| Index: content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
|
| diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
|
| index 6ab2feef89acf3bd0e76c78326922f32ee1d17db..90e4d8de66edec1fe285bea8cd577a3d8ac6bf3e 100644
|
| --- a/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
|
| +++ b/content/public/android/java/src/org/chromium/content/browser/ContentSettings.java
|
| @@ -77,6 +77,8 @@ public class ContentSettings {
|
| private int mDefaultFixedFontSize = 13;
|
| private boolean mLoadsImagesAutomatically = true;
|
| private boolean mJavaScriptEnabled = false;
|
| + private boolean mAllowUniversalAccessFromFileURLs = false;
|
| + private boolean mAllowFileAccessFromFileURLs = false;
|
| private boolean mJavaScriptCanOpenWindowsAutomatically = false;
|
| private PluginState mPluginState = PluginState.OFF;
|
| private boolean mDomStorageEnabled = false;
|
| @@ -155,7 +157,8 @@ public class ContentSettings {
|
| * Package constructor to prevent clients from creating a new settings
|
| * instance. Must be called on the UI thread.
|
| */
|
| - ContentSettings(ContentViewCore contentViewCore, int nativeContentView) {
|
| + ContentSettings(ContentViewCore contentViewCore, int nativeContentView,
|
| + boolean isAccessFromFileURLsGrantedByDefault) {
|
| ThreadUtils.assertOnUiThread();
|
| mContentViewCore = contentViewCore;
|
| mCanModifySettings = mContentViewCore.isPersonalityView();
|
| @@ -164,6 +167,11 @@ public class ContentSettings {
|
| mCleanupReference = new CleanupReference(this,
|
| new DestroyRunnable(mNativeContentSettings));
|
|
|
| + if (isAccessFromFileURLsGrantedByDefault) {
|
| + mAllowUniversalAccessFromFileURLs = true;
|
| + mAllowFileAccessFromFileURLs = true;
|
| + }
|
| +
|
| mEventHandler = new EventHandler();
|
| if (mCanModifySettings) {
|
| // PERSONALITY_VIEW
|
| @@ -523,6 +531,53 @@ public class ContentSettings {
|
| }
|
|
|
| /**
|
| + * Sets whether JavaScript running in the context of a file scheme URL
|
| + * should be allowed to access content from any origin. This includes
|
| + * access to content from other file scheme URLs. See
|
| + * {@link #setAllowFileAccessFromFileURLs}. To enable the most restrictive,
|
| + * and therefore secure policy, this setting should be disabled.
|
| + * <p>
|
| + * The default value is true for API level
|
| + * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
|
| + * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
|
| + * and above.
|
| + *
|
| + * @param flag whether JavaScript running in the context of a file scheme
|
| + * URL should be allowed to access content from any origin
|
| + */
|
| + public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) {
|
| + assert mCanModifySettings;
|
| + if (mAllowUniversalAccessFromFileURLs != flag) {
|
| + mAllowUniversalAccessFromFileURLs = flag;
|
| + sendSyncMessage();
|
| + }
|
| + }
|
| +
|
| + /**
|
| + * Sets whether JavaScript running in the context of a file scheme URL
|
| + * should be allowed to access content from other file scheme URLs. To
|
| + * enable the most restrictive, and therefore secure policy, this setting
|
| + * should be disabled. Note that the value of this setting is ignored if
|
| + * the value of {@link #getAllowUniversalAccessFromFileURLs} is true.
|
| + * <p>
|
| + * The default value is true for API level
|
| + * {@link android.os.Build.VERSION_CODES#ICE_CREAM_SANDWICH_MR1} and below,
|
| + * and false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
|
| + * and above.
|
| + *
|
| + * @param flag whether JavaScript running in the context of a file scheme
|
| + * URL should be allowed to access content from other file
|
| + * scheme URLs
|
| + */
|
| + public synchronized void setAllowFileAccessFromFileURLs(boolean flag) {
|
| + assert mCanModifySettings;
|
| + if (mAllowFileAccessFromFileURLs != flag) {
|
| + mAllowFileAccessFromFileURLs = flag;
|
| + sendSyncMessage();
|
| + }
|
| + }
|
| +
|
| + /**
|
| * Tell the WebView to load image resources automatically.
|
| * @param flag True if the WebView should load images automatically.
|
| */
|
| @@ -553,6 +608,31 @@ public class ContentSettings {
|
| }
|
|
|
| /**
|
| + * Gets whether JavaScript running in the context of a file scheme URL can
|
| + * access content from any origin. This includes access to content from
|
| + * other file scheme URLs.
|
| + *
|
| + * @return whether JavaScript running in the context of a file scheme URL
|
| + * can access content from any origin
|
| + * @see #setAllowUniversalAccessFromFileURLs
|
| + */
|
| + public synchronized boolean getAllowUniversalAccessFromFileURLs() {
|
| + return mAllowUniversalAccessFromFileURLs;
|
| + }
|
| +
|
| + /**
|
| + * Gets whether JavaScript running in the context of a file scheme URL can
|
| + * access content from other file scheme URLs.
|
| + *
|
| + * @return whether JavaScript running in the context of a file scheme URL
|
| + * can access content from other file scheme URLs
|
| + * @see #setAllowFileAccessFromFileURLs
|
| + */
|
| + public synchronized boolean getAllowFileAccessFromFileURLs() {
|
| + return mAllowFileAccessFromFileURLs;
|
| + }
|
| +
|
| + /**
|
| * Tell the WebView to enable plugins.
|
| * @param flag True if the WebView should load plugins.
|
| * @deprecated This method has been deprecated in favor of
|
|
|
Chromium Code Reviews
Issue 10827274:
[Android] Implement WebSettings APIs for FileURL resource access conrol (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src