OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/common/extensions/extension_set.h" | 5 #include "chrome/common/extensions/extension_set.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "chrome/common/url_constants.h" | 8 #include "chrome/common/url_constants.h" |
9 | 9 |
10 using WebKit::WebSecurityOrigin; | |
11 | |
10 ExtensionSet::ExtensionSet() { | 12 ExtensionSet::ExtensionSet() { |
11 } | 13 } |
12 | 14 |
13 ExtensionSet::~ExtensionSet() { | 15 ExtensionSet::~ExtensionSet() { |
14 } | 16 } |
15 | 17 |
16 size_t ExtensionSet::size() const { | 18 size_t ExtensionSet::size() const { |
17 return extensions_.size(); | 19 return extensions_.size(); |
18 } | 20 } |
19 | 21 |
20 bool ExtensionSet::Contains(const std::string& extension_id) const { | 22 bool ExtensionSet::Contains(const std::string& extension_id) const { |
21 return extensions_.find(extension_id) != extensions_.end(); | 23 return extensions_.find(extension_id) != extensions_.end(); |
22 } | 24 } |
23 | 25 |
24 void ExtensionSet::Insert(const scoped_refptr<const Extension>& extension) { | 26 void ExtensionSet::Insert(const scoped_refptr<const Extension>& extension) { |
25 extensions_[extension->id()] = extension; | 27 extensions_[extension->id()] = extension; |
26 } | 28 } |
27 | 29 |
28 void ExtensionSet::Remove(const std::string& id) { | 30 void ExtensionSet::Remove(const std::string& id) { |
29 extensions_.erase(id); | 31 extensions_.erase(id); |
30 } | 32 } |
31 | 33 |
32 std::string ExtensionSet::GetIdByURL(const GURL& url) const { | 34 std::string ExtensionSet::GetIdByURL(WebSecurityOrigin origin, |
35 const GURL& url) const { | |
33 if (url.SchemeIs(chrome::kExtensionScheme)) | 36 if (url.SchemeIs(chrome::kExtensionScheme)) |
34 return url.host(); | 37 return origin.isUnique() ? "" : url.host(); |
Aaron Boodman
2011/11/30 02:01:31
What will the host() be in the case of a unique or
abarth-chromium
2011/11/30 02:04:49
In the case of iframe sandbox, it can actually be
| |
35 | 38 |
36 const Extension* extension = GetByURL(url); | 39 const Extension* extension = GetByURL(origin, url); |
37 if (!extension) | 40 if (!extension) |
38 return ""; | 41 return ""; |
39 | 42 |
40 return extension->id(); | 43 return extension->id(); |
41 } | 44 } |
42 | 45 |
43 const Extension* ExtensionSet::GetByURL(const GURL& url) const { | 46 const Extension* ExtensionSet::GetByURL(WebSecurityOrigin origin, |
47 const GURL& url) const { | |
48 // The extension system uses both a document's origin and its URL to | |
49 // grant permissions. Ideally, we would use only the origin, but because | |
50 // the web extent of a hosted app can be less than an entire origin, we | |
51 // take the URL into account as well | |
52 // | |
53 // In the common case, the document's origin will coorespond to its URL, | |
Aaron Boodman
2011/11/30 02:01:31
typo: coorespond
| |
54 // but in some rare cases involving sandboxing, the two will be different. | |
55 // We catch those cases by checking whether the document's origin is unique. | |
56 // If that's not the case, then we conclude that the document's security | |
57 // context is well-described by its URL and proceed to use only the URL. | |
58 if (origin.isUnique()) | |
59 return NULL; | |
60 return GetByURLWithoutSecurityCheck(url); | |
61 } | |
62 | |
63 const Extension* ExtensionSet::GetByURLWithoutSecurityCheck( | |
64 const GURL& url) const { | |
44 if (url.SchemeIs(chrome::kExtensionScheme)) | 65 if (url.SchemeIs(chrome::kExtensionScheme)) |
45 return GetByID(url.host()); | 66 return GetByID(url.host()); |
46 | 67 |
47 ExtensionMap::const_iterator i = extensions_.begin(); | 68 ExtensionMap::const_iterator i = extensions_.begin(); |
48 for (; i != extensions_.end(); ++i) { | 69 for (; i != extensions_.end(); ++i) { |
49 if (i->second->web_extent().MatchesURL(url)) | 70 if (i->second->web_extent().MatchesURL(url)) |
50 return i->second.get(); | 71 return i->second.get(); |
51 } | 72 } |
52 | 73 |
53 return NULL; | 74 return NULL; |
54 } | 75 } |
55 | 76 |
56 bool ExtensionSet::InSameExtent(const GURL& old_url, | 77 bool ExtensionSet::InSameExtent(const GURL& old_url, |
57 const GURL& new_url) const { | 78 const GURL& new_url) const { |
58 return GetByURL(old_url) == GetByURL(new_url); | 79 return GetByURLWithoutSecurityCheck(old_url) == |
80 GetByURLWithoutSecurityCheck(new_url); | |
59 } | 81 } |
60 | 82 |
61 const Extension* ExtensionSet::GetByID(const std::string& id) const { | 83 const Extension* ExtensionSet::GetByID(const std::string& id) const { |
62 ExtensionMap::const_iterator i = extensions_.find(id); | 84 ExtensionMap::const_iterator i = extensions_.find(id); |
63 if (i != extensions_.end()) | 85 if (i != extensions_.end()) |
64 return i->second.get(); | 86 return i->second.get(); |
65 else | 87 else |
66 return NULL; | 88 return NULL; |
67 } | 89 } |
68 | 90 |
69 bool ExtensionSet::ExtensionBindingsAllowed(const GURL& url) const { | 91 bool ExtensionSet::ExtensionBindingsAllowed(WebSecurityOrigin origin, |
92 const GURL& url) const { | |
93 if (origin.isUnique()) | |
94 return false; | |
95 | |
70 if (url.SchemeIs(chrome::kExtensionScheme)) | 96 if (url.SchemeIs(chrome::kExtensionScheme)) |
71 return true; | 97 return true; |
72 | 98 |
73 ExtensionMap::const_iterator i = extensions_.begin(); | 99 ExtensionMap::const_iterator i = extensions_.begin(); |
74 for (; i != extensions_.end(); ++i) { | 100 for (; i != extensions_.end(); ++i) { |
75 if (i->second->location() == Extension::COMPONENT && | 101 if (i->second->location() == Extension::COMPONENT && |
76 i->second->web_extent().MatchesURL(url)) | 102 i->second->web_extent().MatchesURL(url)) |
77 return true; | 103 return true; |
78 } | 104 } |
79 | 105 |
80 return false; | 106 return false; |
81 } | 107 } |
OLD | NEW |