diff options
| author | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-30 18:31:37 +0000 |
|---|---|---|
| committer | tsepez@chromium.org <tsepez@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-30 18:31:37 +0000 |
| commit | 5466c9f369999f03d9067fd01953ce326ac3affd (patch) | |
| tree | 6a2e8e7b1e2522ff615c3c0e7b4f6a57b15290f1 /chrome | |
| parent | 0d069b50d0c2f10ecddb64f92223ec7cf799698f (diff) | |
| download | chromium_src-5466c9f369999f03d9067fd01953ce326ac3affd.zip chromium_src-5466c9f369999f03d9067fd01953ce326ac3affd.tar.gz chromium_src-5466c9f369999f03d9067fd01953ce326ac3affd.tar.bz2 | |
Protect sensistive chrome: and chrome-extension: schemes as not being able to be manipulated by bookmarklets and javascript: URLs typed into the omnibox.
BUG=93498
Review URL: http://codereview.chromium.org/7748022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@98849 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/renderer/chrome_content_renderer_client.cc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc index 7f625c9..921c14d 100644 --- a/chrome/renderer/chrome_content_renderer_client.cc +++ b/chrome/renderer/chrome_content_renderer_client.cc @@ -204,6 +204,11 @@ void ChromeContentRendererClient::RenderThreadStarted() { WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme)); WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme); + // chrome: pages should not be accessible by bookmarklets or javascript: + // URLs typed in the omnibox. + WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs( + chrome_ui_scheme); + // chrome-extension: resources shouldn't trigger insecure content warnings. WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme)); WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); |