Index: chrome/renderer/chrome_content_renderer_client.cc |
=================================================================== |
--- chrome/renderer/chrome_content_renderer_client.cc (revision 98255) |
+++ chrome/renderer/chrome_content_renderer_client.cc (working copy) |
@@ -203,6 +203,11 @@ |
WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme)); |
WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme); |
+ // chrome: pages should not be accessible by bookmarklets or javascript: |
+ // URLs typed in the omnibox. |
+ WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( |
+ chrome_ui_scheme); |
+ |
// chrome-extension: resources shouldn't trigger insecure content warnings. |
WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme)); |
WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |