Prevent unauthorized commits of the Chrome Web Store URL.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 24403ca7f90c2fe1c066cbc181245ddee16a349e..0abbc1add2b430cabfca725b42511788432001f1 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -882,6 +882,33 @@ bool ChromeContentBrowserClient::IsHandledURL(const GURL& url) {
   return ProfileIOData::IsHandledURL(url);
 }
 
+bool ChromeContentBrowserClient::CanCommitURL(
+    content::RenderProcessHost* process_host,
+    const GURL& url) {
+  // We need to let most extension URLs commit in any process, since this can
+  // be allowed due to web_accessible_resources.  Most hosted app URLs may also
+  // load in any process (e.g., in an iframe).  However, the Chrome Web Store
+  // cannot be loaded in iframes and should never be requested outside its
+  // process.
+  Profile* profile =
+      Profile::FromBrowserContext(process_host->GetBrowserContext());
+  ExtensionService* service =
+      extensions::ExtensionSystem::Get(profile)->extension_service();
+  if (!service)
+    return true;
+  const Extension* new_extension =
+      service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo(url));
+  if (new_extension &&
+      new_extension->is_hosted_app() &&
+      new_extension->id() == extension_misc::kWebStoreAppId &&
+      !service->process_map()->Contains(new_extension->id(),
+                                        process_host->GetID())) {
+    return false;
+  }
+
+  return true;
+}
+
 bool ChromeContentBrowserClient::IsSuitableHost(
     content::RenderProcessHost* process_host,
     const GURL& site_url) {