chrome/browser/renderer_context_menu/render_view_context_menu.cc - Issue 438283002: Sanitize referrer in context menus.

Unified Diff: chrome/browser/renderer_context_menu/render_view_context_menu.cc

Issue 438283002: Sanitize referrer in context menus. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Change SerializedNavigationEntry::Sanitize and add extra check. Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/referrer_policy_browsertest.cc ('k') | chrome/test/data/referrer_policy/referrer-policy-start.html » ('j') | components/sessions/serialized_navigation_entry.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/renderer_context_menu/render_view_context_menu.cc

diff --git a/chrome/browser/renderer_context_menu/render_view_context_menu.cc b/chrome/browser/renderer_context_menu/render_view_context_menu.cc

index 8b1f54547a36a5301418e68b6e521c204cc1aece..3758462437f8e8c920999054ad36e3200b8d906c 100644

--- a/chrome/browser/renderer_context_menu/render_view_context_menu.cc

+++ b/chrome/browser/renderer_context_menu/render_view_context_menu.cc

@@ -1534,15 +1534,18 @@ void RenderViewContextMenu::ExecuteCommand(int id, int event_flags) {

case IDC_CONTENT_CONTEXT_SAVELINKAS: {

RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU);

- const GURL& referrer =

- params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;

const GURL& url = params_.link_url;

+ const GURL& referring_url =

+ params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;

+ content::Referrer referrer = content::Referrer::SanitizeForRequest(

+ url,

+ content::Referrer(referring_url.GetAsReferrer(),

+ params_.referrer_policy));

DownloadManager* dlm =

BrowserContext::GetDownloadManager(browser_context_);

scoped_ptr<DownloadUrlParameters> dl_params(

DownloadUrlParameters::FromWebContents(source_web_contents_, url));

- dl_params->set_referrer(

- content::Referrer(referrer, params_.referrer_policy));

+ dl_params->set_referrer(referrer);

dl_params->set_referrer_encoding(params_.frame_charset);

dl_params->set_suggested_name(params_.suggested_filename);

dl_params->set_prompt(true);

@@ -1558,11 +1561,14 @@ void RenderViewContextMenu::ExecuteCommand(int id, int event_flags) {

} else {

// TODO(zino): We can use SaveImageAt() like a case of canvas.

RecordDownloadSource(DOWNLOAD_INITIATED_BY_CONTEXT_MENU);

- const GURL& referrer =

- params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;

const GURL& url = params_.src_url;

- source_web_contents_->SaveFrame(url, content::Referrer(

- referrer, params_.referrer_policy));

+ const GURL& referring_url =

+ params_.frame_url.is_empty() ? params_.page_url : params_.frame_url;

+ content::Referrer referrer = content::Referrer::SanitizeForRequest(

+ url,

+ content::Referrer(referring_url.GetAsReferrer(),

+ params_.referrer_policy));

+ source_web_contents_->SaveFrame(url, referrer);

}

break;

}

@@ -1974,8 +1980,10 @@ void RenderViewContextMenu::OpenURL(

const GURL& url, const GURL& referring_url,

WindowOpenDisposition disposition,

content::PageTransition transition) {

- content::Referrer referrer(referring_url.GetAsReferrer(),

- params_.referrer_policy);

+ content::Referrer referrer = content::Referrer::SanitizeForRequest(

+ url,

+ content::Referrer(referring_url.GetAsReferrer(),

+ params_.referrer_policy));

if (params_.link_url == url && disposition != OFF_THE_RECORD)

params_.custom_context.link_followed = url;