diff options
| author | mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 17:49:08 +0000 |
|---|---|---|
| committer | mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-24 17:49:08 +0000 |
| commit | 05c82189519642144323493e1d0cd65c41ce81ce (patch) | |
| tree | abb760e7c2d610ab059eec1222fc3d15b6b30db5 /chrome/renderer | |
| parent | eb40bc39aafb7933251450019e5b4bcb805982f5 (diff) | |
| download | chromium_src-05c82189519642144323493e1d0cd65c41ce81ce.zip chromium_src-05c82189519642144323493e1d0cd65c41ce81ce.tar.gz chromium_src-05c82189519642144323493e1d0cd65c41ce81ce.tar.bz2 | |
Require user opt-in before allowing content script injection on file URLs.
BUG=47180
Review URL: http://codereview.chromium.org/2809034
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50737 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/user_script_slave.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc index 11ad1f2..c5812ad 100644 --- a/chrome/renderer/user_script_slave.cc +++ b/chrome/renderer/user_script_slave.cc @@ -167,6 +167,9 @@ bool UserScriptSlave::InjectScripts(WebFrame* frame, if (!script->MatchesUrl(frame->url())) continue; // This frame doesn't match the script url pattern, skip it. + if (frame_url.SchemeIsFile() && !script->allow_file_access()) + continue; // This script isn't allowed to run on file URLs. + // CSS files are always injected on document start before js scripts. if (location == UserScript::DOCUMENT_START) { num_css += script->css_scripts().size(); |