Browser tag shim

chrome/renderer/chrome_render_view_observer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/chrome_render_view_observer.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/debug/trace_event.h"
@@ skipping 52 matching lines @@
 using WebKit::WebIconURL;
 using WebKit::WebRect;
 using WebKit::WebSecurityOrigin;
 using WebKit::WebSize;
 using WebKit::WebString;
 using WebKit::WebTouchEvent;
 using WebKit::WebURL;
 using WebKit::WebURLRequest;
 using WebKit::WebView;
 using WebKit::WebVector;
+using extensions::APIPermission;
 using webkit_glue::ImageResourceFetcher;
 
 // Delay in milliseconds that we'll wait before capturing the page contents
 // and thumbnail.
 static const int kDelayForCaptureMs = 500;
 
 // Typically, we capture the page data once the page is loaded.
 // Sometimes, the page never finishes to load, preventing the page capture
 // To workaround this problem, we always perform a capture after the following
 // delay.
@@ skipping 394 matching lines @@
                                                     bool default_value) {
   bool allowed = false;
   Send(new ChromeViewHostMsg_CanTriggerClipboardWrite(
       routing_id(), GURL(frame->document().securityOrigin().toString().utf8()),
       &allowed));
   return allowed;
 }
 
 bool ChromeRenderViewObserver::IsExperimentalWebFeatureAllowed(
     const WebDocument& document) {
-  // Experimental Web API is enabled when
-  // - The specific API is allowed from command line flag, or
-  // - If the document is running extensions or apps which
-  //   has the "experimental" permission, or
-  // - The document is running Web UI.
+  // Experimental Web API is enabled when:
+  // The document is running Web UI.
   WebSecurityOrigin origin = document.securityOrigin();
   if (EqualsASCII(origin.protocol(), chrome::kChromeUIScheme))
     return true;
-  const extensions::Extension* extension =
-      extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
-          ExtensionURLInfo(origin, document.url()));
-  if (!extension)
-    return false;
-  return (extension_dispatcher_->IsExtensionActive(extension->id()) &&
-          extension->HasAPIPermission(
-            extensions::APIPermission::kExperimental));
+
+  // The document is running extensions or apps which has the "experimental"
+  // permission, or use the <browser> tag (which is implemented via Shadow DOM).
+  if (EqualsASCII(origin.protocol(), chrome::kExtensionScheme)) {
+    const std::string extension_id = origin.host().utf8().data();
+    if (!extension_dispatcher_->IsExtensionActive(extension_id))
+      return false;
+    const extensions::Extension* extension =
+        extension_dispatcher_->extensions()->GetByID(extension_id);
+    if (!extension)
+      return false;
+    return extension->HasAPIPermission(APIPermission::kExperimental) ||
+        extension->HasAPIPermission(APIPermission::kBrowserTag);

[Aaron Boodman, 2012/07/02 20:52:35]

Is it possible to just check for the browser permission when you care about the
browser permission?

This will end up enabling other stuff that the developer did not intend, just
because they have the browser permission.

[Mihai Parparita -not on Chrome, 2012/07/02 22:05:14]

I don't see an easy way to do this (enable it for bindings code only), given
that we're in the same world as the app.

For now, the check for the browser tag permission is not necessary, since all
apps have the experimental permission anyway. I could remove the browser tag
check, and just leave the check for experimental?

[Aaron Boodman, 2012/07/02 23:04:37]

Oh, I see the issue. My earlier comment was mistaken.

How about this:
- Move the check for webui into allowWebComponents()
- Move the check for browser permission into allowWebComponents()
- Rename IsExperimentalWebFeaturesAllowed() to something like
IsExperimentalExtensionPermissionEnabled(const WebDocument&)

I'm trying to set us up so that features are enabled specifically when needed;
and we don't end up with an IsSpecialStuffEnabled() which enables lots of them.

[Mihai Parparita -not on Chrome, 2012/07/02 23:23:45]

Did something along these lines.

+  }
+
+  return false;
 }
 
 bool ChromeRenderViewObserver::allowWebComponents(const WebDocument& document,
                                                   bool defaultValue) {
   if (defaultValue)
     return true;
   return IsExperimentalWebFeatureAllowed(document);
 }
 
 static void SendInsecureContentSignal(int signal) {
@@ skipping 560 matching lines @@
         reinterpret_cast<const unsigned char*>(&data[0]);
 
     return decoder.Decode(src_data, data.size());
   }
   return SkBitmap();
 }
 
 bool ChromeRenderViewObserver::IsStrictSecurityHost(const std::string& host) {
   return (strict_security_hosts_.find(host) != strict_security_hosts_.end());
 }