[Extensions] Expand capabilities to about:blank iframes within a page

[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
Committed: https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8
Cr-Commit-Position: refs/heads/master@{#395744}

[Devlin, 2016-05-18 18:15:26]

Patchset #1 (id:1) has been deleted

[Devlin, 2016-05-18 20:42:33]

Description was changed from

==========
fooling

BUG=
==========

to

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".
In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

[Devlin, 2016-05-18 20:43:17]

Description was changed from

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".
In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

to

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

[Devlin, 2016-05-18 20:43:23]

rdevlin.cronin@chromium.org changed reviewers:
+ asargent@chromium.org

[asargent_no_longer_on_chrome, 2016-05-18 23:04:49]

lgtm with one random thought:

Should we omit the permission if the iframe has the sandbox attribute? I guess
that's usually used to safely embed 3rd party content at some url, but might
sometimes be used with about:blank iframes to do stuff like eval in a safer
environment.

[Devlin, 2016-05-21 00:03:47]

On 2016/05/18 23:04:49, Antony Sargent wrote:
> Should we omit the permission if the iframe has the sandbox attribute? I guess
> that's usually used to safely embed 3rd party content at some url, but might
> sometimes be used with about:blank iframes to do stuff like eval in a safer
> environment.

Sounds reasonable to me.  Done.

[Devlin, 2016-05-24 19:57:21]

The CQ bit was checked by rdevlin.cronin@chromium.org

[Devlin, 2016-05-24 19:57:21]

The patchset sent to the CQ was uploaded after l-g-t-m from
asargent@chromium.org
Link to the patchset: https://codereview.chromium.org/1985323002/#ps40001
(title: "Don't inject on sandboxed iframes")

[commit-bot: I haz the power, 2016-05-24 19:57:46]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1985323002/40001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1985323002/40001

[commit-bot: I haz the power, 2016-05-25 00:00:09]

Description was changed from

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

to

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

[commit-bot: I haz the power, 2016-05-25 00:00:10]

Committed patchset #2 (id:40001)

[commit-bot: I haz the power, 2016-05-25 00:03:20]

Description was changed from

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900
==========

to

==========
[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG=599900

Committed: https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8
Cr-Commit-Position: refs/heads/master@{#395744}
==========

[commit-bot: I haz the power, 2016-05-25 00:03:21]

Patchset 2 (id:??) landed as
https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8
Cr-Commit-Position: refs/heads/master@{#395744}