diff options
| -rw-r--r-- | content/browser/child_process_security_policy.cc | 1 | ||||
| -rw-r--r-- | content/browser/child_process_security_policy_unittest.cc | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/content/browser/child_process_security_policy.cc b/content/browser/child_process_security_policy.cc index b57f7d5..33cf5e0 100644 --- a/content/browser/child_process_security_policy.cc +++ b/content/browser/child_process_security_policy.cc @@ -130,6 +130,7 @@ ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { RegisterWebSafeScheme("feed"); RegisterWebSafeScheme(chrome::kExtensionScheme); RegisterWebSafeScheme(chrome::kBlobScheme); + RegisterWebSafeScheme(chrome::kFileSystemScheme); // We know about the following psuedo schemes and treat them specially. RegisterPseudoScheme(chrome::kAboutScheme); diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc index 92ba8d2..8ad4ad4 100644 --- a/content/browser/child_process_security_policy_unittest.cc +++ b/content/browser/child_process_security_policy_unittest.cc @@ -37,6 +37,8 @@ TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); EXPECT_TRUE(p->IsWebSafeScheme("feed")); EXPECT_TRUE(p->IsWebSafeScheme(chrome::kExtensionScheme)); + EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); + EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); p->RegisterWebSafeScheme("registered-web-safe-scheme"); @@ -68,6 +70,8 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("view-source:http://www.google.com/"))); EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("chrome-extension://xy/z"))); + EXPECT_TRUE(p->CanRequestURL( + kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); // Dangerous EXPECT_FALSE(p->CanRequestURL(kRendererID, |