handle mole/toolstrip URLs properly

chrome/browser/extensions/extension_host.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_host.h"
 
 #include "app/resource_bundle.h"
 #include "base/string_util.h"
 #include "chrome/browser/browser.h"
 #include "chrome/browser/browser_list.h"
@@ skipping 80 matching lines @@
   render_view_host_->CreateRenderView();
   NavigateToURL(url_);
   DCHECK(IsRenderViewLive());
   NotificationService::current()->Notify(
       NotificationType::EXTENSION_PROCESS_CREATED,
       Source<Profile>(profile_),
       Details<ExtensionHost>(this));
 }
 
 void ExtensionHost::NavigateToURL(const GURL& url) {
+  // Prevent explicit navigation to another extension id's pages.
+  // This method is only called by some APIs, so we still need to protect
+  // DidNavigate below (location = "").
+  if (url.SchemeIs(chrome::kExtensionScheme) &&
+      url.host() != extension_->id()) {
+    // TODO(erikkay) communicate this back to the caller?
+    return;
+  }
+
   url_ = url;
 
   if (!is_background_page() && !extension_->GetBackgroundPageReady()) {
     // Make sure the background page loads before any others.
     registrar_.Add(this, NotificationType::EXTENSION_BACKGROUND_PAGE_READY,
                    Source<Extension>(extension_));
     return;
   }
   render_view_host_->NavigateToURL(url_);
 }
@@ skipping 23 matching lines @@
 
 void ExtensionHost::DidNavigate(RenderViewHost* render_view_host,
     const ViewHostMsg_FrameNavigate_Params& params) {
   // We only care when the outer frame changes.
   switch (params.transition) {
     case PageTransition::AUTO_SUBFRAME:
     case PageTransition::MANUAL_SUBFRAME:
       return;
   }
 
-  url_ = params.url;
-  if (!url_.SchemeIs(chrome::kExtensionScheme)) {
+  if (!params.url.SchemeIs(chrome::kExtensionScheme)) {
+    extension_function_dispatcher_.reset(NULL);
+    url_ = params.url;
+    return;
+  }
+
+  // This catches two bogus use cases:
+  // (1) URLs that look like chrome-extension://somethingbogus or
+  //     chrome-extension://nosuchid/, in other words, no Extension would
+  //     be found.
+  // (2) URLs that refer to a different extension than this one.
+  // In both cases, we preserve the old URL and reset the EFD to NULL.  This
+  // will leave the host in kind of a bad state with poor UI and errors, but
+  // it's better than the alternative.
+  // TODO(erikkay) Perhaps we should display log errors or display a big 404
+  // in the toolstrip or something like that.
+  if (params.url.host() != extension_->id()) {
     extension_function_dispatcher_.reset(NULL);
     return;
   }
+
+  url_ = params.url;
   extension_function_dispatcher_.reset(
       new ExtensionFunctionDispatcher(render_view_host_, this, url_));
 }
 
 void ExtensionHost::DidStopLoading(RenderViewHost* render_view_host) {
   static const base::StringPiece toolstrip_css(
       ResourceBundle::GetSharedInstance().GetRawDataResource(
           IDR_EXTENSIONS_TOOLSTRIP_CSS));
 #if defined(TOOLKIT_VIEWS)
   ExtensionView* view = view_.get();
@@ skipping 197 matching lines @@
     window_id = ExtensionTabUtil::GetWindowId(
         const_cast<ExtensionHost* >(this)->GetBrowser());
   } else if (extension_host_type_ == ViewType::EXTENSION_BACKGROUND_PAGE) {
     // Background page is not attached to any browser window, so pass -1.
     window_id = -1;
   } else {
     NOTREACHED();
   }
   return window_id;
 }