chrome/renderer/chrome_content_renderer_client.cc - Issue 8659009: Consider the origin when computing extension permissions

Unified Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 8659009: Consider the origin when computing extension permissions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/common/extensions/extension_set.cc ('K') | « chrome/common/extensions/extension_set_unittest.cc ('k') | chrome/renderer/extensions/app_bindings.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/renderer/chrome_content_renderer_client.cc

===================================================================

--- chrome/renderer/chrome_content_renderer_client.cc (revision 111763)

+++ chrome/renderer/chrome_content_renderer_client.cc (working copy)

@@ -86,6 +86,7 @@

using WebKit::WebCache;

using WebKit::WebDataSource;

+using WebKit::WebDocument;

using WebKit::WebFrame;

using WebKit::WebPlugin;

using WebKit::WebPluginParams;

@@ -440,7 +441,8 @@

// Determine if the manifest URL is part of an extension.

const Extension* extension =

- extension_dispatcher_->extensions()->GetByURL(manifest_url);

+ extension_dispatcher_->extensions()->GetByURLWithoutSecurityCheck(

+ manifest_url);

// Only component, unpacked, and Chrome Web Store extensions are allowed.

bool allowed_extension = extension &&

(extension->from_webstore() ||

@@ -512,8 +514,10 @@

error.domain == WebString::fromUTF8(net::kErrorDomain) &&

EqualsASCII(failed_request.httpMethod(), "POST");

- if (failed_url.is_valid() && !failed_url.SchemeIs(chrome::kExtensionScheme))

- extension = extension_dispatcher_->extensions()->GetByURL(failed_url);

+ if (failed_url.is_valid() && !failed_url.SchemeIs(chrome::kExtensionScheme)) {

+ extension = extension_dispatcher_->extensions()->

+ GetByURLWithoutSecurityCheck(failed_url);

+ }

if (error_html) {

// Use a local error page.

@@ -582,7 +586,7 @@

if (is_content_initiated) {

const Extension* extension =

- extension_dispatcher_->extensions()->GetByURL(url);

+ extension_dispatcher_->extensions()->GetByURLWithoutSecurityCheck(url);

if (extension && extension->is_app()) {

UMA_HISTOGRAM_ENUMERATION(

extension_misc::kAppLaunchHistogram,

@@ -691,7 +695,7 @@

const Extension* ChromeContentRendererClient::GetNonBookmarkAppExtension(

const ExtensionSet* extensions, const GURL& url) {

// Exclude bookmark apps, which do not use the app process model.

- const Extension* extension = extensions->GetByURL(url);

+ const Extension* extension = extensions->GetByURLWithoutSecurityCheck(url);

if (extension && extension->from_bookmark())

extension = NULL;

return extension;

@@ -714,8 +718,11 @@

// If we're about to open a normal web page from a same-origin opener stuck

// in an extension process, we want to keep it in process to allow the

// opener to script it.

- GURL opener_url = frame->opener()->document().url();

- bool opener_is_extension_url = !!extensions->GetByURL(opener_url);

+ WebDocument opener_document = frame->opener()->document();

+ GURL opener_url = opener_document.url();

+ WebSecurityOrigin opener_origin = opener_document.securityOrigin();

+ bool opener_is_extension_url = !!extensions->GetByURL(opener_origin,

+ opener_url);

WebSecurityOrigin opener = frame->opener()->document().securityOrigin();

if (!new_url_extension &&

!opener_is_extension_url &&

« chrome/common/extensions/extension_set.cc ('K') | « chrome/common/extensions/extension_set_unittest.cc ('k') | chrome/renderer/extensions/app_bindings.cc » ('j') | no next file with comments »