Chromium Code Reviews Chromium Code Reviews
Issue 9958107:
Limiting the "Cookies and site data" form to "web safe" schemes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/browser/browsing_data_database_helper.cc |
| diff --git a/chrome/browser/browsing_data_database_helper.cc b/chrome/browser/browsing_data_database_helper.cc |
| index ccb561549b042e3f6fdfd49b61ae09c4a5119d07..7678131da5c36e7da3f76dd00b21918085b3e8c2 100644 |
| --- a/chrome/browser/browsing_data_database_helper.cc |
| +++ b/chrome/browser/browsing_data_database_helper.cc |
| @@ -11,10 +11,11 @@ |
| #include "base/utf_string_conversions.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "content/public/browser/browser_thread.h" |
| +#include "content/public/browser/child_process_security_policy.h" |
| #include "net/base/completion_callback.h" |
| #include "net/base/net_errors.h" |
| -#include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebCString.h" |
| #include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" |
|
jochen (gone - plz use gerrit)
2012/04/03 09:41:21
nit. W > p
Mike West
2012/04/03 14:45:51
Not according to vim! :)
Fixed.
|
| +#include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebCString.h" |
| #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebString.h" |
| using content::BrowserContext; |
| @@ -91,13 +92,13 @@ void BrowsingDataDatabaseHelper::FetchDatabaseInfoOnFileThread() { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| std::vector<webkit_database::OriginInfo> origins_info; |
| if (tracker_.get() && tracker_->GetAllOriginsInfo(&origins_info)) { |
| + content::ChildProcessSecurityPolicy* policy = |
| + content::ChildProcessSecurityPolicy::GetInstance(); |
| for (std::vector<webkit_database::OriginInfo>::const_iterator ori = |
| origins_info.begin(); ori != origins_info.end(); ++ori) { |
| - const std::string origin_identifier(UTF16ToUTF8(ori->GetOrigin())); |
| - if (StartsWithASCII(origin_identifier, |
| - std::string(chrome::kExtensionScheme), |
| - true)) { |
| - // Extension state is not considered browsing data. |
| + const GURL origin(UTF16ToUTF8(ori->GetOrigin())); |
| + if (policy->IsWebSafeScheme(origin.scheme())) { |
|
jochen (gone - plz use gerrit)
2012/04/03 09:41:21
forgot ! ?
Mike West
2012/04/03 14:45:51
Done.
|
| + // Non-websafe state is not considered browsing data. |
| continue; |
| } |
| WebSecurityOrigin web_security_origin = |
| @@ -113,7 +114,7 @@ void BrowsingDataDatabaseHelper::FetchDatabaseInfoOnFileThread() { |
| database_info_.push_back(DatabaseInfo( |
| web_security_origin.host().utf8(), |
| UTF16ToUTF8(*db), |
| - origin_identifier, |
| + UTF16ToUTF8(ori->GetOrigin()), |
| UTF16ToUTF8(ori->GetDatabaseDescription(*db)), |
| web_security_origin.toString().utf8(), |
| file_info.size, |
| @@ -186,8 +187,12 @@ void CannedBrowsingDataDatabaseHelper::AddDatabase( |
| const std::string& name, |
| const std::string& description) { |
| base::AutoLock auto_lock(lock_); |
| - pending_database_info_.push_back(PendingDatabaseInfo( |
| - origin, name, description)); |
| + content::ChildProcessSecurityPolicy* policy = |
| + content::ChildProcessSecurityPolicy::GetInstance(); |
| + if (policy->IsWebSafeScheme(origin.scheme())) { |
| + pending_database_info_.push_back(PendingDatabaseInfo( |
| + origin, name, description)); |
| + } |
| } |
| void CannedBrowsingDataDatabaseHelper::Reset() { |
