From 62ce09738b9963a76c4552f338034bfed6aac7a7 Mon Sep 17 00:00:00 2001
From: "amit@chromium.org"
 <amit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 3 Sep 2010 18:32:04 +0000
Subject: Fix regression that allowd gcf: urls used with http and https

BUG=54345
TEST=gcf:http://www.google.com should not work by default
and should work only if 'AllowUnsafeURLs' is set to a
non-zero value in registry.


Review URL: http://codereview.chromium.org/3365008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58511 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome_frame/chrome_active_document.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'chrome_frame/chrome_active_document.cc')

diff --git a/chrome_frame/chrome_active_document.cc b/chrome_frame/chrome_active_document.cc
index 35f72f3e..b083982 100644
--- a/chrome_frame/chrome_active_document.cc
+++ b/chrome_frame/chrome_active_document.cc
@@ -276,6 +276,16 @@ STDMETHODIMP ChromeActiveDocument::Load(BOOL fully_avalable,
       referrer = prot_data->referrer();
   }
 
+  // For gcf: URLs allow only about and view-source schemes to pass through for
+  // further inspection.
+  bool is_safe_scheme = cf_url.gurl().SchemeIs(chrome::kAboutScheme) ||
+      cf_url.gurl().SchemeIs(chrome::kViewSourceScheme);
+  if (cf_url.is_chrome_protocol() && !is_safe_scheme &&
+      !GetConfigBool(false, kAllowUnsafeURLs)) {
+    DLOG(ERROR) << __FUNCTION__ << " gcf: not allowed:" << url;
+    return E_INVALIDARG;
+  }
+
   if (!LaunchUrl(cf_url, referrer)) {
     DLOG(ERROR) << __FUNCTION__ << " Failed to launch url:" << url;
     return E_INVALIDARG;
-- 
cgit v1.1