diff options
| author | lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-10 19:03:41 +0000 |
|---|---|---|
| committer | lazyboy@chromium.org <lazyboy@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-10 19:03:41 +0000 |
| commit | 538941221fc5518ed459d1239968a2fc7da8c257 (patch) | |
| tree | f8b8b443687ce3a36974c7f2a0fbbacc48fb7105 /content/shell/shell_content_renderer_client.h | |
| parent | 0737ea62f7d1c51b44b59824c66fb428382df880 (diff) | |
| download | chromium_src-538941221fc5518ed459d1239968a2fc7da8c257.zip chromium_src-538941221fc5518ed459d1239968a2fc7da8c257.tar.gz chromium_src-538941221fc5518ed459d1239968a2fc7da8c257.tar.bz2 | |
<browser> Disable browser plugin in content_shell by default.
This means I had to move the flag that forcefully enables browser plugin everywhere from chrome/ to content/.
Reasoning for the change:
Enabling browser plugin in regular pages (other than apps), breaks same origin policy: The embedder is allowed to inject javascript: URLs into the browser plugin, and it will soon be able to call executeScript. That means the embedder can do whatever it wants with the guest.
The concern is also true for content_shell, since anyone who embeds Chrome is facing a similar risk if they don't disable the browser plugin.
BUG=154360
TEST=Tested with content_shell, by default browser plugin doesn't load anymore. content_browsertests would also not run, made the change to enable them.
Ran Tests:
content_browsertests:BrowserPluginHostTest*
content_browsertests:BrowserPluginTest*
browser_tests:BrowserTag*
Review URL: https://chromiumcodereview.appspot.com/11035070
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@161142 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/shell/shell_content_renderer_client.h')
| -rw-r--r-- | content/shell/shell_content_renderer_client.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/content/shell/shell_content_renderer_client.h b/content/shell/shell_content_renderer_client.h index dee1c41..1dff8e2 100644 --- a/content/shell/shell_content_renderer_client.h +++ b/content/shell/shell_content_renderer_client.h @@ -9,8 +9,15 @@ #include "base/memory/scoped_ptr.h" #include "content/public/renderer/content_renderer_client.h" +namespace WebKit { +class WebFrame; +class WebPlugin; +struct WebPluginParams; +} + namespace content { +class RenderView; class ShellRenderProcessObserver; class ShellContentRendererClient : public ContentRendererClient { @@ -19,6 +26,11 @@ class ShellContentRendererClient : public ContentRendererClient { virtual ~ShellContentRendererClient(); virtual void RenderThreadStarted() OVERRIDE; virtual void RenderViewCreated(RenderView* render_view) OVERRIDE; + virtual bool OverrideCreatePlugin( + RenderView* render_view, + WebKit::WebFrame* frame, + const WebKit::WebPluginParams& params, + WebKit::WebPlugin** plugin) OVERRIDE; private: scoped_ptr<ShellRenderProcessObserver> shell_observer_; |