Disallow HTML notifications with content not from HTTP or HTTPS schemes.

BUG=27544
TEST=none

Review URL: http://codereview.chromium.org/542044

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36101 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/chrome/renderer/notification_provider.cc b/chrome/renderer/notification_provider.cc
index 6746350..5ee7abc 100644
--- a/chrome/renderer/notification_provider.cc
+++ b/chrome/renderer/notification_provider.cc
@@ -6,6 +6,7 @@
 
 #include "base/task.h"
 #include "chrome/common/render_messages.h"
+#include "chrome/common/url_constants.h"
 #include "chrome/renderer/render_thread.h"
 #include "chrome/renderer/render_view.h"
 #include "third_party/WebKit/WebKit/chromium/public/WebFrame.h"
@@ -80,6 +81,11 @@ bool NotificationProvider::OnMessageReceived(const IPC::Message& message) {
 
 bool NotificationProvider::ShowHTML(const WebNotification& notification,
                                     int id) {
+  // Disallow HTML notifications from non-HTTP schemes.
+  GURL url = notification.url();
+  if (!url.SchemeIs(chrome::kHttpScheme) && !url.SchemeIs(chrome::kHttpsScheme))
+    return false;
+
   DCHECK(notification.isHTML());
   return Send(new ViewHostMsg_ShowDesktopNotification(view_->routing_id(),
               GURL(view_->webview()->mainFrame()->url()).GetOrigin(),