summaryrefslogtreecommitdiffstats
path: root/chrome_frame/utils.cc
diff options
context:
space:
mode:
authoramit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-10-29 02:07:45 +0000
committeramit@chromium.org <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-10-29 02:07:45 +0000
commit7ce979a79bb891f2f7e6411a7dcbd473522ad398 (patch)
tree2a5dd221067cc0456f5774fe5eb640021297813d /chrome_frame/utils.cc
parent17b04a5452abe146f8ce0aecea9f8a261e3b1240 (diff)
downloadchromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.zip
chromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.tar.gz
chromium_src-7ce979a79bb891f2f7e6411a7dcbd473522ad398.tar.bz2
Additional layer of protection to disable funky URLs through
view-source in chrome frame BUG=26129 TEST=cf:view-source:javascript:alert('foo') should not work in chrome frame. Review URL: http://codereview.chromium.org/348006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30417 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/utils.cc')
-rw-r--r--chrome_frame/utils.cc19
1 files changed, 16 insertions, 3 deletions
diff --git a/chrome_frame/utils.cc b/chrome_frame/utils.cc
index 746a260..36200ae 100644
--- a/chrome_frame/utils.cc
+++ b/chrome_frame/utils.cc
@@ -14,6 +14,7 @@
#include "base/registry.h"
#include "base/scoped_comptr_win.h"
#include "base/string_util.h"
+#include "chrome/common/url_constants.h"
#include "googleurl/src/gurl.h"
#include "grit/chrome_frame_resources.h"
#include "chrome_frame/resource.h"
@@ -534,11 +535,23 @@ bool IsValidUrlScheme(const std::wstring& url, bool is_privileged) {
GURL crack_url(url);
- if (crack_url.SchemeIs("http") || crack_url.SchemeIs("https") ||
- crack_url.SchemeIs("about") || crack_url.SchemeIs("view-source"))
+ if (crack_url.SchemeIs(chrome::kHttpScheme) ||
+ crack_url.SchemeIs(chrome::kHttpsScheme) ||
+ crack_url.SchemeIs(chrome::kAboutScheme))
return true;
- if (is_privileged && crack_url.SchemeIs("chrome-extension"))
+ // Additional checking for view-source. Allow only http and https
+ // URLs in view source.
+ if (crack_url.SchemeIs(chrome::kViewSourceScheme)) {
+ GURL sub_url(crack_url.path());
+ if (sub_url.SchemeIs(chrome::kHttpScheme) ||
+ sub_url.SchemeIs(chrome::kHttpsScheme))
+ return true;
+ else
+ return false;
+ }
+
+ if (is_privileged && crack_url.SchemeIs(chrome::kExtensionScheme))
return true;
if (StartsWith(url, kChromeAttachExternalTabPrefix, false))