| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/web_request/web_request_permissions.h" | 5 #include "extensions/browser/api/web_request/web_request_permissions.h" |
| 6 | 6 |
| 7 #include "base/strings/string_util.h" | 7 #include "base/strings/string_util.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "content/public/browser/resource_request_info.h" | 9 #include "content/public/browser/resource_request_info.h" |
| 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" | 10 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 // Returns true if the URL is sensitive and requests to this URL must not be | 23 // Returns true if the URL is sensitive and requests to this URL must not be |
| 24 // modified/canceled by extensions, e.g. because it is targeted to the webstore | 24 // modified/canceled by extensions, e.g. because it is targeted to the webstore |
| 25 // to check for updates, extension blacklisting, etc. | 25 // to check for updates, extension blacklisting, etc. |
| 26 bool IsSensitiveURL(const GURL& url) { | 26 bool IsSensitiveURL(const GURL& url) { |
| 27 // TODO(battre) Merge this, CanExtensionAccessURL and | 27 // TODO(battre) Merge this, CanExtensionAccessURL and |
| 28 // PermissionsData::CanAccessPage into one function. | 28 // PermissionsData::CanAccessPage into one function. |
| 29 bool sensitive_chrome_url = false; | 29 bool sensitive_chrome_url = false; |
| 30 const std::string host = url.host(); | 30 const std::string host = url.host(); |
| 31 const char kGoogleCom[] = ".google.com"; | 31 const char kGoogleCom[] = ".google.com"; |
| 32 const char kClient[] = "clients"; | 32 const char kClient[] = "clients"; |
| 33 if (base::EndsWith(host, kGoogleCom, true)) { | 33 if (base::EndsWith(host, kGoogleCom, base::CompareCase::SENSITIVE)) { |
| 34 // Check for "clients[0-9]*.google.com" hosts. | 34 // Check for "clients[0-9]*.google.com" hosts. |
| 35 // This protects requests to several internal services such as sync, | 35 // This protects requests to several internal services such as sync, |
| 36 // extension update pings, captive portal detection, fraudulent certificate | 36 // extension update pings, captive portal detection, fraudulent certificate |
| 37 // reporting, autofill and others. | 37 // reporting, autofill and others. |
| 38 if (base::StartsWithASCII(host, kClient, true)) { | 38 if (base::StartsWith(host, kClient, base::CompareCase::SENSITIVE)) { |
| 39 bool match = true; | 39 bool match = true; |
| 40 for (std::string::const_iterator i = host.begin() + strlen(kClient), | 40 for (std::string::const_iterator i = host.begin() + strlen(kClient), |
| 41 end = host.end() - strlen(kGoogleCom); i != end; ++i) { | 41 end = host.end() - strlen(kGoogleCom); i != end; ++i) { |
| 42 if (!isdigit(*i)) { | 42 if (!isdigit(*i)) { |
| 43 match = false; | 43 match = false; |
| 44 break; | 44 break; |
| 45 } | 45 } |
| 46 } | 46 } |
| 47 sensitive_chrome_url = sensitive_chrome_url || match; | 47 sensitive_chrome_url = sensitive_chrome_url || match; |
| 48 } | 48 } |
| 49 // This protects requests to safe browsing, link doctor, and possibly | 49 // This protects requests to safe browsing, link doctor, and possibly |
| 50 // others. | 50 // others. |
| 51 sensitive_chrome_url = | 51 sensitive_chrome_url = |
| 52 sensitive_chrome_url || | 52 sensitive_chrome_url || |
| 53 base::EndsWith(url.host(), ".clients.google.com", true) || | 53 base::EndsWith(url.host(), ".clients.google.com", |
| 54 base::CompareCase::SENSITIVE) || |
| 54 url.host() == "sb-ssl.google.com" || | 55 url.host() == "sb-ssl.google.com" || |
| 55 (url.host() == "chrome.google.com" && | 56 (url.host() == "chrome.google.com" && |
| 56 base::StartsWithASCII(url.path(), "/webstore", true)); | 57 base::StartsWith(url.path(), "/webstore", |
| 58 base::CompareCase::SENSITIVE)); |
| 57 } | 59 } |
| 58 GURL::Replacements replacements; | 60 GURL::Replacements replacements; |
| 59 replacements.ClearQuery(); | 61 replacements.ClearQuery(); |
| 60 replacements.ClearRef(); | 62 replacements.ClearRef(); |
| 61 GURL url_without_query = url.ReplaceComponents(replacements); | 63 GURL url_without_query = url.ReplaceComponents(replacements); |
| 62 return sensitive_chrome_url || | 64 return sensitive_chrome_url || |
| 63 extension_urls::IsWebstoreUpdateUrl(url_without_query) || | 65 extension_urls::IsWebstoreUpdateUrl(url_without_query) || |
| 64 extension_urls::IsBlacklistUpdateUrl(url); | 66 extension_urls::IsBlacklistUpdateUrl(url); |
| 65 } | 67 } |
| 66 | 68 |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 133 } | 135 } |
| 134 break; | 136 break; |
| 135 case REQUIRE_ALL_URLS: | 137 case REQUIRE_ALL_URLS: |
| 136 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) | 138 if (!extension->permissions_data()->HasEffectiveAccessToAllHosts()) |
| 137 return false; | 139 return false; |
| 138 break; | 140 break; |
| 139 } | 141 } |
| 140 | 142 |
| 141 return true; | 143 return true; |
| 142 } | 144 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1233043003:
Remove some legacy versions of StartsWith and EndsWith. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master