| Index: chrome/browser/extensions/api/tabs/tabs_api.cc
|
| diff --git a/chrome/browser/extensions/api/tabs/tabs_api.cc b/chrome/browser/extensions/api/tabs/tabs_api.cc
|
| index 021df4b62ccce2a514dccb11a0e479d8fd8a07f1..f882148ceb736e71d22383a68d82a6b940c13383 100644
|
| --- a/chrome/browser/extensions/api/tabs/tabs_api.cc
|
| +++ b/chrome/browser/extensions/api/tabs/tabs_api.cc
|
| @@ -1320,13 +1320,25 @@ bool TabsUpdateFunction::UpdateURL(const std::string &url_string,
|
| return true;
|
| }
|
|
|
| - web_contents_->GetController().LoadURL(
|
| - url, content::Referrer(), ui::PAGE_TRANSITION_LINK, std::string());
|
| + bool use_renderer_initiated = false;
|
| + // For the PDF extension, treat it as renderer-initiated so that it does not
|
| + // show in the omnibox until it commits. This avoids URL spoofs since urls
|
| + // can be opened on behalf of untrusted content.
|
| + // TODO(devlin|nasko): Make this the default for all extensions.
|
| + if (extension() && extension()->id() == extension_misc::kPdfExtensionId)
|
| + use_renderer_initiated = true;
|
| + NavigationController::LoadURLParams load_params(url);
|
| + load_params.is_renderer_initiated = use_renderer_initiated;
|
| + web_contents_->GetController().LoadURLWithParams(load_params);
|
|
|
| // The URL of a tab contents never actually changes to a JavaScript URL, so
|
| // this check only makes sense in other cases.
|
| - if (!url.SchemeIs(url::kJavaScriptScheme))
|
| - DCHECK_EQ(url.spec(), web_contents_->GetURL().spec());
|
| + if (!url.SchemeIs(url::kJavaScriptScheme)) {
|
| + // The URL should be present in the pending entry, though it may not be
|
| + // visible in the omnibox until it commits.
|
| + DCHECK_EQ(
|
| + url, web_contents_->GetController().GetPendingEntry()->GetVirtualURL());
|
| + }
|
|
|
| return true;
|
| }
|
|
|
Chromium Code Reviews
Issue 2492863003:
[Extensions] Don't show the pending URL for chrome.tabs API navigations (Closed)
