Allow creating HTML notifications with the data: scheme. I've confirmed this doesn't open up the same extra privileges as javascript: scheme, which is still disallowed.

BUG=32470
TEST=create HTML notifications using data: 

Review URL: http://codereview.chromium.org/2779005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49327 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 2 deletions

diff --git a/chrome/renderer/notification_provider.cc b/chrome/renderer/notification_provider.cc
index 4642cff..414966f 100644
--- a/chrome/renderer/notification_provider.cc
+++ b/chrome/renderer/notification_provider.cc
@@ -95,11 +95,13 @@ void NotificationProvider::OnNavigate() {
 
 bool NotificationProvider::ShowHTML(const WebNotification& notification,
                                     int id) {
-  // Disallow HTML notifications from non-HTTP schemes.
+  // Disallow HTML notifications from unwanted schemes.  javascript:
+  // in particular allows unwanted cross-domain access.
   GURL url = notification.url();
   if (!url.SchemeIs(chrome::kHttpScheme) &&
       !url.SchemeIs(chrome::kHttpsScheme) &&
-      !url.SchemeIs(chrome::kExtensionScheme))
+      !url.SchemeIs(chrome::kExtensionScheme) &&
+      !url.SchemeIs(chrome::kDataScheme))
     return false;
 
   DCHECK(notification.isHTML());