Neutralize dangerous subresource files during Save Page.
Downloading a complete page using "Save as..." can result in downloading
hundreds of subresources. The user often isn't interested in accessing
individual resources directly while they are on disk. In addition,
scanning hundreds of files during a single save page operation isn't
In order to mitigate the potential risk of leaving dangerous files
around on the users' filesystem, this CL renames known dangerous files
with an additional ".download" extension. I.e. A subresource named
foo.exe would be saved as foo.exe.download.
The code review includes lists of file types that are known to be
affected by this change. Notable file types include .js, .swf, and
.class. As a side-effect of the rename, they will not receive the
correct MIME type when loaded via a file:// URL. The saved page should
still function correctly even with the renamed resources.
diff --git a/chrome/browser/resources/safe_browsing/README.md b/chrome/browser/resources/safe_browsing/README.md
index 7b85908..c745b96 100644
@@ -77,6 +77,12 @@
`DANGEROUS_HOST`, or `DANGEROUS`, Chrome will show that more severe warning
regardless of this setting.
+ This policy also affects also how subresources are handled for *"Save As
+ ..."* downloads of complete web pages. If any subresource ends up with a
+ file type that is considered `DANGEROUS` or `ALLOW_ON_USER_GESTURE`, then
+ the filename will be changed to end in `.download`. This is done to prevent
+ the file from being opened accidentally.
* `NOT_DANGEROUS`: Safe to download and open, even if the download
was accidental. No additional warnings are necessary.
* `DANGEROUS`: Always warn the user that this file may harm their