Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/extension_unittest.cc

Issue 12792005: Allow extensions on chrome:// URLs, when flag is set and permission is explicitly requested (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Reinstate original pickle order; add scripts clause to content_script_chrome_url_invalid.json to av… Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/common/extensions/extension.cc ('k') | chrome/common/extensions/manifest_tests/extension_manifests_chromepermission_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/extension_unittest.cc
diff --git a/chrome/common/extensions/extension_unittest.cc b/chrome/common/extensions/extension_unittest.cc
index edc99bcda0b9bab69410216b438e11ad9a546697..8d88f4bd49f95c16c8975f5aa444ce94930b0059 100644
--- a/chrome/common/extensions/extension_unittest.cc
+++ b/chrome/common/extensions/extension_unittest.cc
@@ -4,6 +4,7 @@
#include "chrome/common/extensions/extension.h"
+#include "base/command_line.h"
#include "base/file_util.h"
#include "base/files/file_path.h"
#include "base/format_macros.h"
@@ -13,6 +14,7 @@
#include "base/strings/string_number_conversions.h"
#include "base/utf_string_conversions.h"
#include "chrome/common/chrome_paths.h"
+#include "chrome/common/chrome_switches.h"
#include "chrome/common/extensions/api/commands/commands_handler.h"
#include "chrome/common/extensions/api/plugins/plugins_handler.h"
#include "chrome/common/extensions/background_info.h"
@@ -657,11 +659,10 @@ class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
};
TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
- scoped_refptr<Extension> extension;
-
// Test <all_urls> for regular extensions.
- extension = LoadManifestStrict("script_and_capture",
+ scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
"extension_regular_all.json");
+
EXPECT_TRUE(Allowed(extension, http_url));
EXPECT_TRUE(Allowed(extension, https_url));
EXPECT_TRUE(Blocked(extension, file_url));
@@ -745,6 +746,103 @@ TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
EXPECT_FALSE(extension->HasHostPermission(settings_url));
}
+
+TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
+ CommandLine::ForCurrentProcess()->AppendSwitch(
+ switches::kExtensionsOnChromeURLs);
+
+ scoped_refptr<Extension> extension;
+
+ // Test <all_urls> for regular extensions.
+ extension = LoadManifestStrict("script_and_capture",
+ "extension_regular_all.json");
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, extension_url));
+
+ // Test access to iframed content.
+ GURL within_extension_url = extension->GetResourceURL("page.html");
+ EXPECT_TRUE(AllowedScript(extension, http_url, http_url_with_path));
+ EXPECT_TRUE(AllowedScript(extension, https_url, http_url_with_path));
+ EXPECT_TRUE(AllowedScript(extension, http_url, within_extension_url));
+ EXPECT_TRUE(AllowedScript(extension, https_url, within_extension_url));
+ EXPECT_TRUE(BlockedScript(extension, http_url, extension_url));
+ EXPECT_TRUE(BlockedScript(extension, https_url, extension_url));
+
+ EXPECT_FALSE(extension->HasHostPermission(settings_url));
+ EXPECT_FALSE(extension->HasHostPermission(about_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Test * for scheme, which implies just the http/https schemes.
+ extension = LoadManifestStrict("script_and_capture",
+ "extension_wildcard.json");
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+ extension = LoadManifest("script_and_capture",
+ "extension_wildcard_settings.json");
+ EXPECT_TRUE(Blocked(extension, settings_url));
+
+ // Having chrome://*/ should work for regular extensions with the flag
+ // enabled.
+ std::string error;
+ extension = LoadManifestUnchecked("script_and_capture",
+ "extension_wildcard_chrome.json",
+ Manifest::INTERNAL, Extension::NO_FLAGS,
+ &error);
+ EXPECT_FALSE(extension == NULL);
+ EXPECT_TRUE(Blocked(extension, http_url));
+ EXPECT_TRUE(Blocked(extension, https_url));
+ EXPECT_TRUE(Allowed(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested
+
+ // Having chrome://favicon/* should not give you chrome://*
+ extension = LoadManifestStrict("script_and_capture",
+ "extension_chrome_favicon_wildcard.json");
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Allowed(extension, favicon_url)); // chrome:// requested
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Having http://favicon should not give you chrome://favicon
+ extension = LoadManifestStrict("script_and_capture",
+ "extension_http_favicon.json");
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+
+ // Component extensions with <all_urls> should get everything.
+ extension = LoadManifest("script_and_capture", "extension_component_all.json",
+ Manifest::COMPONENT, Extension::NO_FLAGS);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Allowed(extension, https_url));
+ EXPECT_TRUE(Allowed(extension, settings_url));
+ EXPECT_TRUE(Allowed(extension, about_url));
+ EXPECT_TRUE(Allowed(extension, favicon_url));
+ EXPECT_TRUE(extension->HasHostPermission(favicon_url));
+
+ // Component extensions should only get access to what they ask for.
+ extension = LoadManifest("script_and_capture",
+ "extension_component_google.json", Manifest::COMPONENT,
+ Extension::NO_FLAGS);
+ EXPECT_TRUE(Allowed(extension, http_url));
+ EXPECT_TRUE(Blocked(extension, https_url));
+ EXPECT_TRUE(Blocked(extension, file_url));
+ EXPECT_TRUE(Blocked(extension, settings_url));
+ EXPECT_TRUE(Blocked(extension, favicon_url));
+ EXPECT_TRUE(Blocked(extension, about_url));
+ EXPECT_TRUE(Blocked(extension, extension_url));
+ EXPECT_FALSE(extension->HasHostPermission(settings_url));
+}
+
TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
scoped_refptr<Extension> extension =
LoadManifestStrict("script_and_capture", "tab_specific.json");
« no previous file with comments | « chrome/common/extensions/extension.cc ('k') | chrome/common/extensions/manifest_tests/extension_manifests_chromepermission_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698