diff options
| author | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-20 19:20:41 +0000 |
|---|---|---|
| committer | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-20 19:20:41 +0000 |
| commit | 8a5200830fa3e09046c5bf78620ec1d393889132 (patch) | |
| tree | a7002dd060c161b4d5b5cc1d7e9d7f96873bd1d3 /chrome | |
| parent | faf9cd6e0a9a3b8d6466c547cb9314c6af8dcdad (diff) | |
| download | chromium_src-8a5200830fa3e09046c5bf78620ec1d393889132.zip chromium_src-8a5200830fa3e09046c5bf78620ec1d393889132.tar.gz chromium_src-8a5200830fa3e09046c5bf78620ec1d393889132.tar.bz2 | |
Trim whitespace and check for unsafe scheme before adding a url in context menu "Go To" item.
BUG=41778
TEST=None
Review URL: http://codereview.chromium.org/1594039
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45062 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/tab_contents/render_view_context_menu.cc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/chrome/browser/tab_contents/render_view_context_menu.cc b/chrome/browser/tab_contents/render_view_context_menu.cc index c323e99..471d2b8 100644 --- a/chrome/browser/tab_contents/render_view_context_menu.cc +++ b/chrome/browser/tab_contents/render_view_context_menu.cc @@ -11,9 +11,11 @@ #include "app/l10n_util.h" #include "base/command_line.h" #include "base/logging.h" +#include "base/string_util.h" #include "chrome/app/chrome_dll_resource.h" #include "chrome/browser/autocomplete/autocomplete_classifier.h" #include "chrome/browser/browser_process.h" +#include "chrome/browser/child_process_security_policy.h" #include "chrome/browser/debugger/devtools_manager.h" #include "chrome/browser/debugger/devtools_window.h" #include "chrome/browser/download/download_manager.h" @@ -439,6 +441,7 @@ void RenderViewContextMenu::AppendCopyItem() { void RenderViewContextMenu::AppendSearchProvider() { DCHECK(profile_); + TrimWhitespace(params_.selection_text, TRIM_ALL, ¶ms_.selection_text); if (params_.selection_text.empty()) return; @@ -456,9 +459,12 @@ void RenderViewContextMenu::AppendSearchProvider() { printable_selection_text.insert(i, 1, '&'); if (match.transition == PageTransition::TYPED) { - AppendMenuItem(IDS_CONTENT_CONTEXT_GOTOURL, - l10n_util::GetStringFUTF16(IDS_CONTENT_CONTEXT_GOTOURL, - printable_selection_text)); + if (ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( + selection_navigation_url_.scheme())) { + AppendMenuItem(IDS_CONTENT_CONTEXT_GOTOURL, + l10n_util::GetStringFUTF16(IDS_CONTENT_CONTEXT_GOTOURL, + printable_selection_text)); + } } else { const TemplateURL* const default_provider = profile_->GetTemplateURLModel()->GetDefaultSearchProvider(); |