Chromium Code Reviews Chromium Code Reviews
Issue 1282263002:
Restrict chrome.runtime.setUninstallURL to http(s) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/runtime/runtime_api.h" | 5 #include "extensions/browser/api/runtime/runtime_api.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 47 const char kNoBackgroundPageError[] = "You do not have a background page."; | 47 const char kNoBackgroundPageError[] = "You do not have a background page."; |
| 48 const char kPageLoadError[] = "Background page failed to load."; | 48 const char kPageLoadError[] = "Background page failed to load."; |
| 49 const char kFailedToCreateOptionsPage[] = "Could not create an options page."; | 49 const char kFailedToCreateOptionsPage[] = "Could not create an options page."; |
| 50 const char kInstallId[] = "id"; | 50 const char kInstallId[] = "id"; |
| 51 const char kInstallReason[] = "reason"; | 51 const char kInstallReason[] = "reason"; |
| 52 const char kInstallReasonChromeUpdate[] = "chrome_update"; | 52 const char kInstallReasonChromeUpdate[] = "chrome_update"; |
| 53 const char kInstallReasonUpdate[] = "update"; | 53 const char kInstallReasonUpdate[] = "update"; |
| 54 const char kInstallReasonInstall[] = "install"; | 54 const char kInstallReasonInstall[] = "install"; |
| 55 const char kInstallReasonSharedModuleUpdate[] = "shared_module_update"; | 55 const char kInstallReasonSharedModuleUpdate[] = "shared_module_update"; |
| 56 const char kInstallPreviousVersion[] = "previousVersion"; | 56 const char kInstallPreviousVersion[] = "previousVersion"; |
| 57 const char kInvalidUrlError[] = "Invalid URL."; | 57 const char kInvalidUrlError[] = "Invalid URL: \"*\"."; |
| 58 const char kPlatformInfoUnavailable[] = "Platform information unavailable."; | 58 const char kPlatformInfoUnavailable[] = "Platform information unavailable."; |
| 59 | 59 |
| 60 const char kUpdatesDisabledError[] = "Autoupdate is not enabled."; | 60 const char kUpdatesDisabledError[] = "Autoupdate is not enabled."; |
| 61 | 61 |
| 62 // A preference key storing the url loaded when an extension is uninstalled. | 62 // A preference key storing the url loaded when an extension is uninstalled. |
| 63 const char kUninstallUrl[] = "uninstall_url"; | 63 const char kUninstallUrl[] = "uninstall_url"; |
| 64 | 64 |
| 65 // The name of the directory to be returned by getPackageDirectoryEntry. This | 65 // The name of the directory to be returned by getPackageDirectoryEntry. This |
| 66 // particular value does not matter to user code, but is chosen for consistency | 66 // particular value does not matter to user code, but is chosen for consistency |
| 67 // with the equivalent Pepper API. | 67 // with the equivalent Pepper API. |
| (...skipping 330 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 398 const std::string& extension_id, | 398 const std::string& extension_id, |
| 399 UninstallReason reason) { | 399 UninstallReason reason) { |
| 400 if (!(reason == UNINSTALL_REASON_USER_INITIATED || | 400 if (!(reason == UNINSTALL_REASON_USER_INITIATED || |
| 401 reason == UNINSTALL_REASON_MANAGEMENT_API)) { | 401 reason == UNINSTALL_REASON_MANAGEMENT_API)) { |
| 402 return; | 402 return; |
| 403 } | 403 } |
| 404 | 404 |
| 405 GURL uninstall_url( | 405 GURL uninstall_url( |
| 406 GetUninstallURL(ExtensionPrefs::Get(context), extension_id)); | 406 GetUninstallURL(ExtensionPrefs::Get(context), extension_id)); |
| 407 | 407 |
| 408 if (uninstall_url.is_empty()) | 408 if (uninstall_url.is_empty() || !uninstall_url.SchemeIsHTTPOrHTTPS()) |
|
not at google - send to devlin
2015/08/10 22:33:02
Second half of check is enough, and it's worth com
| |
| 409 return; | 409 return; |
| 410 | 410 |
| 411 RuntimeAPI::GetFactoryInstance()->Get(context)->OpenURL(uninstall_url); | 411 RuntimeAPI::GetFactoryInstance()->Get(context)->OpenURL(uninstall_url); |
