summaryrefslogtreecommitdiffstats
path: root/chrome/browser/desktop_notification_handler.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chrome/browser/desktop_notification_handler.cc')
-rw-r--r--chrome/browser/desktop_notification_handler.cc11
1 files changed, 11 insertions, 0 deletions
diff --git a/chrome/browser/desktop_notification_handler.cc b/chrome/browser/desktop_notification_handler.cc
index 986425a..e6654ec 100644
--- a/chrome/browser/desktop_notification_handler.cc
+++ b/chrome/browser/desktop_notification_handler.cc
@@ -7,6 +7,7 @@
#include "chrome/browser/notifications/desktop_notification_service.h"
#include "chrome/browser/notifications/desktop_notification_service_factory.h"
#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/url_constants.h"
#include "content/browser/renderer_host/render_process_host.h"
#include "content/browser/renderer_host/render_view_host.h"
#include "content/browser/renderer_host/render_view_host_delegate.h"
@@ -37,6 +38,16 @@ bool DesktopNotificationHandler::OnMessageReceived(
void DesktopNotificationHandler::OnShow(
const DesktopNotificationHostMsg_Show_Params& params) {
+ // Disallow HTML notifications from unwanted schemes. javascript:
+ // in particular allows unwanted cross-domain access.
+ GURL url = params.contents_url;
+ if (!url.SchemeIs(chrome::kHttpScheme) &&
+ !url.SchemeIs(chrome::kHttpsScheme) &&
+ !url.SchemeIs(chrome::kExtensionScheme) &&
+ !url.SchemeIs(chrome::kDataScheme)) {
+ return;
+ }
+
RenderProcessHost* process = render_view_host()->process();
DesktopNotificationService* service =
DesktopNotificationServiceFactory::GetForProfile(process->profile());
generated by cgit v1.1 at 2025-02-02 02:07:14 +0000