack on a malicious renderer: | 1310 // the following attack on a malicious renderer: |
1311 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it | 1311 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it |
1312 // doesn't have read permissions for. | 1312 // doesn't have read permissions for. |
1313 // 2. We initiate a native DnD operation. | 1313 // 2. We initiate a native DnD operation. |
1314 // 3. DnD operation immediately ends since mouse is not held down. DnD events | 1314 // 3. DnD operation immediately ends since mouse is not held down. DnD events |
1315 // still fire though, which causes read permissions to be granted to the | 1315 // still fire though, which causes read permissions to be granted to the |
1316 // renderer for any file paths in the drop. | 1316 // renderer for any file paths in the drop. |
(...skipping 410 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1727 return true; | 1727 return true; |
1728 } | 1728 } |
1729 | 1729 |
1730 void RenderViewHostImpl::AttachToFrameTree() { | 1730 void RenderViewHostImpl::AttachToFrameTree() { |
1731 FrameTree* frame_tree = delegate_->GetFrameTree(); | 1731 FrameTree* frame_tree = delegate_->GetFrameTree(); |
1732 | 1732 |
1733 frame_tree->ResetForMainFrameSwap(); | 1733 frame_tree->ResetForMainFrameSwap(); |
1734 } | 1734 } |
1735 | 1735 |
1736 } // namespace content | 1736 } // namespace content |
OLD | NEW |