commit | a2525d33673bd4a5987a9aa3dfb516f6c89fb6de | [log] [tgz] |
---|---|---|
author | elawrence <elawrence@chromium.org> | Fri Sep 16 20:14:03 2016 |
committer | Commit bot <commit-bot@chromium.org> | Fri Sep 16 20:16:20 2016 |
tree | 14a03a36343cedecfcc2700d2b687fcb4717256c | |
parent | e3320ae41baa9c861dab9b852bf19e7546446492 [diff] |
Ignore Javascript urls dropped on tabs (Mac version) When a Javascript: url is dropped on a tab, it executes in the security context of the selected tab, representing a script injection attack ("Dropjacking"). We will match other browsers and disallow such drops. Mac handles URL drops using a different codepath than Windows; this change fixes the Mac codepath. BUG=639750 Review-Url: https://codereview.chromium.org/2346023002 Cr-Commit-Position: refs/heads/master@{#419266}