Chromium Code Reviews Chromium Code Reviews
Issue 16625012:
Remove ExtensionURLInfo, make security decisions in render process (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/renderer/extensions/dispatcher.cc |
| diff --git a/chrome/renderer/extensions/dispatcher.cc b/chrome/renderer/extensions/dispatcher.cc |
| index 4cf9fb481dc5102048828ae0522126dbd7020aaa..1e733be22435cd055fcbc63ce6f4b18edd3bc948 100644 |
| --- a/chrome/renderer/extensions/dispatcher.cc |
| +++ b/chrome/renderer/extensions/dispatcher.cc |
| @@ -1013,11 +1013,13 @@ void Dispatcher::DidCreateScriptContext( |
| extension_id = ""; |
| } |
| - ExtensionURLInfo url_info(frame->document().securityOrigin(), |
| - UserScriptSlave::GetDataSourceURLForFrame(frame)); |
| + // Frames loaded on a unique security origin are not accessible to extensions. |
| + GURL effective_frame_url; |
|
abarth-chromium
2013/07/13 00:25:40
Can you call this effective_document_url? Frames
|
| + if (!frame->document().securityOrigin().isUnique()) |
| + effective_frame_url = UserScriptSlave::GetDataSourceURLForFrame(frame); |
|
abarth-chromium
2013/07/13 00:25:40
This crazy code, huh?
|
| - Feature::Context context_type = |
| - ClassifyJavaScriptContext(extension_id, extension_group, url_info); |
| + Feature::Context context_type = ClassifyJavaScriptContext( |
| + extension_id, extension_group, effective_frame_url); |
| ChromeV8Context* context = |
| new ChromeV8Context(v8_context, frame, extension, context_type); |
| @@ -1125,18 +1127,17 @@ std::string Dispatcher::GetExtensionID(const WebFrame* frame, int world_id) { |
| return user_script_slave_->GetExtensionIdForIsolatedWorld(world_id); |
| } |
| + if (frame->document().securityOrigin().isUnique()) |
| + return std::string(); |
| + |
| // Extension pages (chrome-extension:// URLs). |
| GURL frame_url = UserScriptSlave::GetDataSourceURLForFrame(frame); |
| - return extensions_.GetExtensionOrAppIDByURL( |
| - ExtensionURLInfo(frame->document().securityOrigin(), frame_url)); |
| + return extensions_.GetExtensionOrAppIDByURL(frame_url); |
| } |
| bool Dispatcher::IsWithinPlatformApp(const WebFrame* frame) { |
| - // We intentionally don't use the origin parameter for ExtensionURLInfo since |
| - // it would be empty (i.e. unique) for sandboxed resources and thus not match. |
| - ExtensionURLInfo url_info( |
| - UserScriptSlave::GetDataSourceURLForFrame(frame->top())); |
| - const Extension* extension = extensions_.GetExtensionOrAppByURL(url_info); |
| + GURL url(UserScriptSlave::GetDataSourceURLForFrame(frame->top())); |
| + const Extension* extension = extensions_.GetExtensionOrAppByURL(url); |
| return extension && extension->is_platform_app(); |
| } |
| @@ -1376,7 +1377,7 @@ void Dispatcher::OnCancelSuspend(const std::string& extension_id) { |
| Feature::Context Dispatcher::ClassifyJavaScriptContext( |
| const std::string& extension_id, |
| int extension_group, |
| - const ExtensionURLInfo& url_info) { |
| + const GURL& url) { |
| DCHECK_GE(extension_group, 0); |
| if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS) { |
| return extensions_.Contains(extension_id) ? |
| @@ -1389,20 +1390,20 @@ Feature::Context Dispatcher::ClassifyJavaScriptContext( |
| // the extension is considered active. |
| // 2. ScriptContext creation (which triggers bindings injection) happens |
| // before the SecurityContext is updated with the sandbox flags (after |
| - // reading the CSP header), so url_info.url().securityOrigin() is not |
| - // unique yet. |
| - if (extensions_.IsSandboxedPage(url_info)) |
| + // reading the CSP header), so the caller can't check if the context's |
| + // security origin is unique yet. |
| + if (extensions_.IsSandboxedPage(url)) |
| return Feature::WEB_PAGE_CONTEXT; |
| if (IsExtensionActive(extension_id)) |
| return Feature::BLESSED_EXTENSION_CONTEXT; |
| - if (extensions_.ExtensionBindingsAllowed(url_info)) { |
| + if (extensions_.ExtensionBindingsAllowed(url)) { |
| return extensions_.Contains(extension_id) ? |
| Feature::UNBLESSED_EXTENSION_CONTEXT : Feature::UNSPECIFIED_CONTEXT; |
| } |
| - if (url_info.url().is_valid()) |
| + if (url.is_valid()) |
| return Feature::WEB_PAGE_CONTEXT; |
| return Feature::UNSPECIFIED_CONTEXT; |
| @@ -1431,9 +1432,9 @@ bool Dispatcher::CheckContextAccessToExtensionAPI( |
| // Theoretically we could end up with bindings being injected into sandboxed |
| // frames, for example content scripts. Don't let them execute API functions. |
| WebKit::WebFrame* frame = context->web_frame(); |
| - ExtensionURLInfo url_info(frame->document().securityOrigin(), |
| - UserScriptSlave::GetDataSourceURLForFrame(frame)); |
| - if (extensions_.IsSandboxedPage(url_info)) { |
| + if (frame->document().securityOrigin().isUnique() || |
| + extensions_.IsSandboxedPage( |
| + UserScriptSlave::GetDataSourceURLForFrame(frame))) { |
| static const char kMessage[] = |
| "%s cannot be used within a sandboxed frame."; |
| std::string error_msg = base::StringPrintf(kMessage, function_name.c_str()); |
