| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/features/simple_feature.h" | 5 #include "chrome/common/extensions/features/simple_feature.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 486 | 486 |
| 487 std::set<Feature::Context>* SimpleFeature::GetContexts() { | 487 std::set<Feature::Context>* SimpleFeature::GetContexts() { |
| 488 return &contexts_; | 488 return &contexts_; |
| 489 } | 489 } |
| 490 | 490 |
| 491 bool SimpleFeature::IsInternal() const { | 491 bool SimpleFeature::IsInternal() const { |
| 492 NOTREACHED(); | 492 NOTREACHED(); |
| 493 return false; | 493 return false; |
| 494 } | 494 } |
| 495 | 495 |
| 496 bool SimpleFeature::IsBlockedInServiceWorker() const { return false; } |
| 497 |
| 496 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id) const { | 498 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id) const { |
| 497 return IsIdInWhitelist(extension_id, whitelist_); | 499 return IsIdInWhitelist(extension_id, whitelist_); |
| 498 } | 500 } |
| 499 | 501 |
| 500 // static | 502 // static |
| 501 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id, | 503 bool SimpleFeature::IsIdInWhitelist(const std::string& extension_id, |
| 502 const std::set<std::string>& whitelist) { | 504 const std::set<std::string>& whitelist) { |
| 503 // Belt-and-suspenders philosophy here. We should be pretty confident by this | 505 // Belt-and-suspenders philosophy here. We should be pretty confident by this |
| 504 // point that we've validated the extension ID format, but in case something | 506 // point that we've validated the extension ID format, but in case something |
| 505 // slips through, we avoid a class of attack where creative ID manipulation | 507 // slips through, we avoid a class of attack where creative ID manipulation |
| 506 // leads to hash collisions. | 508 // leads to hash collisions. |
| 507 if (extension_id.length() != 32) // 128 bits / 4 = 32 mpdecimal characters | 509 if (extension_id.length() != 32) // 128 bits / 4 = 32 mpdecimal characters |
| 508 return false; | 510 return false; |
| 509 | 511 |
| 510 if (whitelist.find(extension_id) != whitelist.end() || | 512 if (whitelist.find(extension_id) != whitelist.end() || |
| 511 whitelist.find(HashExtensionId(extension_id)) != whitelist.end()) { | 513 whitelist.find(HashExtensionId(extension_id)) != whitelist.end()) { |
| 512 return true; | 514 return true; |
| 513 } | 515 } |
| 514 | 516 |
| 515 return false; | 517 return false; |
| 516 } | 518 } |
| 517 | 519 |
| 518 } // namespace extensions | 520 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 217163003:
Enable _api_features.json to block APIs from service worker contexts. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src