DragEnter grants RequestURL to entire file:// scheme.
DragEnter can't know if the end action of a dragged file will be to assign
it to the value of a file input element, or to navigate to the file itself,
so it grants the permissions required for both. The RequestURL permission,
however, currently implies access to all of file:// even though we intend to
request only one file. This change adds a method to ChildProcessSecurityPolicy
for more granular permissions for file:// URLs which is applied to the existing
renderer. A second change causes file:// navigations to be browser-navigations,
so that the existing renderer will fork a new "file-privileged" renderer. The
old renderer, having permissions for this one URL, will pass the checks
required to lauch the new renderer for the URL, but will not have permission
to fork renderers for other file:// URLs.
This is a second attempt at resolving the issue, see also:
http://codereview.chromium.org/10397002/
BUG=127525
Review URL: https://chromiumcodereview.appspot.com/10517009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141124 0039d316-1c4b-4281-b951-d872f2087c98
6 files changed
