Issue 7399002: Add chrome-extension:// to the list of allowed urls for all internal/webui

Issue 7399002: Add chrome-extension:// to the list of allowed urls for all internal/webui (Closed)

Created:
9 years, 5 months ago by dmazzoni

Modified:
9 years, 5 months ago

Reviewers:
Tom Sepez, commit-bot: I haz the power

CC:
chromium-reviews, Aaron Boodman, Erik does not do reviews, arv (Not doing code reviews), Randy Smith (Not in Mondays)

Base URL:
svn://chrome-svn/chrome/trunk/src/

Visibility:
Public.

Description

Add chrome-extension:// to the list of allowed urls for all internal/webui Content Security Policy rules. This is necessary to allow a trusted accessibility component extension (ChromeVox) to inject script tags into webui pages. This will not hurt security because user_script_slave.cc already has a check to prevent arbitrary extensions from loading on these pages. Only component extensions will be allowed. BUG=89443 TEST=manual

Patch Set 1 #

Patch Set 2 : '' #

Total comments: 1

Created: 9 years, 5 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+76 lines, -21 lines)			Patch
M	chrome/browser/browser_about_handler.cc	View	1	1 chunk	+3 lines, -1 line	1 comment	Download
M	chrome/browser/resources/about_credits.tmpl	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/about_flash.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/about_memory.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/about_memory_linux.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/about_memory_mac.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/about_stats.html	View	1	2 chunks	+5 lines, -2 lines	0 comments	Download
M	chrome/browser/resources/about_version.html	View	1	1 chunk	+6 lines, -1 line	0 comments	Download
M	chrome/browser/resources/bookmark_manager/main.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/crashes.html	View	1	2 chunks	+4 lines, -3 lines	0 comments	Download
M	chrome/browser/resources/downloads.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/extensions_ui.html	View	1	1 chunk	+3 lines, -1 line	0 comments	Download
M	chrome/browser/resources/flags.html	View	1	2 chunks	+5 lines, -3 lines	0 comments	Download
M	chrome/browser/resources/history.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/options/options.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	chrome/browser/resources/plugins.html	View	1	1 chunk	+5 lines, -1 line	0 comments	Download

Messages

Total messages: 5 (0 generated)

Expand Messages | Collapse Messages

Tom Sepez

LGTM. Only comment is to watch for line length in some of these files.

9 years, 5 months ago (2011-07-15 19:39:53 UTC) #2

dmazzoni

Take another quick look? Added the specific extension id to whitelist for improved security.

9 years, 5 months ago (2011-07-15 23:03:55 UTC) #3

Tom Sepez

Still LGTM. http://codereview.chromium.org/7399002/diff/3002/chrome/browser/browser_about_handler.cc File chrome/browser/browser_about_handler.cc (right): http://codereview.chromium.org/7399002/diff/3002/chrome/browser/browser_about_handler.cc#newcode415 chrome/browser/browser_about_handler.cc:415: " 'self' 'unsafe-eval'\">\n"); extra space? already one ...

9 years, 5 months ago (2011-07-15 23:10:02 UTC) #4

Change committed as 92776

Expand Messages | Collapse Messages