diff options
| author | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-16 01:41:16 +0000 |
|---|---|---|
| committer | ananta@chromium.org <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-16 01:41:16 +0000 |
| commit | c82a5233cd2ca00d61c97fa0916460b02acbfb85 (patch) | |
| tree | 3dbfb9a8b317bd255c378eb458f0944632928109 /chrome | |
| parent | 2eddb20cf104d2f5ceaeea6518cb558233612a79 (diff) | |
| download | chromium_src-c82a5233cd2ca00d61c97fa0916460b02acbfb85.zip chromium_src-c82a5233cd2ca00d61c97fa0916460b02acbfb85.tar.gz chromium_src-c82a5233cd2ca00d61c97fa0916460b02acbfb85.tar.bz2 | |
Block Adobe Reader from issuing NPN_GetURL/NPN_GetURLRequests for URL schemes other than http/https/ftp. This mimics Firefox behavior and works around bug http://b/issue?id=1543405 which is a XSS vulnerability in the Adobe Reader plugin where it allows javascript in the parameters passed in to the URL.Bug=1543405R=jam
Review URL: http://codereview.chromium.org/18070
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8159 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/plugin/webplugin_proxy.cc | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/chrome/plugin/webplugin_proxy.cc b/chrome/plugin/webplugin_proxy.cc index bb7ee5c..02bd802 100644 --- a/chrome/plugin/webplugin_proxy.cc +++ b/chrome/plugin/webplugin_proxy.cc @@ -237,6 +237,19 @@ void WebPluginProxy::HandleURLRequest(const char *method, return; } + if (!target && (0 == _strcmpi(method, "GET"))) { + // Please refer to https://bugzilla.mozilla.org/show_bug.cgi?id=366082 + // for more details on this. + if (delegate_->quirks() & + WebPluginDelegateImpl::PLUGIN_QUIRK_BLOCK_NONSTANDARD_GETURL_REQUESTS) { + GURL request_url(url); + if (!request_url.SchemeIs("http") && !request_url.SchemeIs("https") && + !request_url.SchemeIs("ftp")) { + return; + } + } + } + PluginHostMsg_URLRequest_Params params; params.method = method; params.is_javascript_url = is_javascript_url; |