| 412 } | 412 } |
| 413 | 413 |
| 414 ExtensionFunction::ResponseAction RuntimeGetBackgroundPageFunction::Run() { | 414 ExtensionFunction::ResponseAction RuntimeGetBackgroundPageFunction::Run() { |
| 415 ExtensionHost* host = ProcessManager::Get(browser_context()) | 415 ExtensionHost* host = ProcessManager::Get(browser_context()) |
| 416 ->GetBackgroundHostForExtension(extension_id()); | 416 ->GetBackgroundHostForExtension(extension_id()); |
| 417 if (LazyBackgroundTaskQueue::Get(browser_context()) | 417 if (LazyBackgroundTaskQueue::Get(browser_context()) |
| 418 ->ShouldEnqueueTask(browser_context(), extension())) { | 418 ->ShouldEnqueueTask(browser_context(), extension())) { |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 441 RuntimeAPI* api = RuntimeAPI::GetFactoryInstance()->Get(browser_context()); | 441 RuntimeAPI* api = RuntimeAPI::GetFactoryInstance()->Get(browser_context()); |
| 442 return RespondNow(api->OpenOptionsPage(extension()) | 442 return RespondNow(api->OpenOptionsPage(extension()) |
| 443 ? NoArguments() | 443 ? NoArguments() |
| 444 : Error(kFailedToCreateOptionsPage)); | 444 : Error(kFailedToCreateOptionsPage)); |
| 445 } | 445 } |
| 446 | 446 |
| 447 ExtensionFunction::ResponseAction RuntimeSetUninstallURLFunction::Run() { | 447 ExtensionFunction::ResponseAction RuntimeSetUninstallURLFunction::Run() { |
| 448 std::string url_string; | 448 std::string url_string; |
| 449 EXTENSION_FUNCTION_VALIDATE(args_->GetString(0, &url_string)); | 449 EXTENSION_FUNCTION_VALIDATE(args_->GetString(0, &url_string)); |
| 450 | 450 |
| 451 GURL url(url_string); | 451 if (!url_string.empty()) { |
| 452 if (!url.is_valid()) { | 452 GURL url(url_string); |
| 453 return RespondNow( | 453 if (!url.is_valid() || !url.SchemeIsHTTPOrHTTPS()) { |
| 454 Error(ErrorUtils::FormatErrorMessage(kInvalidUrlError, url_string))); | 454 return RespondNow( |
| 455 Error(ErrorUtils::FormatErrorMessage(kInvalidUrlError, url_string))); | |
| 456 } | |
| 455 } | 457 } |
|
not at google - send to devlin
2015/08/10 22:33:02
likewise here it could be just
if (!url_string.em
| |
| 456 SetUninstallURL( | 458 SetUninstallURL( |
| 457 ExtensionPrefs::Get(browser_context()), extension_id(), url_string); | 459 ExtensionPrefs::Get(browser_context()), extension_id(), url_string); |
| 458 return RespondNow(NoArguments()); | 460 return RespondNow(NoArguments()); |
| 459 } | 461 } |
| 460 | 462 |
| 461 ExtensionFunction::ResponseAction RuntimeReloadFunction::Run() { | 463 ExtensionFunction::ResponseAction RuntimeReloadFunction::Run() { |
| 462 RuntimeAPI::GetFactoryInstance()->Get(browser_context())->ReloadExtension( | 464 RuntimeAPI::GetFactoryInstance()->Get(browser_context())->ReloadExtension( |
| 463 extension_id()); | 465 extension_id()); |
| 464 return RespondNow(NoArguments()); | 466 return RespondNow(NoArguments()); |
| 465 } | 467 } |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 525 content::ChildProcessSecurityPolicy* policy = | 527 content::ChildProcessSecurityPolicy* policy = |
| 526 content::ChildProcessSecurityPolicy::GetInstance(); | 528 content::ChildProcessSecurityPolicy::GetInstance(); |
| 527 policy->GrantReadFileSystem(renderer_id, filesystem_id); | 529 policy->GrantReadFileSystem(renderer_id, filesystem_id); |
| 528 base::DictionaryValue* dict = new base::DictionaryValue(); | 530 base::DictionaryValue* dict = new base::DictionaryValue(); |
| 529 dict->SetString("fileSystemId", filesystem_id); | 531 dict->SetString("fileSystemId", filesystem_id); |
| 530 dict->SetString("baseName", relative_path); | 532 dict->SetString("baseName", relative_path); |
| 531 return RespondNow(OneArgument(dict)); | 533 return RespondNow(OneArgument(dict)); |
| 532 } | 534 } |
| 533 | 535 |
| 534 } // namespace extensions | 536 } // namespace extensions |
| OLD | NEW |
