chrome/renderer/extensions/resource_request_policy.cc - Issue 12457042: Non-web-accessible extension URLs should not load in non-extension processes

Side by Side Diff: chrome/renderer/extensions/resource_request_policy.cc

Issue 12457042: Non-web-accessible extension URLs should not load in non-extension processes (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixing issues found in code review. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/renderer/extensions/resource_request_policy.h"	5 #include "chrome/renderer/extensions/resource_request_policy.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "base/stringprintf.h"	9 #include "base/stringprintf.h"

10 #include "chrome/common/chrome_switches.h"	10 #include "chrome/common/chrome_switches.h"

11 #include "chrome/common/extensions/api/icons/icons_handler.h"	11 #include "chrome/common/extensions/api/icons/icons_handler.h"

12 #include "chrome/common/extensions/extension.h"	12 #include "chrome/common/extensions/extension.h"

13 #include "chrome/common/extensions/extension_set.h"	13 #include "chrome/common/extensions/extension_set.h"

14 #include "chrome/common/extensions/manifest_url_handler.h"	14 #include "chrome/common/extensions/manifest_url_handler.h"

15 #include "chrome/common/extensions/web_accessible_resources_handler.h"	15 #include "chrome/common/extensions/web_accessible_resources_handler.h"

16 #include "chrome/common/url_constants.h"	16 #include "chrome/common/url_constants.h"

17 #include "content/public/common/page_transition_types.h"	17 #include "content/public/common/page_transition_types.h"

18 #include "extensions/common/constants.h"	18 #include "extensions/common/constants.h"

19 #include "googleurl/src/gurl.h"	19 #include "googleurl/src/gurl.h"

20 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h"	20 #include "third_party/WebKit/Source/Platform/chromium/public/WebString.h"

21 #include "third_party/WebKit/Source/WebKit/chromium/public/WebConsoleMessage.h"	21 #include "third_party/WebKit/Source/WebKit/chromium/public/WebConsoleMessage.h"

22 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"	22 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"

23 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"	23 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"

24	24

25 namespace extensions {	25 namespace extensions {

26	26

	27 // This method does a security check whether chrome-extension:// URLs can be

	28 // requested by the renderer. Since this is in an untrusted process, the browser

	29 // has a similar check to enforce the policy, in case this process is exploited.

	30 // If you are changing this function, ensure equivalent checks are added to

	31 // extension_protocols.cc AllowExtensionResourceLoad.
	Charlie Reis 2013/04/02 22:17:38 nit: extension_protocols.cc's nit: extension_protocols.cc's nasko 2013/04/03 15:51:50 Done. Show quoted text On 2013/04/02 22:17:38, creis wrote: > nit: extension_protocols.cc's Done.
	32

27 // static	33 // static

28 bool ResourceRequestPolicy::CanRequestResource(	34 bool ResourceRequestPolicy::CanRequestResource(

29 const GURL& resource_url,	35 const GURL& resource_url,

30 WebKit::WebFrame* frame,	36 WebKit::WebFrame* frame,

31 content::PageTransition transition_type,	37 content::PageTransition transition_type,

32 const ExtensionSet* loaded_extensions) {	38 const ExtensionSet* loaded_extensions) {

33 CHECK(resource_url.SchemeIs(extensions::kExtensionScheme));	39 CHECK(resource_url.SchemeIs(extensions::kExtensionScheme));

34	40

35 const Extension* extension =	41 const Extension* extension =

36 loaded_extensions->GetExtensionOrAppByURL(ExtensionURLInfo(resource_url));	42 loaded_extensions->GetExtensionOrAppByURL(ExtensionURLInfo(resource_url));

(...skipping 79 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
116 return false;	122 return false;

117 }	123 }

118	124

119 return true;	125 return true;

120 }	126 }

121	127

122 ResourceRequestPolicy::ResourceRequestPolicy() {	128 ResourceRequestPolicy::ResourceRequestPolicy() {

123 }	129 }

124	130

125 } // namespace extensions	131 } // namespace extensions

OLD	NEW

« chrome/browser/extensions/extension_protocols.cc ('K') | « chrome/common/extensions/extension.h ('k') | chrome/test/data/chrome_extension_resource.html » ('j') | no next file with comments »