Add flag to enable web content to invoke web intents.

chrome/browser/ui/browser.cc

Index: chrome/browser/ui/browser.cc
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index 99e19a0babab69abd24e81c8daae768a5fdb0e62..b9b1bbe32353d09ddc12fe0adcb1178eec902db7 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -1656,9 +1656,27 @@ void Browser::WebIntentDispatch(
     content::WebIntentsDispatcher* intents_dispatcher) {
   if (!web_intents::IsWebIntentsEnabledForProfile(profile_)) {
     web_intents::RecordIntentsDispatchDisabled();
+    delete intents_dispatcher;
     return;
   }
 
+  // Make sure the requester is coming from an extension/app page.
+  // Internal dispatches set |web_contents| to NULL.
+  if (web_contents &&
+      !CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kWebIntentsEnabledForWebContent)) {
+    ExtensionService* extensions_service = profile_->GetExtensionService();
+    if (!extensions_service ||
+        extensions_service->extensions()->GetExtensionOrAppIDByURL(
+            ExtensionURLInfo(web_contents->GetURL())).empty()) {
+      web_intents::RecordIntentsDispatchDisabled();
+      intents_dispatcher->SendReplyMessage(
+          webkit_glue::WEB_INTENT_REPLY_FAILURE,
+          ASCIIToUTF16("Intents may only be invoked from extensions/apps."));
+      return;
+    }
+  }
+
   web_intents::RecordIntentDispatchRequested();
 
   if (!web_contents) {