Index: chrome/common/extensions/extension_set.h |
=================================================================== |
--- chrome/common/extensions/extension_set.h (revision 112565) |
+++ chrome/common/extensions/extension_set.h (working copy) |
@@ -14,7 +14,30 @@ |
#include "base/memory/ref_counted.h" |
#include "chrome/common/extensions/extension.h" |
#include "googleurl/src/gurl.h" |
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h" |
+class ExtensionURLInfo { |
+ public: |
+ // The extension system uses both a document's origin and its URL to |
+ // grant permissions. Ideally, we would use only the origin, but because |
+ // the web extent of a hosted app can be less than an entire origin, we |
+ // take the URL into account as well |
+ ExtensionURLInfo(WebKit::WebSecurityOrigin origin, const GURL& url); |
+ |
+ // WARNING! Using this constructor can miss important security checks if |
+ // you're trying to find a running extension. For example, if the |
+ // URL in question is being rendered inside an iframe sandbox, then |
+ // we might incorrectly grant it access to powerful extension APIs. |
+ explicit ExtensionURLInfo(const GURL& url); |
+ |
+ const WebKit::WebSecurityOrigin& origin() const { return origin_; } |
+ const GURL& url() const { return url_; } |
+ |
+ private: |
+ WebKit::WebSecurityOrigin origin_; |
+ GURL url_; |
+}; |
+ |
// The one true extension container. Extensions are identified by their id. |
// Only one extension can be in the set with a given ID. |
class ExtensionSet { |
@@ -43,16 +66,16 @@ |
// Removes the specified extension. |
void Remove(const std::string& id); |
- // Returns the extension ID that the given URL is a part of, or empty if |
- // none. This includes web URLs that are part of an extension's web extent. |
- std::string GetIdByURL(const GURL& url) const; |
+ // Returns the extension ID, or empty if none. This includes web URLs that |
+ // are part of an extension's web extent. |
+ std::string GetIdByURL(const ExtensionURLInfo& info) const; |
- // Returns the Extension that the given URL is a part of, or NULL if none. |
- // This includes web URLs that are part of an extension's web extent. |
+ // Returns the Extension, or NULL if none. This includes web URLs that are |
+ // part of an extension's web extent. |
// NOTE: This can return NULL if called before UpdateExtensions receives |
// bulk extension data (e.g. if called from |
// EventBindings::HandleContextCreated) |
- const Extension* GetByURL(const GURL& url) const; |
+ const Extension* GetByURL(const ExtensionURLInfo& info) const; |
// Returns true if |new_url| is in the extent of the same extension as |
// |old_url|. Also returns true if neither URL is in an app. |
@@ -61,10 +84,10 @@ |
// Look up an Extension object by id. |
const Extension* GetByID(const std::string& id) const; |
- // Returns true if |url| should get extension api bindings and be permitted |
+ // Returns true if |info| should get extension api bindings and be permitted |
// to make api calls. Note that this is independent of what extension |
// permissions the given extension has been granted. |
- bool ExtensionBindingsAllowed(const GURL& url) const; |
+ bool ExtensionBindingsAllowed(const ExtensionURLInfo& info) const; |
private: |
FRIEND_TEST_ALL_PREFIXES(ExtensionSetTest, ExtensionSet); |