Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(268)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/extensions/dispatcher.cc

Issue 10829186: Tabs API is usable without tabs permission. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: ETU now SetString()'s for empty values Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/permissions/permission_set_unittest.cc ('k') | chrome/test/data/extensions/api_test/active_tab/background.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/dispatcher.h" 5 #include "chrome/renderer/extensions/dispatcher.h"
6 6
7 #include "base/callback.h" 7 #include "base/callback.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "base/string_piece.h" 10 #include "base/string_piece.h"
(...skipping 1048 matching lines...) Expand 10 before | Expand all | Expand 10 after
1059 DLOG(ERROR) << "Not in a v8::Context"; 1059 DLOG(ERROR) << "Not in a v8::Context";
1060 return false; 1060 return false;
1061 } 1061 }
1062 1062
1063 if (!context->extension()) { 1063 if (!context->extension()) {
1064 v8::ThrowException( 1064 v8::ThrowException(
1065 v8::Exception::Error(v8::String::New("Not in an extension."))); 1065 v8::Exception::Error(v8::String::New("Not in an extension.")));
1066 return false; 1066 return false;
1067 } 1067 }
1068 1068
1069 // We need to whitelist tabs.executeScript and tabs.insertCSS because they 1069 if (!context->extension()->HasAPIPermission(function_name)) {
1070 // are granted under special circumstances with the activeTab permission
1071 // (note that the browser checks too, so this isn't a security problem).
1072 //
1073 // Only the browser knows which tab this call will be sent to... sometimes we
1074 // *could* figure it out (if the extension gives an explicit tab ID in the
1075 // call), but the expected case will be the extension passing through -1,
1076 // meaning the active tab, and only the browser safely knows what this is.
1077 bool skip_permission_check = (function_name == "tabs.executeScript") ||
1078 (function_name == "tabs.insertCSS");
1079
1080 if (!skip_permission_check &&
1081 !context->extension()->HasAPIPermission(function_name)) {
1082 static const char kMessage[] = 1070 static const char kMessage[] =
1083 "You do not have permission to use '%s'. Be sure to declare" 1071 "You do not have permission to use '%s'. Be sure to declare"
1084 " in your manifest what permissions you need."; 1072 " in your manifest what permissions you need.";
1085 std::string error_msg = base::StringPrintf(kMessage, function_name.c_str()); 1073 std::string error_msg = base::StringPrintf(kMessage, function_name.c_str());
1086 v8::ThrowException( 1074 v8::ThrowException(
1087 v8::Exception::Error(v8::String::New(error_msg.c_str()))); 1075 v8::Exception::Error(v8::String::New(error_msg.c_str())));
1088 return false; 1076 return false;
1089 } 1077 }
1090 1078
1091 if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) && 1079 if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) &&
(...skipping 12 matching lines...) Expand all
1104 // we should abort. 1092 // we should abort.
1105 WebKit::WebFrame* frame = context->web_frame(); 1093 WebKit::WebFrame* frame = context->web_frame();
1106 ExtensionURLInfo url_info(frame->document().securityOrigin(), 1094 ExtensionURLInfo url_info(frame->document().securityOrigin(),
1107 UserScriptSlave::GetDataSourceURLForFrame(frame)); 1095 UserScriptSlave::GetDataSourceURLForFrame(frame));
1108 CHECK(!extensions_.IsSandboxedPage(url_info)); 1096 CHECK(!extensions_.IsSandboxedPage(url_info));
1109 1097
1110 return true; 1098 return true;
1111 } 1099 }
1112 1100
1113 } // namespace extensions 1101 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/common/extensions/permissions/permission_set_unittest.cc ('k') | chrome/test/data/extensions/api_test/active_tab/background.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698