Webview tag creation should be using storage partitions.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <set>
 #include <utility>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/path_service.h"
 #include "base/string_tokenizer.h"
+#include "base/string_util.h"
 #include "base/utf_string_conversions.h"
 #include "chrome/app/breakpad_mac.h"
 #include "chrome/browser/browser_about_handler.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browsing_data/browsing_data_helper.h"
 #include "chrome/browser/browsing_data/browsing_data_remover.h"
 #include "chrome/browser/character_encoding.h"
 #include "chrome/browser/chrome_benchmarking_message_filter.h"
 #include "chrome/browser/chrome_quota_permission_context.h"
 #include "chrome/browser/content_settings/content_settings_utils.h"
@@ skipping 68 matching lines @@
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/resource_context.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_view.h"
 #include "content/public/common/child_process_host.h"
 #include "content/public/common/content_descriptors.h"
 #include "grit/generated_resources.h"
 #include "grit/ui_resources.h"
+#include "net/base/escape.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/cookies/canonical_cookie.h"
 #include "net/cookies/cookie_options.h"
 #include "ppapi/host/ppapi_host.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "webkit/glue/webpreferences.h"
 #include "webkit/plugins/plugin_switches.h"
 
 #if defined(OS_WIN)
@@ skipping 348 matching lines @@
   return main_parts;
 }
 
 content::WebContentsView*
     ChromeContentBrowserClient::OverrideCreateWebContentsView(
         WebContents* web_contents,
         content::RenderViewHostDelegateView** render_view_host_delegate_view) {
   return NULL;
 }
 
-std::string ChromeContentBrowserClient::GetStoragePartitionIdForChildProcess(
+std::string ChromeContentBrowserClient::GetStoragePartitionIdForSite(
+      content::BrowserContext* browser_context,

[awong, 2012/11/05 20:11:18]

4-spaces, not 6.

[nasko, 2012/11/05 23:06:58]

Done.

+      const GURL& site) {
+  std::string app_id;
+  std::string partition_name;
+  bool in_memory = false;
+
+  // We need to get all the pieces that will go into the storage partition
+  // identifier first, before we compose it.
+  GetStoragePartitionConfigForSite(browser_context, site, &app_id,
+                                   &partition_name, &in_memory);
+
+  // If there is no app, we are in the default browser partition, so return
+  // an empty string.
+  if (app_id.empty())
+    return std::string();
+
+  // A non-empty storage partition id string is of the form
+  // "app_id:in_memory:partition_name", where each of the three parts is
+  // optional and the ':' separators are mandatory. Since "in_memory" is fixed

[awong, 2012/11/05 20:11:18]

in-memory

[nasko, 2012/11/05 23:06:58]

Done.

+  // string and the app_id cannot contain the separator, it is safe to parse
+  // the string based on the two separators.
+  std::string partition_id = base::StringPrintf("%s:%s:%s",
+                                                app_id.c_str(),
+                                                in_memory ? "in-memory" : "",
+                                                partition_name.c_str());
+
+  DCHECK(IsValidStoragePartitionId(browser_context,partition_id));
+  return partition_id;
+}
+
+bool ChromeContentBrowserClient::IsValidStoragePartitionId(
     content::BrowserContext* browser_context,
-    int child_process_id) {
-  const Extension* extension = NULL;
+    const std::string& partition_id) {
+  // The default ID is empty and is always valid.
+  if (partition_id.empty())
+    return true;
+
   Profile* profile = Profile::FromBrowserContext(browser_context);
   ExtensionService* extension_service =
-      extensions::ExtensionSystem::Get(profile)->extension_service();
-  if (extension_service) {
-    std::set<std::string> extension_ids =
-        extension_service->process_map()->
-            GetExtensionsInProcess(child_process_id);
-    if (!extension_ids.empty())
-      // Since All the apps in a process share the same storage partition,
-      // we can pick any of them to retrieve the storage partition id.
-      extension =
-          extension_service->extensions()->GetByID(*(extension_ids.begin()));
+    extensions::ExtensionSystem::Get(profile)->extension_service();
+
+  // Now, parse the three parts of the partition ID, so we can verify them.
+  // Set the tokenizer to return delimiters, otherwise we won't get the correct
+  // count of delimiters and will fail validation.
+  int tokens = 0;
+  StringTokenizer t(partition_id, ":");
+  t.set_options(StringTokenizer::RETURN_DELIMS);
+
+  while (t.GetNext()) {
+    if (t.token_is_delim()) {
+      tokens++;
+      continue;
+    }
+    switch (tokens) {
+      // Starting off with the app id, verify it exists.
+      case 0:
+        if (!t.token().empty())  {
+          // No extension service means no storage partitions in Chrome.
+          if (!extension_service)
+            return false;
+          if (extension_service->GetExtensionById(t.token(), false) == NULL)
+            return false;
+        }
+        break;
+      // The second token is either empty or the "in-memory" string.
+      case 1:
+        if (!t.token().empty() && t.token() != "in-memory")
+          return false;
+        break;
+      // We don't verify the partition_name, as it is user supplied and there is
+      // no format constraints to it.
+      case 2:
+        break;
+    }
   }
-  return GetStoragePartitionIdForExtension(browser_context, extension);
+
+  // If there were less than three tokens, then it is not a valid partition id.
+  return (tokens >= 2);
 }
 
-std::string ChromeContentBrowserClient::GetStoragePartitionIdForSite(
+void ChromeContentBrowserClient::GetStoragePartitionConfigForSite(
     content::BrowserContext* browser_context,
-    const GURL& site) {
+    const GURL& site,
+    std::string* app_id,
+    std::string* partition_name,
+    bool* in_memory) {
+  // If the site URL is the special guest format, extract the separate pieces
+  // out of it. The format is: guest://app_id/persist?partition_name

[Charlie Reis, 2012/11/06 00:17:18]

nit: chrome-guest

+  if (site.SchemeIs(chrome::kGuestScheme)) {
+    // Since guest URLs are only used for packaged apps, there must be an app
+    // id in the URL.
+    CHECK(site.has_host());
+    *app_id = site.host();
+    // Since persistence is optional, the path must either be empty or the
+    // literal string.
+    *in_memory = ((site.path() == "/persist") ? false : true);

[awong, 2012/11/05 20:11:18]

*in_memory = site.path() != "/persist";

[nasko, 2012/11/05 23:06:58]

Done.

