Issue 11035070: <browser> Disable browser plugin in content_shell by default.

Issue 11035070: <browser> Disable browser plugin in content_shell by default. (Closed)

Created:
8 years, 2 months ago by lazyboy

Modified:
8 years, 2 months ago

Reviewers:
Charlie Reis, jam

CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

<browser> Disable browser plugin in content_shell by default. This means I had to move the flag that forcefully enables browser plugin everywhere from chrome/ to content/. Reasoning for the change: Enabling browser plugin in regular pages (other than apps), breaks same origin policy: The embedder is allowed to inject javascript: URLs into the browser plugin, and it will soon be able to call executeScript. That means the embedder can do whatever it wants with the guest. The concern is also true for content_shell, since anyone who embeds Chrome is facing a similar risk if they don't disable the browser plugin. BUG=154360 TEST=Tested with content_shell, by default browser plugin doesn't load anymore. content_browsertests would also not run, made the change to enable them. Ran Tests: content_browsertests:BrowserPluginHostTest* content_browsertests:BrowserPluginTest* browser_tests:BrowserTag* Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=161142

Patch Set 1 #

Patch Set 2 : Sort one include and arg in a list. #

Total comments: 4

Patch Set 3 : Address comments from creis@ #

Patch Set 4 : Sync @tott + fix one include order. #

Created: 8 years, 2 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+45 lines, -7 lines)			Patch
M	chrome/browser/chrome_content_browser_client.cc	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	chrome/common/chrome_switches.h	View	1 2 3	1 chunk	+0 lines, -1 line	0 comments	Download
M	chrome/common/chrome_switches.cc	View	1 2 3	1 chunk	+0 lines, -4 lines	0 comments	Download
M	content/browser/browser_plugin/browser_plugin_host_browsertest.cc	View	1 2 3	4 chunks	+8 lines, -1 line	0 comments	Download
M	content/browser/renderer_host/render_process_host_impl.cc	View	1 2 3	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/public/common/content_switches.h	View	1 2 3	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/public/common/content_switches.cc	View	1 2 3	1 chunk	+4 lines, -0 lines	0 comments	Download
M	content/shell/shell_content_renderer_client.h	View		2 chunks	+12 lines, -0 lines	0 comments	Download
M	content/shell/shell_content_renderer_client.cc	View	1 2 3	2 chunks	+19 lines, -0 lines	0 comments	Download

Messages

Total messages: 8 (0 generated)

Expand Messages | Collapse Messages

jam

can you explain why you're disabling it in content_shell by default?

8 years, 2 months ago (2012-10-06 01:41:46 UTC) #2

lazyboy

""" Enabling browser plugin in regular pages (other than apps), breaks same origin policy: The ...

8 years, 2 months ago (2012-10-06 01:55:09 UTC) #3

Charlie Reis

LGTM, but John, can you approve as well? We do want this behind a flag ...

8 years, 2 months ago (2012-10-08 16:47:20 UTC) #4

lazyboy

https://chromiumcodereview.appspot.com/11035070/diff/2001/content/public/common/content_switches.cc File content/public/common/content_switches.cc (right): https://chromiumcodereview.appspot.com/11035070/diff/2001/content/public/common/content_switches.cc#newcode250 content/public/common/content_switches.cc:250: // Enables browser plugin for regular pages as well ...

8 years, 2 months ago (2012-10-08 19:23:57 UTC) #5

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/lazyboy@chromium.org/11035070/11001

8 years, 2 months ago (2012-10-10 17:01:18 UTC) #7

Change committed as 161142

Expand Messages | Collapse Messages