| Index: chrome/renderer/extensions/extension_resource_request_policy.cc
|
| ===================================================================
|
| --- chrome/renderer/extensions/extension_resource_request_policy.cc (revision 114987)
|
| +++ chrome/renderer/extensions/extension_resource_request_policy.cc (working copy)
|
| @@ -4,7 +4,9 @@
|
|
|
| #include "chrome/renderer/extensions/extension_resource_request_policy.h"
|
|
|
| +#include "base/command_line.h"
|
| #include "base/logging.h"
|
| +#include "chrome/common/chrome_switches.h"
|
| #include "chrome/common/url_constants.h"
|
| #include "chrome/common/extensions/extension.h"
|
| #include "chrome/common/extensions/extension_set.h"
|
| @@ -38,6 +40,22 @@
|
| return false;
|
| }
|
|
|
| + // Disallow loading of extension resources which are not explicitely listed
|
| + // as web accessible if the manifest version is 2 or greater.
|
| +
|
| + // Exceptions are:
|
| + // - empty origin (needed for some edge cases when we have empty origins)
|
| + // - chrome-extension:// (for legacy reasons -- some extensions interop)
|
| + if (!CommandLine::ForCurrentProcess()->HasSwitch(
|
| + switches::kDisableExtensionsResourceWhitelist) &&
|
| + !frame_url.is_empty() &&
|
| + !frame_url.SchemeIs(chrome::kExtensionScheme) &&
|
| + !extension->IsResourceWebAccessible(resource_url.path())) {
|
| + LOG(ERROR) << "Denying load of " << resource_url.spec() << " which "
|
| + << "is not a web accessible resource.";
|
| + return false;
|
| + }
|
| +
|
| return true;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 8849010:
Add 'web_accessible_resource" keyword for version 2 extension manifests. This makes extension res... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/