Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1211)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/process_manager_browsertest.cc

Issue 2364633004: Lock down the registration of blob:chrome-extension:// URLs (Closed)
Patch Set: Pare down CL Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/browser_process_impl.cc ('K') | « chrome/browser/chrome_security_exploit_browsertest.cc ('k') | content/browser/bad_message.h » ('j') | content/browser/child_process_security_policy_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/process_manager_browsertest.cc
diff --git a/chrome/browser/extensions/process_manager_browsertest.cc b/chrome/browser/extensions/process_manager_browsertest.cc
index 62f4e4296e32215259c288a0a9ba8c34cede5b6d..c4b0d9aaee4160080f57d1b734bb673522d809bf 100644
--- a/chrome/browser/extensions/process_manager_browsertest.cc
+++ b/chrome/browser/extensions/process_manager_browsertest.cc
@@ -19,6 +19,7 @@
#include "chrome/common/pref_names.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/child_process_security_policy.h"
#include "content/public/browser/notification_service.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
@@ -674,6 +675,47 @@ IN_PROC_BROWSER_TEST_F(ProcessManagerBrowserTest,
content::RenderFrameHost* main_frame = tab->GetMainFrame();
content::RenderFrameHost* extension_frame = ChildFrameAt(main_frame, 0);
+ // Validate that permissions have been granted for the extension scheme
+ // to the process of the extension iframe.
+ content::ChildProcessSecurityPolicy* policy =
+ content::ChildProcessSecurityPolicy::GetInstance();
+ EXPECT_TRUE(policy->CanRequestURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("blob:chrome-extension://some-extension-id/some-guid")));
Devlin 2016/09/29 17:31:09 nit: I'd recommend using some kind of valid id, be
ncarter (slow) 2016/09/29 21:01:45 Your point is good. It would actually be pretty st
+ EXPECT_TRUE(policy->CanRequestURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("blob:chrome-extension://some-extension-id/some-guid")));
+ EXPECT_TRUE(policy->CanRequestURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("filesystem:chrome-extension://some-extension-id/some-path")));
+ EXPECT_TRUE(policy->CanRequestURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("filesystem:chrome-extension://some-extension-id/some-path")));
+ EXPECT_TRUE(policy->CanRequestURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("chrome-extension://some-extension-id/resource.html")));
+ EXPECT_TRUE(policy->CanRequestURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("chrome-extension://some-extension-id/resource.html")));
+ EXPECT_TRUE(policy->CanCommitURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("blob:chrome-extension://some-extension-id/some-guid")));
+ EXPECT_FALSE(policy->CanCommitURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("blob:chrome-extension://some-extension-id/some-guid")));
+ EXPECT_TRUE(policy->CanCommitURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("chrome-extension://some-extension-id/resource.html")));
+ EXPECT_FALSE(policy->CanCommitURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("chrome-extension://some-extension-id/resource.html")));
+ EXPECT_TRUE(policy->CanCommitURL(
+ extension_frame->GetProcess()->GetID(),
+ GURL("filesystem:chrome-extension://some-extension-id/some-path")));
+ EXPECT_FALSE(policy->CanCommitURL(
+ main_frame->GetProcess()->GetID(),
+ GURL("filesystem:chrome-extension://some-extension-id/some-path")));
+
// Open a new about:blank popup from main frame. This should stay in the web
// process.
content::WebContents* popup =
« chrome/browser/browser_process_impl.cc ('K') | « chrome/browser/chrome_security_exploit_browsertest.cc ('k') | content/browser/bad_message.h » ('j') | content/browser/child_process_security_policy_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698