Block Adobe Reader from issuing NPN_GetURL/NPN_GetURLRequests for URL schemes other than http/https/ftp. This mimics Firefox behavior and works around bug http://b/issue?id=1543405 which is a XSS vulnerability in the Adobe Reader plugin where it allows javascript in the parameters passed in to the URL.Bug=1543405R=jam

Review URL: http://codereview.chromium.org/18070

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@8159 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 2 insertions, 0 deletions

diff --git a/webkit/glue/plugins/webplugin_delegate_impl.cc b/webkit/glue/plugins/webplugin_delegate_impl.cc
index cae871b..fa6ef26 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl.cc
+++ b/webkit/glue/plugins/webplugin_delegate_impl.cc
@@ -165,6 +165,7 @@ WebPluginDelegateImpl::WebPluginDelegateImpl(
         quirks_ |= PLUGIN_QUIRK_DIE_AFTER_UNLOAD;
       }
     }
+    quirks_ |= PLUGIN_QUIRK_BLOCK_NONSTANDARD_GETURL_REQUESTS;
   } else if (plugin_info.name.find(L"Windows Media Player") !=
              std::wstring::npos) {
     // Windows Media Player needs two NPP_SetWindow calls.
diff --git a/webkit/glue/plugins/webplugin_delegate_impl.h b/webkit/glue/plugins/webplugin_delegate_impl.h
index 85c14dc..e231d5f 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl.h
+++ b/webkit/glue/plugins/webplugin_delegate_impl.h
@@ -94,6 +94,7 @@ class WebPluginDelegateImpl : public WebPluginDelegate {
     PLUGIN_QUIRK_DIE_AFTER_UNLOAD = 32,
     PLUGIN_QUIRK_PATCH_TRACKPOPUP_MENU = 64,
     PLUGIN_QUIRK_PATCH_SETCURSOR = 128,
+    PLUGIN_QUIRK_BLOCK_NONSTANDARD_GETURL_REQUESTS = 256,
   };
 
   int quirks() { return quirks_; }