Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/browser/api/runtime/runtime_api.cc

Issue 1282263002: Restrict chrome.runtime.setUninstallURL to http(s) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/runtime/uninstall_url/test.js ('k') | extensions/common/api/runtime.json » ('j') | extensions/common/api/runtime.json » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/browser/api/runtime/runtime_api.cc
diff --git a/extensions/browser/api/runtime/runtime_api.cc b/extensions/browser/api/runtime/runtime_api.cc
index 09ffef2c864b5d6d902beb76f8d51d6eba2fc33e..16b7de37ac93726b85625ff75473fdae9d0a2307 100644
--- a/extensions/browser/api/runtime/runtime_api.cc
+++ b/extensions/browser/api/runtime/runtime_api.cc
@@ -54,7 +54,7 @@ const char kInstallReasonUpdate[] = "update";
const char kInstallReasonInstall[] = "install";
const char kInstallReasonSharedModuleUpdate[] = "shared_module_update";
const char kInstallPreviousVersion[] = "previousVersion";
-const char kInvalidUrlError[] = "Invalid URL.";
+const char kInvalidUrlError[] = "Invalid URL: \"*\".";
const char kPlatformInfoUnavailable[] = "Platform information unavailable.";
const char kUpdatesDisabledError[] = "Autoupdate is not enabled.";
@@ -405,7 +405,7 @@ void RuntimeEventRouter::OnExtensionUninstalled(
GURL uninstall_url(
GetUninstallURL(ExtensionPrefs::Get(context), extension_id));
- if (uninstall_url.is_empty())
+ if (uninstall_url.is_empty() || !uninstall_url.SchemeIsHTTPOrHTTPS())
not at google - send to devlin 2015/08/10 22:33:02 Second half of check is enough, and it's worth com
return;
RuntimeAPI::GetFactoryInstance()->Get(context)->OpenURL(uninstall_url);
@@ -448,10 +448,12 @@ ExtensionFunction::ResponseAction RuntimeSetUninstallURLFunction::Run() {
std::string url_string;
EXTENSION_FUNCTION_VALIDATE(args_->GetString(0, &url_string));
- GURL url(url_string);
- if (!url.is_valid()) {
- return RespondNow(
- Error(ErrorUtils::FormatErrorMessage(kInvalidUrlError, url_string)));
+ if (!url_string.empty()) {
+ GURL url(url_string);
+ if (!url.is_valid() || !url.SchemeIsHTTPOrHTTPS()) {
+ return RespondNow(
+ Error(ErrorUtils::FormatErrorMessage(kInvalidUrlError, url_string)));
+ }
}
not at google - send to devlin 2015/08/10 22:33:02 likewise here it could be just if (!url_string.em
SetUninstallURL(
ExtensionPrefs::Get(browser_context()), extension_id(), url_string);
« no previous file with comments | « chrome/test/data/extensions/api_test/runtime/uninstall_url/test.js ('k') | extensions/common/api/runtime.json » ('j') | extensions/common/api/runtime.json » ('J')

Powered by Google App Engine
This is Rietveld 408576698