/[chrome]
Chromium logo

Revision 259353


Jump to revision: Previous Next
Author: dcheng@chromium.org
Date: Tue Mar 25 22:04:06 2014 UTC (9 years, 1 month ago)
Changed paths: 18
Log Message:
Mark drags starting in web content as tainted to avoid file path forgery

This patch takes the simplest possible approach and simply clears any
filename data when the browser-side dragenter handler notices that a
drag originated from a Chrome renderer. This breaks file:// URL dragging
within Chrome, but it turns out this is already mostly broken anyway.
Dragging file:// URLs is filtered out by FilterURL, since we don't
GrantRequestSpecificFileURL to the renderer, so it generally ends up
loading about:blank anyway.

The ChromeOS bits are left unimplemented for the moment. The specific
security issues fixed by this patch don't presently affect Aura because
it doesn't implement the DownloadURL protocol at all, and it doesn't
get confused between URLs and filenames like Linux. While it would be
nice to implement this for ChromeOS, doing so breaks drags from the
File Manager app.

BUG=346135
R=creis@chromium.org, erg@chromium.org, sky@chromium.org, tony@chromium.org, tsepez@chromium.org

Review URL: https://codereview.chromium.org/207013003

Changed paths

Path Details
Directorytrunk/src/content/browser/renderer_host/render_view_host_impl.cc modified , text changed
Directorytrunk/src/content/browser/web_contents/web_contents_view_aura.cc modified , text changed
Directorytrunk/src/content/browser/web_contents/web_drag_dest_gtk.cc modified , text changed
Directorytrunk/src/content/browser/web_contents/web_drag_dest_mac.mm modified , text changed
Directorytrunk/src/content/browser/web_contents/web_drag_source_gtk.cc modified , text changed
Directorytrunk/src/content/public/common/drop_data.cc modified , text changed
Directorytrunk/src/content/public/common/drop_data.h modified , text changed
Directorytrunk/src/ui/base/clipboard/clipboard_aurax11.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/gtk_dnd_util.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/gtk_dnd_util.h modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data.h modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_aura.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_aura.h modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_aurax11.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_aurax11.h modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_win.cc modified , text changed
Directorytrunk/src/ui/base/dragdrop/os_exchange_data_provider_win.h modified , text changed

Powered by ViewVC 1.1.26 ViewVC Help