Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4372)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 8301006: Packaged (CRX) extensions shouldn't be able to get 'dev' interfaces in NaCl. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | ppapi/native_client/src/shared/ppapi_proxy/browser_globals.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/chrome_content_renderer_client.cc
===================================================================
--- chrome/renderer/chrome_content_renderer_client.cc (revision 105583)
+++ chrome/renderer/chrome_content_renderer_client.cc (working copy)
@@ -417,54 +417,85 @@
IDR_CLICK_TO_PLAY_PLUGIN_HTML, IDS_PLUGIN_LOAD, true, true);
}
- // Enforce the Chrome WebStore restriction on the Native Client plugin.
+ // If this is the NaCl plugin, get the manifest URL for the app so we can
jam 2011/10/14 22:51:09 this function is already too big, can we move the
bbudge 2011/10/14 23:40:14 Done. It's true, it was turning into a monster.
+ // determine if it's OK to run.
if (is_nacl_plugin) {
- bool allow_nacl = cmd->HasSwitch(switches::kEnableNaCl);
- if (!allow_nacl) {
- const char* kNaClPluginMimeType = "application/x-nacl";
- const char* kNaClPluginManifestAttribute = "nacl";
+ const char* kNaClPluginMimeType = "application/x-nacl";
+ const char* kNaClPluginManifestAttribute = "nacl";
- GURL nexe_url;
- if (actual_mime_type == kNaClPluginMimeType) {
- nexe_url = url; // Normal embedded NaCl plugin.
- } else {
- // Content type handling NaCl plugin; the "nacl" param on the
- // MIME type holds the nexe URL.
- string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
- for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
- if (plugin.mime_types[i].mime_type == actual_mime_type) {
- const webkit::WebPluginMimeType& content_type =
- plugin.mime_types[i];
- for (size_t i = 0;
- i < content_type.additional_param_names.size(); ++i) {
- if (content_type.additional_param_names[i] == nacl_attr) {
- nexe_url = GURL(content_type.additional_param_values[i]);
- break;
- }
+ GURL manifest_url;
+ if (actual_mime_type == kNaClPluginMimeType) {
+ manifest_url = url; // Normal embedded NaCl plugin.
+ } else {
+ // Content type handling NaCl plugin; the "nacl" param on the
+ // MIME type holds the nexe URL.
+ string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
+ for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
+ if (plugin.mime_types[i].mime_type == actual_mime_type) {
+ const webkit::WebPluginMimeType& content_type =
+ plugin.mime_types[i];
+ for (size_t i = 0;
+ i < content_type.additional_param_names.size(); ++i) {
+ if (content_type.additional_param_names[i] == nacl_attr) {
+ manifest_url = GURL(content_type.additional_param_values[i]);
+ break;
}
- break;
}
+ break;
}
}
-
- // Create the NaCl plugin only if the .nexe is part of an extension
- // that was installed from the Chrome Web Store, or part of a component
- // extension, or part of an unpacked extension.
- const Extension* extension =
- extension_dispatcher_->extensions()->GetByURL(nexe_url);
- allow_nacl = extension &&
- (extension->from_webstore() ||
- extension->location() == Extension::COMPONENT ||
- extension->location() == Extension::LOAD);
}
- if (!allow_nacl) {
+ // Determine if the manifest URL is part of an extension.
+ const Extension* extension =
+ extension_dispatcher_->extensions()->GetByURL(manifest_url);
+ // Only component, unpacked, and Chrome Web Store extensions are allowed.
+ bool allowed_extension = extension &&
+ (extension->from_webstore() ||
+ extension->location() == Extension::COMPONENT ||
+ extension->location() == Extension::LOAD);
+
+ // Block any other use of NaCl plugin, unless --enable-nacl is set.
+ if (!allowed_extension && !cmd->HasSwitch(switches::kEnableNaCl)) {
// TODO(bbudge) Webkit will crash if this is a full-frame plug-in and
// we return NULL. Prepare a patch to fix that, and return NULL here.
return CreatePluginPlaceholder(
render_view, frame, plugin, params, group.get(),
IDR_BLOCKED_PLUGIN_HTML, IDS_PLUGIN_BLOCKED, false, false);
}
+
+ // Allow dev interfaces for non-extension apps.
+ bool allow_dev_interfaces = true;
+ if (allowed_extension) {
+ // Allow dev interfaces for component and unpacked extensions.
+ if (extension->location() != Extension::COMPONENT &&
+ extension->location() != Extension::LOAD) {
+ // Whitelist all other allowed extensions.
+ allow_dev_interfaces =
+ // PDF Viewer plugin
+ (manifest_url.scheme() == "chrome-extension" &&
+ manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
+ }
+ }
+ WebString dev_attribute = WebString::fromUTF8("@dev");
+ if (allow_dev_interfaces) {
+ std::vector<string16> param_names;
+ std::vector<string16> param_values;
+ param_names.push_back(dev_attribute);
+ param_values.push_back(WebString());
+ AppendParams(
+ param_names,
+ param_values,
+ &params.attributeNames,
+ &params.attributeValues);
+ } else {
+ // If the params somehow contain this special attribute, remove it.
+ size_t attribute_count = params.attributeNames.size();
+ for (size_t i = 0; i < attribute_count; ++i) {
+ if (params.attributeNames[i].equals(dev_attribute))
+ params.attributeNames[i] = WebString();
+ }
+ }
}
return render_view->CreatePlugin(frame, plugin, params);
« no previous file with comments | « no previous file | ppapi/native_client/src/shared/ppapi_proxy/browser_globals.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698