angler-fishThe Vulnerability History Project

When dragging file:// links off a web page, don't populate the

      URL section of the dragging clipboard.  This avoids us reading
it back as file data.

The problem is that most file managers on Linux handle file drags
by populating the dragging clipboard with file:/// urls.  To make
file drags work, we convert file:// urls into actual files. Since
we want to support this use case, just block the file:// drags
originating from the renderer (the user can still drop the data
as plain text, say into a text field).

BUG=81307
TEST=Try dragging a link of a file:/// url into a file upload
    control.  It shouldn't work.

Review URL: http://codereview.chromium.org/7109031

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88203 0039d316-1c4b-4281-b951-d872f2087c98
by Dennis the Turtle 2011-06-07 21:11:03 UTC
commit 8c4575b2a38ff179b7f6df581e9f4d7150bf901a
Chromium Fix CVE-2011-2782
content/browser/renderer_host/render_view_host.cc
+1 -19
content/browser/renderer_host/render_view_host_unittest.cc
-92
content/browser/renderer_host/test_render_view_host.cc
-5
content/browser/renderer_host/test_render_view_host.h
-2
content/browser/tab_contents/test_tab_contents.cc
+1 -8
content/browser/tab_contents/test_tab_contents.h
-8
expand_less