Chromium Code Reviews Chromium Code Reviews
Issue 12457042:
Non-web-accessible extension URLs should not load in non-extension processes (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/renderer/extensions/resource_request_policy.cc |
| diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc |
| index 756844ff8c19cf5e6374998f9ebdb4cad6ad106b..5843d8d5517c940dcfea0a2bcf7edffee8583344 100644 |
| --- a/chrome/renderer/extensions/resource_request_policy.cc |
| +++ b/chrome/renderer/extensions/resource_request_policy.cc |
| @@ -24,6 +24,12 @@ |
| namespace extensions { |
| +// This method does a security check whether chrome-extension:// URLs can be |
| +// requested by the renderer. Since this is in an untrusted process, the browser |
| +// has a similar check to enforce the policy, in case this process is exploited. |
| +// If you are changing this function, ensure equivalent checks are added to |
| +// extension_protocols.cc AllowExtensionResourceLoad. |
|
Charlie Reis
2013/04/02 22:17:38
nit: extension_protocols.cc's
nasko
2013/04/03 15:51:50
Done.
|
| + |
| // static |
| bool ResourceRequestPolicy::CanRequestResource( |
| const GURL& resource_url, |
