OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/browser/api/web_request/web_request_permissions.h" | 5 #include "extensions/browser/api/web_request/web_request_permissions.h" |
6 | 6 |
7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
9 #include "content/public/browser/resource_request_info.h" | 9 #include "content/public/browser/resource_request_info.h" |
10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
(...skipping 12 matching lines...) Expand all Loading... |
23 // Returns true if the URL is sensitive and requests to this URL must not be | 23 // Returns true if the URL is sensitive and requests to this URL must not be |
24 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 24 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
25 // to check for updates, extension blacklisting, etc. | 25 // to check for updates, extension blacklisting, etc. |
26 bool IsSensitiveURL(const GURL& url) { | 26 bool IsSensitiveURL(const GURL& url) { |
27 // TODO(battre) Merge this, CanExtensionAccessURL and | 27 // TODO(battre) Merge this, CanExtensionAccessURL and |
28 // PermissionsData::CanAccessPage into one function. | 28 // PermissionsData::CanAccessPage into one function. |
29 bool sensitive_chrome_url = false; | 29 bool sensitive_chrome_url = false; |
30 const std::string host = url.host(); | 30 const std::string host = url.host(); |
31 const char kGoogleCom[] = ".google.com"; | 31 const char kGoogleCom[] = ".google.com"; |
32 const char kClient[] = "clients"; | 32 const char kClient[] = "clients"; |
33 if (EndsWith(host, kGoogleCom, true)) { | 33 if (base::EndsWith(host, kGoogleCom, true)) { |
34 // Check for "clients[0-9]*.google.com" hosts. | 34 // Check for "clients[0-9]*.google.com" hosts. |
35 // This protects requests to several internal services such as sync, | 35 // This protects requests to several internal services such as sync, |
36 // extension update pings, captive portal detection, fraudulent certificate | 36 // extension update pings, captive portal detection, fraudulent certificate |
37 // reporting, autofill and others. | 37 // reporting, autofill and others. |
38 if (base::StartsWithASCII(host, kClient, true)) { | 38 if (base::StartsWithASCII(host, kClient, true)) { |
39 bool match = true; | 39 bool match = true; |
40 for (std::string::const_iterator i = host.begin() + strlen(kClient), | 40 for (std::string::const_iterator i = host.begin() + strlen(kClient), |
41 end = host.end() - strlen(kGoogleCom); i != end; ++i) { | 41 end = host.end() - strlen(kGoogleCom); i != end; ++i) { |
42 if (!isdigit(*i)) { | 42 if (!isdigit(*i)) { |
43 match = false; | 43 match = false; |
44 break; | 44 break; |
45 } | 45 } |
46 } | 46 } |
47 sensitive_chrome_url = sensitive_chrome_url || match; | 47 sensitive_chrome_url = sensitive_chrome_url || match; |
48 } | 48 } |
49 // This protects requests to safe browsing, link doctor, and possibly | 49 // This protects requests to safe browsing, link doctor, and possibly |
50 // others. | 50 // others. |
51 sensitive_chrome_url = | 51 sensitive_chrome_url = |
52 sensitive_chrome_url || | 52 sensitive_chrome_url || |
53 EndsWith(url.host(), ".clients.google.com", true) || | 53 base::EndsWith(url.host(), ".clients.google.com", true) || |
54 url.host() == "sb-ssl.google.com" || | 54 url.host() == "sb-ssl.google.com" || |
55 (url.host() == "chrome.google.com" && | 55 (url.host() == "chrome.google.com" && |
56 base::StartsWithASCII(url.path(), "/webstore", true)); | 56 base::StartsWithASCII(url.path(), "/webstore", true)); |
57 } | 57 } |
58 GURL::Replacements replacements; | 58 GURL::Replacements replacements; |
59 replacements.ClearQuery(); | 59 replacements.ClearQuery(); |
60 replacements.ClearRef(); | 60 replacements.ClearRef(); |
61 GURL url_without_query = url.ReplaceComponents(replacements); | 61 GURL url_without_query = url.ReplaceComponents(replacements); |
62 return sensitive_chrome_url || | 62 return sensitive_chrome_url || |
63 extension_urls::IsWebstoreUpdateUrl(url_without_query) || | 63 extension_urls::IsWebstoreUpdateUrl(url_without_query) || |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 } | 133 } |
134 break; | 134 break; |
135 case REQUIRE_ALL_URLS: | 135 case REQUIRE_ALL_URLS: |
136 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) | 136 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) |
137 return false; | 137 return false; |
138 break; | 138 break; |
139 } | 139 } |
140 | 140 |
141 return true; | 141 return true; |
142 } | 142 } |
OLD | NEW |