Google Git
Sign in
chromium / chromium / src / a2525d33673bd4a5987a9aa3dfb516f6c89fb6de
commita2525d33673bd4a5987a9aa3dfb516f6c89fb6de[log] [tgz]
authorelawrence <elawrence@chromium.org>Fri Sep 16 20:14:03 2016
committerCommit bot <commit-bot@chromium.org>Fri Sep 16 20:16:20 2016
tree14a03a36343cedecfcc2700d2b687fcb4717256c
parente3320ae41baa9c861dab9b852bf19e7546446492 [diff]
Ignore Javascript urls dropped on tabs (Mac version)

When a Javascript: url is dropped on a tab, it executes in the
security context of the selected tab, representing a script
injection attack ("Dropjacking"). We will match other browsers
and disallow such drops.

Mac handles URL drops using a different codepath than Windows;
this change fixes the Mac codepath.

BUG=639750

Review-Url: https://codereview.chromium.org/2346023002
Cr-Commit-Position: refs/heads/master@{#419266}
2 files changed
tree: 14a03a36343cedecfcc2700d2b687fcb4717256c
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. blimp/
  6. blink/
  7. breakpad/
  8. build/
  9. build_overrides/
  10. cc/
  11. chrome/
  12. chrome_elf/
  13. chromecast/
  14. chromeos/
  15. components/
  16. content/
  17. courgette/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. mash/
  33. media/
  34. mojo/
  35. native_client_sdk/
  36. net/
  37. pdf/
  38. ppapi/
  39. printing/
  40. remoting/
  41. rlz/
  42. sandbox/
  43. sdch/
  44. services/
  45. skia/
  46. sql/
  47. storage/
  48. styleguide/
  49. testing/
  50. third_party/
  51. tools/
  52. ui/
  53. url/
  54. .clang-format
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. LICENSE
  65. LICENSE.chromium_os
  66. OWNERS
  67. PRESUBMIT.py
  68. PRESUBMIT_test.py
  69. PRESUBMIT_test_mocks.py
  70. WATCHLISTS