summaryrefslogtreecommitdiffstats
path: root/chrome_frame/chrome_active_document.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chrome_frame/chrome_active_document.cc')
-rw-r--r--chrome_frame/chrome_active_document.cc10
1 files changed, 10 insertions, 0 deletions
diff --git a/chrome_frame/chrome_active_document.cc b/chrome_frame/chrome_active_document.cc
index 35f72f3e..b083982 100644
--- a/chrome_frame/chrome_active_document.cc
+++ b/chrome_frame/chrome_active_document.cc
@@ -276,6 +276,16 @@ STDMETHODIMP ChromeActiveDocument::Load(BOOL fully_avalable,
referrer = prot_data->referrer();
}
+ // For gcf: URLs allow only about and view-source schemes to pass through for
+ // further inspection.
+ bool is_safe_scheme = cf_url.gurl().SchemeIs(chrome::kAboutScheme) ||
+ cf_url.gurl().SchemeIs(chrome::kViewSourceScheme);
+ if (cf_url.is_chrome_protocol() && !is_safe_scheme &&
+ !GetConfigBool(false, kAllowUnsafeURLs)) {
+ DLOG(ERROR) << __FUNCTION__ << " gcf: not allowed:" << url;
+ return E_INVALIDARG;
+ }
+
if (!LaunchUrl(cf_url, referrer)) {
DLOG(ERROR) << __FUNCTION__ << " Failed to launch url:" << url;
return E_INVALIDARG;
generated by cgit v1.1 at 2025-03-13 21:17:57 +0000