content/common/plugin_list.cc - Issue 18364005: Don't override application/octet-stream MIME type.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/common/plugin_list.cc

Issue 18364005: Don't override application/octet-stream MIME type. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Merge with r212882 to catch up with namespace changes. Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/common/plugin_list.cc

diff --git a/content/common/plugin_list.cc b/content/common/plugin_list.cc

index 615ca2676703c8fba6e63f6f1f99b477d7afe03e..79f8cc56b7ac64541b903179c32d7fe04e63fbb7 100644

--- a/content/common/plugin_list.cc

+++ b/content/common/plugin_list.cc

@@ -25,31 +25,8 @@ namespace content {

namespace {

-const char kApplicationOctetStream[] = "application/octet-stream";

base::LazyInstance<PluginList> g_singleton = LAZY_INSTANCE_INITIALIZER;

-bool AllowMimeTypeMismatch(const std::string& orig_mime_type,

- const std::string& actual_mime_type) {

- if (orig_mime_type == actual_mime_type) {

- NOTREACHED();

- return true;

- }

- // We do not permit URL-sniff based plug-in MIME type overrides aside from

- // the case where the "type" was initially missing or generic

- // (application/octet-stream).

- // We collected stats to determine this approach isn't a major compat issue,

- // and we defend against content confusion attacks in various cases, such

- // as when the user doesn't have the Flash plug-in enabled.

- bool allow = orig_mime_type.empty() ||

- orig_mime_type == kApplicationOctetStream;

- LOG_IF(INFO, !allow) << "Ignoring plugin with unexpected MIME type "

- << actual_mime_type << " (expected " << orig_mime_type

- << ")";

- return allow;

} // namespace

// static

@@ -365,16 +342,20 @@ void PluginList::GetPluginInfoArray(

}

// Add in plugins by url.

+ // We do not permit URL-sniff based plug-in MIME type overrides aside from

+ // the case where the "type" was initially missing.

+ // We collected stats to determine this approach isn't a major compat issue,

+ // and we defend against content confusion attacks in various cases, such

+ // as when the user doesn't have the Flash plug-in enabled.

std::string path = url.path();

std::string::size_type last_dot = path.rfind('.');

- if (last_dot != std::string::npos) {

+ if (last_dot != std::string::npos && mime_type.empty()) {

std::string extension = StringToLowerASCII(std::string(path, last_dot+1));

std::string actual_mime_type;

for (size_t i = 0; i < plugins_list_.size(); ++i) {

if (SupportsExtension(plugins_list_[i], extension, &actual_mime_type)) {

base::FilePath path = plugins_list_[i].path;

- if (visited_plugins.insert(path).second &&

- AllowMimeTypeMismatch(mime_type, actual_mime_type)) {

+ if (visited_plugins.insert(path).second) {

info->push_back(plugins_list_[i]);

if (actual_mime_types)

actual_mime_types->push_back(actual_mime_type);

« no previous file with comments | « content/browser/download/download_browsertest.cc ('k') | content/common/plugin_list_unittest.cc » ('j') | no next file with comments »