Modify the "dangerous download" algorithm as follows. Original patch by Pierre-Antoine LaFayette (see http://codereview.chromium.org/1403001/ ), r=me,brettw,aa.

Downloads are considered dangerous if: 
a) The file is dangerous just by sitting on the drive, without needing to be clicked on e.g. dll, xbap 
b) The file is executable and the download was not user initiated. 
c) They are an extension that is not from the gallery 

We have defined a user initiated download as 3 possible cases: 
a) A user enters a URL into the address bar that is a file 
b) A user left clicks on a URL that is a file 
c) A user right clicks and does "Save As" on a URL that is a file. 

BUG=9044
TEST=Open a page with a download link to a dangerous file that is not an extension, e.g. an .exe file, and left click on the link. The download should proceed without a prompt.
Review URL: http://codereview.chromium.org/5603008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68406 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 2 deletions

diff --git a/webkit/glue/resource_loader_bridge.cc b/webkit/glue/resource_loader_bridge.cc
index 86029e2..3e9c9e8 100644
--- a/webkit/glue/resource_loader_bridge.cc
+++ b/webkit/glue/resource_loader_bridge.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -54,7 +54,8 @@ ResourceLoaderBridge::RequestInfo::RequestInfo()
       request_context(0),
       appcache_host_id(0),
       routing_id(0),
-      download_to_file(false) {
+      download_to_file(false),
+      has_user_gesture(false) {
 }
 
 ResourceLoaderBridge::RequestInfo::~RequestInfo() {