OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/chrome_content_renderer_client.h" | 5 #include "chrome/renderer/chrome_content_renderer_client.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
124 using WebKit::WebString; | 124 using WebKit::WebString; |
125 using WebKit::WebURL; | 125 using WebKit::WebURL; |
126 using WebKit::WebURLError; | 126 using WebKit::WebURLError; |
127 using WebKit::WebURLRequest; | 127 using WebKit::WebURLRequest; |
128 using WebKit::WebURLResponse; | 128 using WebKit::WebURLResponse; |
129 using WebKit::WebVector; | 129 using WebKit::WebVector; |
130 | 130 |
131 namespace { | 131 namespace { |
132 | 132 |
133 const char kWebViewTagName[] = "WEBVIEW"; | 133 const char kWebViewTagName[] = "WEBVIEW"; |
134 const char kAdViewTagName[] = "ADVIEW"; | |
134 | 135 |
135 // Explicitly register all extension ManifestHandlers needed to parse | 136 // Explicitly register all extension ManifestHandlers needed to parse |
136 // fields used in the renderer. | 137 // fields used in the renderer. |
137 void RegisterExtensionManifestHandlers() { | 138 void RegisterExtensionManifestHandlers() { |
138 (new extensions::BackgroundManifestHandler)->Register(); | 139 (new extensions::BackgroundManifestHandler)->Register(); |
139 (new extensions::DevToolsPageHandler)->Register(); | 140 (new extensions::DevToolsPageHandler)->Register(); |
140 (new extensions::WebAccessibleResourcesHandler)->Register(); | 141 (new extensions::WebAccessibleResourcesHandler)->Register(); |
141 (new extensions::PageActionHandler)->Register(); | 142 (new extensions::PageActionHandler)->Register(); |
142 (new extensions::CSPHandler(false))->Register(); // not platform app. | 143 (new extensions::CSPHandler(false))->Register(); // not platform app. |
143 (new extensions::CSPHandler(true))->Register(); // platform app. | 144 (new extensions::CSPHandler(true))->Register(); // platform app. |
(...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
391 const WebPluginParams& params, | 392 const WebPluginParams& params, |
392 WebPlugin** plugin) { | 393 WebPlugin** plugin) { |
393 std::string orig_mime_type = params.mimeType.utf8(); | 394 std::string orig_mime_type = params.mimeType.utf8(); |
394 if (orig_mime_type == content::kBrowserPluginMimeType) { | 395 if (orig_mime_type == content::kBrowserPluginMimeType) { |
395 if (CommandLine::ForCurrentProcess()->HasSwitch( | 396 if (CommandLine::ForCurrentProcess()->HasSwitch( |
396 switches::kEnableBrowserPluginForAllViewTypes)) | 397 switches::kEnableBrowserPluginForAllViewTypes)) |
397 return false; | 398 return false; |
398 WebDocument document = frame->document(); | 399 WebDocument document = frame->document(); |
399 const Extension* extension = | 400 const Extension* extension = |
400 GetExtension(document.securityOrigin()); | 401 GetExtension(document.securityOrigin()); |
401 if (extension && extension->HasAPIPermission( | 402 if (extension) { |
402 extensions::APIPermission::kWebView)) | 403 const extensions::APIPermission::ID perms[] = { |
403 return false; | 404 extensions::APIPermission::kWebView, |
405 extensions::APIPermission::kAdView | |
406 }; | |
407 for (size_t i = 0; i < arraysize(perms); ++i) { | |
408 if (extension->HasAPIPermission(perms[i])) | |
409 return false; | |
410 } | |
411 } | |
404 } | 412 } |
405 | 413 |
406 ChromeViewHostMsg_GetPluginInfo_Output output; | 414 ChromeViewHostMsg_GetPluginInfo_Output output; |
407 #if defined(ENABLE_PLUGINS) | 415 #if defined(ENABLE_PLUGINS) |
408 render_view->Send(new ChromeViewHostMsg_GetPluginInfo( | 416 render_view->Send(new ChromeViewHostMsg_GetPluginInfo( |
409 render_view->GetRoutingID(), GURL(params.url), | 417 render_view->GetRoutingID(), GURL(params.url), |
410 frame->top()->document().url(), orig_mime_type, &output)); | 418 frame->top()->document().url(), orig_mime_type, &output)); |
411 #else | 419 #else |
412 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound; | 420 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound; |
413 #endif | 421 #endif |
(...skipping 694 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1108 #endif | 1116 #endif |
1109 } | 1117 } |
1110 | 1118 |
1111 bool ChromeContentRendererClient::AllowBrowserPlugin( | 1119 bool ChromeContentRendererClient::AllowBrowserPlugin( |
1112 WebKit::WebPluginContainer* container) const { | 1120 WebKit::WebPluginContainer* container) const { |
1113 if (CommandLine::ForCurrentProcess()->HasSwitch( | 1121 if (CommandLine::ForCurrentProcess()->HasSwitch( |
1114 switches::kEnableBrowserPluginForAllViewTypes)) | 1122 switches::kEnableBrowserPluginForAllViewTypes)) |
1115 return true; | 1123 return true; |
1116 | 1124 |
1117 // If this |BrowserPlugin| <object> in the |container| is not inside a | 1125 // If this |BrowserPlugin| <object> in the |container| is not inside a |
1118 // <webview> shadowHost, we disable instantiating this plugin. This is to | 1126 // <webview>/<adview> shadowHost, we disable instantiating this plugin. This |
1119 // discourage and prevent developers from accidentally attaching <object> | 1127 // is to discourage and prevent developers from accidentally attaching |
1120 // directly in apps. | 1128 // <object> directly in apps. |
1121 // | 1129 // |
1122 // Note that this check below does *not* ensure any security, it is still | 1130 // Note that this check below does *not* ensure any security, it is still |
1123 // possible to bypass this check. | 1131 // possible to bypass this check. |
1124 // TODO(lazyboy): http://crbug.com/178663, Ensure we properly disallow | 1132 // TODO(lazyboy): http://crbug.com/178663, Ensure we properly disallow |
1125 // instantiating BrowserPlugin outside of the <webview> shim. | 1133 // instantiating BrowserPlugin outside of the <webview>/<adview> shim. |
1126 if (container->element().isNull()) | 1134 if (container->element().isNull()) |
1127 return false; | 1135 return false; |
1128 | 1136 |
1129 if (container->element().shadowHost().isNull()) | 1137 if (container->element().shadowHost().isNull()) |
1130 return false; | 1138 return false; |
1131 | 1139 |
1132 return container->element().shadowHost().tagName().equals( | 1140 WebString tagName = container->element().shadowHost().tagName(); |
1133 WebString::fromUTF8(kWebViewTagName)); | 1141 return tagName.equals(WebString::fromUTF8(kWebViewTagName)) || |
darin (slow to review)
2013/03/20 04:59:30
nit: use google C++ style variable naming conventi
rpaquay
2013/03/20 16:24:45
Done.
| |
1142 tagName.equals(WebString::fromUTF8(kAdViewTagName)); | |
1134 } | 1143 } |
1135 | 1144 |
1136 } // namespace chrome | 1145 } // namespace chrome |
OLD | NEW |