Codebase Browser
chromium
Go to App

chromium/components/policy/resources/templates/policy_definitions/Miscellaneous/URLBlocklist.yaml 

arc_support: Android apps may voluntarily choose to honor this list and can't be forced to do this.
caption: Block access to a list of URLs
desc: |-
  Setting the <ph name="URL_BLOCKLIST_POLICY_NAME">URLBlocklist</ph> policy stops web pages with prohibited URLs from loading. Administrators can specify the list of URL patterns to be blocked. If left unset, no URLs are blocked in the browser. Up to 1,000 exceptions can be defined in <ph name="URL_ALLOWLIST_POLICY_NAME">URLAllowlist</ph>. See how to format a URL pattern ( https://support.google.com/chrome/a?p=url_blocklist_filter_format ).

  Note: This policy does not apply to in-page JavaScript URLs with dynamically loaded data. If you blocked example.com/abc, then example.com could still load it using XMLHTTPRequest. Additionally, this policy does not prevent web pages from updating the URL shown in the omnibox to a blocked one using the JavaScript History API.

  From <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 73, you can block javascript://* URLs. But, this only affects JavaScript entered in the address bar or, for example, bookmarklets.

  From <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 92, this policy is also supported in the headless mode.

  Note: Blocking internal chrome://* and chrome-untrusted://* URLs can lead to unexpected errors or can be circumvented in some cases. Instead of blocking certain internal URLs, see if there are more specific policies available. For example:

  - Instead of blocking chrome://settings/certificates, use <ph name="CA_CERTIFICATE_MANAGEMENT_ALLOWED_POLICY_NAME">CACertificateManagementAllowed</ph>.

  - Instead of blocking chrome-untrusted://crosh, use <ph name="SYSTEM_FEATURES_DISABLE_LIST_POLICY_NAME">SystemFeaturesDisableList</ph>.
example_value:
- example.com
- https://ssl.server.com
- hosting.com/bad_path
- https://server:8080/path
- .exact.hostname.com
- file://*
- custom_scheme:*
- '*'
features:
  dynamic_refresh: true
  per_profile: true
owners:
- file://components/policy/OWNERS
- [email protected]
schema:
  items:
    type: string
  type: array
supported_on:
- chrome.*:86-
- chrome_os:86-
- android:86-
- webview_android:86-
- ios:98-
- fuchsia:106-
tags:
- filtering
type: list