2 files changed, 44 insertions, 2 deletions

diff --git a/chrome/browser/safe_browsing/client_side_detection_host.cc b/chrome/browser/safe_browsing/client_side_detection_host.cc
index 879ff1a..ef2e70f 100644
--- a/chrome/browser/safe_browsing/client_side_detection_host.cc
+++ b/chrome/browser/safe_browsing/client_side_detection_host.cc
@@ -61,9 +61,19 @@ class ClientSideDetectionHost::ShouldClassifyUrlRequest
 
   void Start() {
     DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+    // We start by doing some simple checks that can run on the UI thread.
 
-    // We first start by doing the proxy, local IP and off-the-record checks
-    // synchronously because they are fast and they run on the UI thread.
+    // Only classify [X]HTML documents.
+    if (params_.contents_mime_type != "text/html" &&
+        params_.contents_mime_type != "application/xhtml+xml") {
+      VLOG(1) << "Skipping phishing classification for URL: " << params_.url
+              << " because it has an unsupported MIME type: "
+              << params_.contents_mime_type;
+      UMA_HISTOGRAM_ENUMERATION("SBClientPhishing.PreClassificationCheckFail",
+                                NO_CLASSIFY_UNSUPPORTED_MIME_TYPE,
+                                NO_CLASSIFY_MAX);
+      return;
+    }
 
     // Don't run the phishing classifier if the URL came from a private
     // network, since we don't want to ping back in this case.  We also need
@@ -132,6 +142,7 @@ class ClientSideDetectionHost::ShouldClassifyUrlRequest
     NO_CLASSIFY_OFF_THE_RECORD,
     NO_CLASSIFY_MATCH_CSD_WHITELIST,
     NO_CLASSIFY_TOO_MANY_REPORTS,
+    NO_CLASSIFY_UNSUPPORTED_MIME_TYPE,
 
     NO_CLASSIFY_MAX  // Always add new values before this one.
   };
diff --git a/chrome/browser/safe_browsing/client_side_detection_host_unittest.cc b/chrome/browser/safe_browsing/client_side_detection_host_unittest.cc
index 0943535..e56f908 100644
--- a/chrome/browser/safe_browsing/client_side_detection_host_unittest.cc
+++ b/chrome/browser/safe_browsing/client_side_detection_host_unittest.cc
@@ -433,6 +433,24 @@ TEST_F(ClientSideDetectionHostTest, ShouldClassifyUrl) {
       SafeBrowsingMsg_StartPhishingDetection::ID);
   ASSERT_FALSE(msg);
 
+  // Check that XHTML is supported, in addition to the default HTML type.
+  // Note: for this test to work correctly, the new URL must be on the
+  // same domain as the previous URL, otherwise it will create a new
+  // RenderViewHost that won't have the mime type set.
+  url = GURL("http://host.com/xhtml");
+  rvh()->set_contents_mime_type("application/xhtml+xml");
+  ExpectPreClassificationChecks(url, &kFalse, &kFalse, &kFalse, &kFalse,
+                                &kFalse, &kFalse);
+  NavigateAndCommit(url);
+  WaitAndCheckPreClassificationChecks();
+  msg = process()->sink().GetFirstMessageMatching(
+      SafeBrowsingMsg_StartPhishingDetection::ID);
+  ASSERT_TRUE(msg);
+  SafeBrowsingMsg_StartPhishingDetection::Read(msg, &actual_url);
+  EXPECT_EQ(url, actual_url.a);
+  EXPECT_EQ(rvh()->routing_id(), msg->routing_id());
+  process()->sink().ClearMessages();
+
   // Navigate to a new host, which should cause another IPC.
   url = GURL("http://host2.com/");
   ExpectPreClassificationChecks(url, &kFalse, &kFalse, &kFalse, &kFalse,
@@ -447,6 +465,19 @@ TEST_F(ClientSideDetectionHostTest, ShouldClassifyUrl) {
   EXPECT_EQ(rvh()->routing_id(), msg->routing_id());
   process()->sink().ClearMessages();
 
+  // If the mime type is not one that we support, no IPC should be triggered.
+  // Note: for this test to work correctly, the new URL must be on the
+  // same domain as the previous URL, otherwise it will create a new
+  // RenderViewHost that won't have the mime type set.
+  url = GURL("http://host2.com/image.jpg");
+  rvh()->set_contents_mime_type("image/jpeg");
+  ExpectPreClassificationChecks(url, NULL, NULL, NULL, NULL, NULL, NULL);
+  NavigateAndCommit(url);
+  WaitAndCheckPreClassificationChecks();
+  msg = process()->sink().GetFirstMessageMatching(
+      SafeBrowsingMsg_StartPhishingDetection::ID);
+  ASSERT_FALSE(msg);
+
   // If IsPrivateIPAddress returns true, no IPC should be triggered.
   url = GURL("http://host3.com/");
   ExpectPreClassificationChecks(url, &kTrue, NULL, NULL, NULL, NULL, NULL);