Protect sensistive chrome: and chrome-extension: schemes as not being able to be manipulated by bookmarklets and javascript: URLs typed into the omnibox.

BUG=93498
Review URL: http://codereview.chromium.org/7748022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98849 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 5 insertions, 0 deletions

diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index 7f625c9..921c14d 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -204,6 +204,11 @@ void ChromeContentRendererClient::RenderThreadStarted() {
   WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme));
   WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme);
 
+  // chrome: pages should not be accessible by bookmarklets or javascript:
+  // URLs typed in the omnibox.
+  WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
+      chrome_ui_scheme);
+
   // chrome-extension: resources shouldn't trigger insecure content warnings.
   WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme));
   WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);