Skip to content

GitLab

T
tangled
Commit 7aaf7e90 authored by Dmitry Gozman's avatar Dmitry Gozman Committed by Commit Bot
Browse files
Options

[DevTools] Guard DOM.setFileInputFiles under MayAffectLocalFiles 

Bug: 805557
Change-Id: Ib6f37ec6e1d091ee54621cc0c5c44f1a6beab10f
Reviewed-on: https://chromium-review.googlesource.com/c/1334847Reviewed-by: default avatarPavel Feldman <pfeldman@chromium.org>
Commit-Queue: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607902}
parent 0eaa27d3
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 5 deletions
content/browser/devtools/protocol/dom_handler.cc
View file @ 7aaf7e90
...@@ -12,10 +12,10 @@ ...@@ -12,10 +12,10 @@
namespace content { namespace content {
namespace protocol { namespace protocol {
DOMHandler::DOMHandler() DOMHandler::DOMHandler(bool allow_file_access)
: DevToolsDomainHandler(DOM::Metainfo::domainName), : DevToolsDomainHandler(DOM::Metainfo::domainName),
host_(nullptr) { host_(nullptr),
} allow_file_access_(allow_file_access) {}
DOMHandler::~DOMHandler() { DOMHandler::~DOMHandler() {
} }
...@@ -38,6 +38,8 @@ Response DOMHandler::SetFileInputFiles( ...@@ -38,6 +38,8 @@ Response DOMHandler::SetFileInputFiles(
Maybe<DOM::NodeId> node_id, Maybe<DOM::NodeId> node_id,
Maybe<DOM::BackendNodeId> backend_node_id, Maybe<DOM::BackendNodeId> backend_node_id,
Maybe<String> in_object_id) { Maybe<String> in_object_id) {
if (!allow_file_access_)
return Response::Error("Not allowed");
if (host_) { if (host_) {
for (size_t i = 0; i < files->length(); i++) { for (size_t i = 0; i < files->length(); i++) {
#if defined(OS_WIN) #if defined(OS_WIN)
......
content/browser/devtools/protocol/dom_handler.h
View file @ 7aaf7e90
...@@ -18,7 +18,7 @@ namespace protocol { ...@@ -18,7 +18,7 @@ namespace protocol {
class DOMHandler : public DevToolsDomainHandler, class DOMHandler : public DevToolsDomainHandler,
public DOM::Backend { public DOM::Backend {
public: public:
DOMHandler(); explicit DOMHandler(bool allow_file_access);
~DOMHandler() override; ~DOMHandler() override;
void Wire(UberDispatcher* dispatcher) override; void Wire(UberDispatcher* dispatcher) override;
...@@ -34,6 +34,7 @@ class DOMHandler : public DevToolsDomainHandler, ...@@ -34,6 +34,7 @@ class DOMHandler : public DevToolsDomainHandler,
private: private:
RenderFrameHostImpl* host_; RenderFrameHostImpl* host_;
bool allow_file_access_;
DISALLOW_COPY_AND_ASSIGN(DOMHandler); DISALLOW_COPY_AND_ASSIGN(DOMHandler);
}; };
......
content/browser/devtools/render_frame_devtools_agent_host.cc
View file @ 7aaf7e90
...@@ -226,7 +226,8 @@ bool RenderFrameDevToolsAgentHost::AttachSession(DevToolsSession* session) { ...@@ -226,7 +226,8 @@ bool RenderFrameDevToolsAgentHost::AttachSession(DevToolsSession* session) {
protocol::EmulationHandler* emulation_handler = protocol::EmulationHandler* emulation_handler =
new protocol::EmulationHandler(); new protocol::EmulationHandler();
session->AddHandler(base::WrapUnique(new protocol::BrowserHandler())); session->AddHandler(base::WrapUnique(new protocol::BrowserHandler()));
session->AddHandler(base::WrapUnique(new protocol::DOMHandler())); session->AddHandler(base::WrapUnique(
new protocol::DOMHandler(session->client()->MayAffectLocalFiles())));
session->AddHandler(base::WrapUnique(emulation_handler)); session->AddHandler(base::WrapUnique(emulation_handler));
session->AddHandler(base::WrapUnique(new protocol::InputHandler())); session->AddHandler(base::WrapUnique(new protocol::InputHandler()));
session->AddHandler(base::WrapUnique(new protocol::InspectorHandler())); session->AddHandler(base::WrapUnique(new protocol::InspectorHandler()));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment