Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1238)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/renderer/dispatcher.cc

Issue 1309843013: extensions: Avoid using WebString in Dispatcher::Dispatcher() (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/dispatcher.cc
diff --git a/extensions/renderer/dispatcher.cc b/extensions/renderer/dispatcher.cc
index fa07dd1a51536cacfb530961aeff7e2612aaca7d..4fbc49b64f5334272b5f4d863064f61a5ece33a1 100644
--- a/extensions/renderer/dispatcher.cc
+++ b/extensions/renderer/dispatcher.cc
@@ -223,6 +223,8 @@ base::LazyInstance<ServiceWorkerScriptContextSet>
} // namespace
+// Note that we can't use Blink public APIs in the constructor becase Blink
+// is not initialized at the point we create Dispatcher.
Dispatcher::Dispatcher(DispatcherDelegate* delegate)
: delegate_(delegate),
content_watcher_(new ContentWatcher()),
@@ -250,35 +252,6 @@ Dispatcher::Dispatcher(DispatcherDelegate* delegate)
request_sender_.reset(new RequestSender(this));
PopulateSourceMap();
WakeEventPage::Get()->Init(content::RenderThread::Get());
-
- // WebSecurityPolicy whitelists. They should be registered for both
- // chrome-extension: and chrome-extension-resource.
- using RegisterFunction = void (*)(const WebString&);
- RegisterFunction register_functions[] = {
- // Treat as secure because communication with them is entirely in the
- // browser, so there is no danger of manipulation or eavesdropping on
- // communication with them by third parties.
- WebSecurityPolicy::registerURLSchemeAsSecure,
- // As far as Blink is concerned, they should be allowed to receive CORS
- // requests. At the Extensions layer, requests will actually be blocked
- // unless overridden by the web_accessible_resources manifest key.
- // TODO(kalman): See what happens with a service worker.
- WebSecurityPolicy::registerURLSchemeAsCORSEnabled,
- // Resources should bypass Content Security Policy checks when included in
- // protected resources. TODO(kalman): What are "protected resources"?
- WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy,
- // Extension resources are HTTP-like and safe to expose to the fetch API.
- // The rules for the fetch API are consistent with XHR.
- WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI,
- };
-
- WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme));
- WebString extension_resource_scheme(base::ASCIIToUTF16(
- kExtensionResourceScheme));
- for (RegisterFunction func : register_functions) {
- func(extension_scheme);
- func(extension_resource_scheme);
- }
}
Dispatcher::~Dispatcher() {
@@ -866,6 +839,35 @@ bool Dispatcher::OnControlMessageReceived(const IPC::Message& message) {
void Dispatcher::WebKitInitialized() {
RenderThread::Get()->RegisterExtension(SafeBuiltins::CreateV8Extension());
+ // WebSecurityPolicy whitelists. They should be registered for both
+ // chrome-extension: and chrome-extension-resource.
+ using RegisterFunction = void (*)(const WebString&);
+ RegisterFunction register_functions[] = {
+ // Treat as secure because communication with them is entirely in the
+ // browser, so there is no danger of manipulation or eavesdropping on
+ // communication with them by third parties.
+ WebSecurityPolicy::registerURLSchemeAsSecure,
+ // As far as Blink is concerned, they should be allowed to receive CORS
+ // requests. At the Extensions layer, requests will actually be blocked
+ // unless overridden by the web_accessible_resources manifest key.
+ // TODO(kalman): See what happens with a service worker.
+ WebSecurityPolicy::registerURLSchemeAsCORSEnabled,
+ // Resources should bypass Content Security Policy checks when included in
+ // protected resources. TODO(kalman): What are "protected resources"?
+ WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy,
+ // Extension resources are HTTP-like and safe to expose to the fetch API.
+ // The rules for the fetch API are consistent with XHR.
+ WebSecurityPolicy::registerURLSchemeAsSupportingFetchAPI,
+ };
+
+ WebString extension_scheme(base::ASCIIToUTF16(kExtensionScheme));
+ WebString extension_resource_scheme(base::ASCIIToUTF16(
+ kExtensionResourceScheme));
+ for (RegisterFunction func : register_functions) {
+ func(extension_scheme);
+ func(extension_resource_scheme);
+ }
+
// For extensions, we want to ensure we call the IdleHandler every so often,
// even if the extension keeps up activity.
if (set_idle_notifications_) {
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698