summaryrefslogtreecommitdiffstats
path: root/chrome/browser/browser_init.cc
diff options
context:
space:
mode:
authorjschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-14 15:15:54 +0000
committerjschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-14 15:15:54 +0000
commitcf2f9ebf31d505a701b62dea166bea7bce86b76c (patch)
tree5c26772c6ee9ea237575facb2eac82cc1fd03869 /chrome/browser/browser_init.cc
parenteed37dc68dbc0cf3c4f434c14bbda903d1d261e9 (diff)
downloadchromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.zip
chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.gz
chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.bz2
Limit URL schemes passed on the command line to file: and those allowed by RendererSecurityPolicy::IsWebSafeScheme
BUG=9862 TEST=browser_tests --gtest_filter=BrowserInitTest.BlockBadURLs Review URL: http://codereview.chromium.org/550008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36239 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/browser_init.cc')
-rw-r--r--chrome/browser/browser_init.cc24
1 files changed, 20 insertions, 4 deletions
diff --git a/chrome/browser/browser_init.cc b/chrome/browser/browser_init.cc
index 6512071..e495b71 100644
--- a/chrome/browser/browser_init.cc
+++ b/chrome/browser/browser_init.cc
@@ -14,6 +14,7 @@
#include "chrome/browser/browser_list.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_window.h"
+#include "chrome/browser/child_process_security_policy.h"
#include "chrome/browser/chrome_thread.h"
#include "chrome/browser/defaults.h"
#include "chrome/browser/extensions/extension_creator.h"
@@ -503,9 +504,15 @@ bool BrowserInit::LaunchWithProfile::OpenApplicationURL(Profile* profile) {
#endif
GURL url(url_string);
+ // Restrict allowed URLs for --app switch.
if (!url.is_empty() && url.is_valid()) {
- Browser::OpenApplicationWindow(profile, url);
- return true;
+ if (url.SchemeIs(chrome::kHttpsScheme) ||
+ url.SchemeIs(chrome::kHttpScheme) ||
+ url.SchemeIs(chrome::kFtpScheme) ||
+ url.SchemeIs(chrome::kFileScheme)) {
+ Browser::OpenApplicationWindow(profile, url);
+ return true;
+ }
}
return false;
}
@@ -627,6 +634,9 @@ std::vector<GURL> BrowserInit::LaunchWithProfile::GetURLsFromCommandLine(
Profile* profile) {
std::vector<GURL> urls;
std::vector<std::wstring> params = command_line_.GetLooseValues();
+ ChildProcessSecurityPolicy *policy =
+ ChildProcessSecurityPolicy::GetInstance();
+
for (size_t i = 0; i < params.size(); ++i) {
std::wstring& value = params[i];
// Handle Vista way of searching - "? <search-term>"
@@ -649,8 +659,14 @@ std::vector<GURL> BrowserInit::LaunchWithProfile::GetURLsFromCommandLine(
// This will create a file URL or a regular URL.
GURL url = GURL(WideToUTF8(
URLFixerUpper::FixupRelativeFile(cur_dir_, value)));
- if (url.is_valid())
- urls.push_back(url);
+ // Exclude dangerous schemes.
+ if (url.is_valid()) {
+ if (policy->IsWebSafeScheme(url.scheme()) ||
+ url.SchemeIs(chrome::kFileScheme) ||
+ !url.spec().compare(chrome::kAboutBlankURL)) {
+ urls.push_back(url);
+ }
+ }
}
}
return urls;
generated by cgit v1.1 at 2025-02-01 09:51:41 +0000