chrome/browser/devtools/devtools_ui_bindings.cc - Issue 2399853003: [M54 merge] Lock down creation of blob:chrome-extension URLs from non-extension processes.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/devtools/devtools_ui_bindings.cc

Issue 2399853003: [M54 merge] Lock down creation of blob:chrome-extension URLs from non-extension processes. (Closed)

Patch Set: Rebase Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/devtools/devtools_sanity_browsertest.cc ('k') | chrome/browser/extensions/process_manager_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/devtools/devtools_ui_bindings.cc

diff --git a/chrome/browser/devtools/devtools_ui_bindings.cc b/chrome/browser/devtools/devtools_ui_bindings.cc

index 2ad277b1bba56668abe85e7d22f5767ef4667a3c..72b890e786ad4ba1663400444af614751c011e59 100644

--- a/chrome/browser/devtools/devtools_ui_bindings.cc

+++ b/chrome/browser/devtools/devtools_ui_bindings.cc

@@ -42,12 +42,14 @@

#include "components/prefs/scoped_user_pref_update.h"

#include "components/syncable_prefs/pref_service_syncable.h"

#include "components/zoom/page_zoom.h"

+#include "content/public/browser/child_process_security_policy.h"

#include "content/public/browser/devtools_external_agent_proxy.h"

#include "content/public/browser/devtools_external_agent_proxy_delegate.h"

#include "content/public/browser/navigation_controller.h"

#include "content/public/browser/navigation_entry.h"

#include "content/public/browser/notification_source.h"

#include "content/public/browser/render_frame_host.h"

+#include "content/public/browser/render_process_host.h"

#include "content/public/browser/render_view_host.h"

#include "content/public/browser/user_metrics.h"

#include "content/public/browser/web_contents.h"

@@ -55,6 +57,7 @@

#include "content/public/common/renderer_preferences.h"

#include "content/public/common/url_constants.h"

#include "extensions/browser/extension_registry.h"

+#include "extensions/common/constants.h"

#include "extensions/common/permissions/permissions_data.h"

#include "ipc/ipc_channel.h"

#include "net/base/io_buffer.h"

@@ -1019,6 +1022,15 @@ void DevToolsUIBindings::AddDevToolsExtensionsToClient() {

extensions::APIPermission::kExperimental)));

results.Append(std::move(extension_info));

}

+ if (!results.empty()) {

+ // At least one devtools extension exists; it will need to run in the

+ // devtools process. Grant it permission to load documents with

+ // chrome-extension:// origins.

+ content::ChildProcessSecurityPolicy::GetInstance()->GrantScheme(

+ web_contents_->GetMainFrame()->GetProcess()->GetID(),

+ extensions::kExtensionScheme);

+ }

CallClientFunction("DevToolsAPI.addExtensions",

&results, NULL, NULL);

}

« no previous file with comments | « chrome/browser/devtools/devtools_sanity_browsertest.cc ('k') | chrome/browser/extensions/process_manager_browsertest.cc » ('j') | no next file with comments »