+    // The partition name is user supplied value, which we have encoded when the
+    // URL was created, so it needs to be decoded.
+    *partition_name = net::UnescapeURLComponent(site.query(),
+                                                net::UnescapeRule::NORMAL);
+    return;
+  }
+
   const Extension* extension = NULL;
   Profile* profile = Profile::FromBrowserContext(browser_context);
   ExtensionService* extension_service =
       extensions::ExtensionSystem::Get(profile)->extension_service();
   if (extension_service) {
     extension = extension_service->extensions()->
         GetExtensionOrAppByURL(ExtensionURLInfo(site));
+    if (extension && extension->is_storage_isolated()) {
+      *app_id = extension->id();
+      *partition_name = std::string();
+      *in_memory = false;
+      return;
+    }
   }
 
-  return GetStoragePartitionIdForExtension(browser_context, extension);
-}
-
-bool ChromeContentBrowserClient::IsValidStoragePartitionId(
-    content::BrowserContext* browser_context,
-    const std::string& partition_id) {
-  // The default ID is empty which is always allowed.
-  if (partition_id.empty())
-    return true;
-
-  // If it isn't empty, then it must belong to an extension of some sort. Parse
-  // out the extension ID and make sure it is still installed.
-  Profile* profile = Profile::FromBrowserContext(browser_context);
-  ExtensionService* extension_service =
-      extensions::ExtensionSystem::Get(profile)->extension_service();
-  if (!extension_service) {
-    // No extension service means no storage partitions in Chrome.
-    return false;
-  }
-
-  // See if we can find an extension. The |partition_id| is the extension ID so
-  // no parsing needed to be done.
-  return extension_service->GetExtensionById(partition_id, false) != NULL;
+  *app_id = std::string();
+  *partition_name = std::string();
+  *in_memory = false;
 }
 
 content::WebContentsViewDelegate*
     ChromeContentBrowserClient::GetWebContentsViewDelegate(
         content::WebContents* web_contents) {
   return chrome::CreateWebContentsViewDelegate(web_contents);
 }
 
 void ChromeContentBrowserClient::RenderViewHostCreated(
     RenderViewHost* render_view_host) {
@@ skipping 1065 matching lines @@
   if (web_prefs->default_encoding.empty()) {
     prefs->ClearPref(prefs::kDefaultCharset);
     web_prefs->default_encoding = prefs->GetString(prefs::kDefaultCharset);
   }
   DCHECK(!web_prefs->default_encoding.empty());
 
   WebContents* web_contents = WebContents::FromRenderViewHost(rvh);
   chrome::ViewType view_type = chrome::GetViewType(web_contents);
   ExtensionService* service = profile->GetExtensionService();
   if (service) {
-    const Extension* extension = service->extensions()->GetByID(
-        rvh->GetSiteInstance()->GetSiteURL().host());
-    extension_webkit_preferences::SetPreferences(
-        extension, view_type, web_prefs);
+    const GURL& url = rvh->GetSiteInstance()->GetSiteURL();
+    const Extension* extension = service->extensions()->GetByID(url.host());
+    // Ensure that we are only granting extension preferences to URLs with
+    // the correct scheme. Without this check, guest:// schemes used by
+    // webview tags as well as hosts that happen to match the id of an
+    // installed extension would get the wrong preferences.
+    if (url.SchemeIs(chrome::kExtensionScheme)) {
+      extension_webkit_preferences::SetPreferences(
+          extension, view_type, web_prefs);
+    }
   }
 
   if (content::IsForceCompositingModeEnabled())
     web_prefs->force_compositing_mode = true;
 
   if (view_type == chrome::VIEW_TYPE_NOTIFICATION) {
     web_prefs->allow_scripts_to_close_windows = true;
   } else if (view_type == chrome::VIEW_TYPE_BACKGROUND_CONTENTS) {
     // Disable all kinds of acceleration for background pages.
     // See http://crbug.com/96005 and http://crbug.com/96006
@@ skipping 236 matching lines @@
               base::Unretained(this), locale)))
     io_thread_application_locale_ = locale;
 }
 
 void ChromeContentBrowserClient::SetApplicationLocaleOnIOThread(
     const std::string& locale) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   io_thread_application_locale_ = locale;
 }
 
-std::string ChromeContentBrowserClient::GetStoragePartitionIdForExtension(
-    content::BrowserContext* browser_context, const Extension* extension) {
-  // In chrome, we use the extension ID as the partition ID. This works well
-  // because the extension ID fits the partition ID pattern and currently only
-  // apps can designate that storage should be isolated.
-  //
-  // If |extension| is NULL, then the default, empty string, partition id is
-  // used.
-  std::string partition_id;
-  if (extension && extension->is_storage_isolated()) {
-    partition_id = extension->id();
-  }
-
-  // Enforce that IsValidStoragePartitionId() implementation stays in sync.
-  DCHECK(IsValidStoragePartitionId(browser_context, partition_id));
-  return partition_id;
-}
-
-
 }  // namespace chrome