diff options
author | raymes <raymes@chromium.org> | 2015-08-24 23:02:08 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-08-25 06:03:19 +0000 |
commit | fff450abc4e2fb330ba700547a8e6a7b0fb90a6e (patch) | |
tree | 6e3bd7dc5a0ed11e1a87cd7183c47b8b689dcd1d /pdf/out_of_process_instance.cc | |
parent | 25d68349a0f226b59a9bbc1fa8364af564497895 (diff) | |
download | chromium_src-fff450abc4e2fb330ba700547a8e6a7b0fb90a6e.zip chromium_src-fff450abc4e2fb330ba700547a8e6a7b0fb90a6e.tar.gz chromium_src-fff450abc4e2fb330ba700547a8e6a7b0fb90a6e.tar.bz2 |
Prevent leaking PDF data cross-origin
BUG=520422
Review URL: https://codereview.chromium.org/1311973002
Cr-Commit-Position: refs/heads/master@{#345267}
Diffstat (limited to 'pdf/out_of_process_instance.cc')
-rw-r--r-- | pdf/out_of_process_instance.cc | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/pdf/out_of_process_instance.cc b/pdf/out_of_process_instance.cc index 705da85..dbe3968 100644 --- a/pdf/out_of_process_instance.cc +++ b/pdf/out_of_process_instance.cc @@ -305,23 +305,24 @@ bool OutOfProcessInstance::Init(uint32_t argc, const char* argn[], const char* argv[]) { // Check if the PDF is being loaded in the PDF chrome extension. We only allow - // the plugin to be put into "full frame" mode when it is being loaded in the - // extension because this enables some features that we don't want pages - // abusing outside of the extension. + // the plugin to be loaded in the extension and print preview to avoid + // exposing sensitive APIs directly to external websites. pp::Var document_url_var = pp::URLUtil_Dev::Get()->GetDocumentURL(this); - std::string document_url = document_url_var.is_string() ? - document_url_var.AsString() : std::string(); + if (!document_url_var.is_string()) + return false; + std::string document_url = document_url_var.AsString(); std::string extension_url = std::string(kChromeExtension); - bool in_extension = - !document_url.compare(0, extension_url.size(), extension_url); - - if (in_extension) { - // Check if the plugin is full frame. This is passed in from JS. - for (uint32_t i = 0; i < argc; ++i) { - if (strcmp(argn[i], "full-frame") == 0) { - full_ = true; - break; - } + std::string print_preview_url = std::string(kChromePrint); + if (!base::StringPiece(document_url).starts_with(kChromeExtension) && + !base::StringPiece(document_url).starts_with(kChromePrint)) { + return false; + } + + // Check if the plugin is full frame. This is passed in from JS. + for (uint32_t i = 0; i < argc; ++i) { + if (strcmp(argn[i], "full-frame") == 0) { + full_ = true; + break; } } |