Adding devtools scheme as internal to prevent external app navigation
This is a follow up to bug discussion 960409:
https://bugs.chromium.org/p/chromium/issues/detail?id=960409#c8
The patch adds the 'devtools://' url scheme to the list of internal
schemes and adds a check to ensure that navigations to that scheme
don't bounce out to external apps.
Change-Id: Ibe9ab69a2bebc20e7636e65943dc67b426f0fea5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1615605
Reviewed-by: Joel Einbinder <einbinder@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Commit-Queue: James Lissiak <jalissia@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#661018}
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/UrlConstants.java b/chrome/android/java/src/org/chromium/chrome/browser/UrlConstants.java
index ab1cd30..3fb08e1 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/UrlConstants.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/UrlConstants.java
@@ -28,6 +28,8 @@
public static final String CHROME_URL_SHORT_PREFIX = "chrome:";
public static final String CHROME_NATIVE_URL_SHORT_PREFIX = "chrome-native:";
public static final String FILE_URL_SHORT_PREFIX = "file:";
+ public static final String DEVTOOLS_URL_SHORT_PREFIX = "devtools:";
+ public static final String DEVTOOLS_FALLBACK_URL_SHORT_PREFIX = "chrome-devtools:";
public static final String CHROME_URL_PREFIX = "chrome://";
public static final String CHROME_NATIVE_URL_PREFIX = "chrome-native://";
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java b/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
index c17abd5..ac81025 100644
--- a/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
@@ -375,11 +375,13 @@
return OverrideUrlLoadingResult.NO_OVERRIDE;
}
- // The "about:", "chrome:", and "chrome-native:" schemes are internal to the browser;
- // don't want these to be dispatched to other apps.
+ // The "about:", "chrome:", "chrome-native:", "chrome-devtools:", and "devtools:" schemes
+ // are internal to the browser; don't want these to be dispatched to other apps.
if (params.getUrl().startsWith(ContentUrlConstants.ABOUT_URL_SHORT_PREFIX)
|| params.getUrl().startsWith(UrlConstants.CHROME_URL_SHORT_PREFIX)
- || params.getUrl().startsWith(UrlConstants.CHROME_NATIVE_URL_SHORT_PREFIX)) {
+ || params.getUrl().startsWith(UrlConstants.CHROME_NATIVE_URL_SHORT_PREFIX)
+ || params.getUrl().startsWith(UrlConstants.DEVTOOLS_URL_SHORT_PREFIX)
+ || params.getUrl().startsWith(UrlConstants.DEVTOOLS_FALLBACK_URL_SHORT_PREFIX)) {
if (DEBUG) Log.i(TAG, "NO_OVERRIDE: Navigating to a chrome-internal page");
return OverrideUrlLoadingResult.NO_OVERRIDE;
}