chrome/browser/download/download_extension_api.cc - Issue 10213002: Make downloads.download() respect host permissions

Side by Side Diff: chrome/browser/download/download_extension_api.cc

Issue 10213002: Make downloads.download() respect host permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: merge Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/download/download_extension_api.h"	5 #include "chrome/browser/download/download_extension_api.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <cctype>	8 #include <cctype>

9 #include <iterator>	9 #include <iterator>

10 #include <set>	10 #include <set>

(...skipping 351 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
362 method("GET"),	362 method("GET"),

363 rdh(NULL),	363 rdh(NULL),

364 resource_context(NULL),	364 resource_context(NULL),

365 render_process_host_id(0),	365 render_process_host_id(0),

366 render_view_host_routing_id(0) {	366 render_view_host_routing_id(0) {

367 }	367 }

368	368

369 DownloadsDownloadFunction::IOData::~IOData() {}	369 DownloadsDownloadFunction::IOData::~IOData() {}

370	370

371 bool DownloadsDownloadFunction::ParseArgs() {	371 bool DownloadsDownloadFunction::ParseArgs() {

372 base::DictionaryValue* options = NULL;	372 base::DictionaryValue* options = NULL;
	Aaron Boodman 2012/05/14 21:32:13 For future CL: You should change this to use JSON For future CL: You should change this to use JSON Schema Compiler. It would eliminate a lot of this error-prone manual parsing. See the alarms API for an example of how. benjhayden 2012/05/15 17:47:01 That does look handy. Thanks! Show quoted text On 2012/05/14 21:32:13, Aaron Boodman wrote: > For future CL: You should change this to use JSON Schema Compiler. It would > eliminate a lot of this error-prone manual parsing. See the alarms API for an > example of how. That does look handy. Thanks!
373 std::string url;	373 std::string url;

374 iodata_.reset(new IOData());	374 iodata_.reset(new IOData());

375 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &options));	375 EXTENSION_FUNCTION_VALIDATE(args_->GetDictionary(0, &options));

376 EXTENSION_FUNCTION_VALIDATE(options->GetString(kUrlKey, &url));	376 EXTENSION_FUNCTION_VALIDATE(options->GetString(kUrlKey, &url));

377 iodata_->url = GURL(url);	377 iodata_->url = GURL(url);

378 if (!iodata_->url.is_valid()) {	378 if (!iodata_->url.is_valid()) {

379 error_ = download_extension_errors::kInvalidURLError;	379 error_ = download_extension_errors::kInvalidURLError;

380 return false;	380 return false;

381 }	381 }

382	382

	383 if (!iodata_->url.SchemeIs("data") &&
	Aaron Boodman 2012/05/14 21:32:13 Is there a use case for downloading a data URL? Is there a use case for downloading a data URL? benjhayden 2012/05/15 17:47:01 Many websites use data URLs for images, and an ext Show quoted text On 2012/05/14 21:32:13, Aaron Boodman wrote: > Is there a use case for downloading a data URL? Many websites use data URLs for images, and an extension may want to download those images. Some people generate data urls in javascript for short audio files. Somebody may want to write an extension for generating and saving sound effects or other snippets of audio. Any kind of small resource can be transmitted or generated as a data url, and an extension may want to download any kind of resource. If download() blocked data urls, then extensions could get around it by writing the data to a blob and downloading the filesystem: URL.
	384 iodata_->url.GetOrigin() != GetExtension()->url().GetOrigin() &&

	385 !GetExtension()->HasHostPermission(iodata_->url)) {

	386 error_ = download_extension_errors::kInvalidURLError;

	387 return false;

	388 }

	389

383 if (options->HasKey(kFilenameKey)) {	390 if (options->HasKey(kFilenameKey)) {

384 EXTENSION_FUNCTION_VALIDATE(options->GetString(	391 EXTENSION_FUNCTION_VALIDATE(options->GetString(

385 kFilenameKey, &iodata_->filename));	392 kFilenameKey, &iodata_->filename));

386 if (!ValidateFilename(iodata_->filename)) {	393 if (!ValidateFilename(iodata_->filename)) {

387 error_ = download_extension_errors::kGenericError;	394 error_ = download_extension_errors::kGenericError;

388 return false;	395 return false;

389 }	396 }

390 }	397 }

391	398

392 if (options->HasKey(kSaveAsKey)) {	399 if (options->HasKey(kSaveAsKey)) {

(...skipping 681 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1074 ListValue args;	1081 ListValue args;

1075 args.Append(arg);	1082 args.Append(arg);

1076 std::string json_args;	1083 std::string json_args;

1077 base::JSONWriter::Write(&args, &json_args);	1084 base::JSONWriter::Write(&args, &json_args);

1078 profile_->GetExtensionEventRouter()->DispatchEventToRenderers(	1085 profile_->GetExtensionEventRouter()->DispatchEventToRenderers(

1079 event_name,	1086 event_name,

1080 json_args,	1087 json_args,

1081 profile_,	1088 profile_,

1082 GURL());	1089 GURL());

1083 }	1090 }

OLD	NEW

« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/downloads/manifest.json » ('j') | no next file with comments »