| commit | 359ad5ab6284590e7816d1440c1a5c2343d3d14e | |
| author | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Tue, 25 Mar 2014 22:04:06 +0000 (25 22:04 +0000) | ||
| committer | dcheng@chromium.org <dcheng@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | |
| Tue, 25 Mar 2014 22:04:06 +0000 (25 22:04 +0000) | ||
| tree | 568150e026aa03ded99b2fe104a60fd912f8c622 | treesnapshot (tar.gz zip) |
| parent | d5a28f73d52aabddd5842f226f5bb5b15072cf4a | commitdiff |
Mark drags starting in web content as tainted to avoid file path forgery
This patch takes the simplest possible approach and simply clears any
filename data when the browser-side dragenter handler notices that a
drag originated from a Chrome renderer. This breaks file:// URL dragging
within Chrome, but it turns out this is already mostly broken anyway.
Dragging file:// URLs is filtered out by FilterURL, since we don't
GrantRequestSpecificFileURL to the renderer, so it generally ends up
loading about:blank anyway.
The ChromeOS bits are left unimplemented for the moment. The specific
security issues fixed by this patch don't presently affect Aura because
it doesn't implement the DownloadURL protocol at all, and it doesn't
get confused between URLs and filenames like Linux. While it would be
nice to implement this for ChromeOS, doing so breaks drags from the
File Manager app.
BUG=346135
R=creis@chromium.org, erg@chromium.org, sky@chromium.org, tony@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/207013003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259353 0039d316-1c4b-4281-b951-d872f2087c98
This patch takes the simplest possible approach and simply clears any
filename data when the browser-side dragenter handler notices that a
drag originated from a Chrome renderer. This breaks file:// URL dragging
within Chrome, but it turns out this is already mostly broken anyway.
Dragging file:// URLs is filtered out by FilterURL, since we don't
GrantRequestSpecificFileURL to the renderer, so it generally ends up
loading about:blank anyway.
The ChromeOS bits are left unimplemented for the moment. The specific
security issues fixed by this patch don't presently affect Aura because
it doesn't implement the DownloadURL protocol at all, and it doesn't
get confused between URLs and filenames like Linux. While it would be
nice to implement this for ChromeOS, doing so breaks drags from the
File Manager app.
BUG=346135
R=creis@chromium.org, erg@chromium.org, sky@chromium.org, tony@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/207013003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259353 0039d316-1c4b-4281-b951-d872f2087c98
18 files changed: