Limiting the "Cookies and site data" form to "web safe" schemes.

chrome/browser/browsing_data_appcache_helper.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/browsing_data_appcache_helper.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/url_constants.h"
 #include "content/public/browser/browser_thread.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/resource_context.h"
 #include "webkit/appcache/appcache_database.h"
 #include "webkit/appcache/appcache_storage.h"
 
 using appcache::AppCacheDatabase;
 using content::BrowserContext;
 using content::BrowserThread;
 using content::ResourceContext;
 
 BrowsingDataAppCacheHelper::BrowsingDataAppCacheHelper(Profile* profile)
@@ skipping 45 matching lines @@
   }
 
   ResourceContext::GetAppCacheService(resource_context_)->DeleteAppCacheGroup(
       manifest_url, net::CompletionCallback());
 }
 
 BrowsingDataAppCacheHelper::~BrowsingDataAppCacheHelper() {}
 
 void BrowsingDataAppCacheHelper::OnFetchComplete(int rv) {
   if (BrowserThread::CurrentlyOn(BrowserThread::IO)) {
-    // Filter out appcache info entries for extensions. Extension state is not
-    // considered browsing data.
+    // Filter out appcache info entries for non-websafe schemes. Extension state
+    // and DevTools, for example, are not considered browsing data.
     typedef std::map<GURL, appcache::AppCacheInfoVector> InfoByOrigin;
     InfoByOrigin& origin_map = info_collection_->infos_by_origin;
+    content::ChildProcessSecurityPolicy* policy =
+        content::ChildProcessSecurityPolicy::GetInstance();
     for (InfoByOrigin::iterator origin = origin_map.begin();
          origin != origin_map.end();) {
       InfoByOrigin::iterator current = origin;
       ++origin;
-      if (current->first.SchemeIs(chrome::kExtensionScheme))
+      if (policy->IsWebSafeScheme(current->first.scheme()))

[jochen (gone - plz use gerrit), 2012/04/03 09:41:21]

forgot ! ?

[Mike West, 2012/04/03 14:45:51]

Gah.

         origin_map.erase(current);
     }
 
     BrowserThread::PostTask(
         BrowserThread::UI, FROM_HERE,
         base::Bind(&BrowsingDataAppCacheHelper::OnFetchComplete, this, rv));
     return;
   }
 
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
@@ skipping 15 matching lines @@
 CannedBrowsingDataAppCacheHelper* CannedBrowsingDataAppCacheHelper::Clone() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   CannedBrowsingDataAppCacheHelper* clone =
       new CannedBrowsingDataAppCacheHelper(profile_);
 
   clone->info_collection_->infos_by_origin = info_collection_->infos_by_origin;
   return clone;
 }
 
 void CannedBrowsingDataAppCacheHelper::AddAppCache(const GURL& manifest_url) {
+  content::ChildProcessSecurityPolicy* policy =
+      content::ChildProcessSecurityPolicy::GetInstance();
+  if (!policy->IsWebSafeScheme(manifest_url.scheme()))
+    return;  // Ignore non-websafe schemes.
+
   typedef std::map<GURL, appcache::AppCacheInfoVector> InfoByOrigin;
   InfoByOrigin& origin_map = info_collection_->infos_by_origin;
   appcache::AppCacheInfoVector& appcache_infos_ =
       origin_map[manifest_url.GetOrigin()];
 
   for (appcache::AppCacheInfoVector::iterator
        appcache = appcache_infos_.begin(); appcache != appcache_infos_.end();
        ++appcache) {
     if (appcache->manifest_url == manifest_url)
       return;
@@ skipping 11 matching lines @@
 bool CannedBrowsingDataAppCacheHelper::empty() const {
   return info_collection_->infos_by_origin.empty();
 }
 
 void CannedBrowsingDataAppCacheHelper::StartFetching(
     const base::Closure& completion_callback) {
   completion_callback.Run();
 }
 
 CannedBrowsingDataAppCacheHelper::~CannedBrowsingDataAppCacheHelper() {}