OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/common/manifest_handlers/sandboxed_page_info.h" | 5 #include "extensions/common/manifest_handlers/sandboxed_page_info.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 | 10 |
11 #include "base/lazy_instance.h" | 11 #include "base/lazy_instance.h" |
12 #include "base/strings/string_number_conversions.h" | 12 #include "base/strings/string_number_conversions.h" |
13 #include "base/strings/utf_string_conversions.h" | 13 #include "base/strings/utf_string_conversions.h" |
14 #include "base/values.h" | 14 #include "base/values.h" |
15 #include "extensions/common/csp_validator.h" | 15 #include "extensions/common/csp_validator.h" |
16 #include "extensions/common/error_utils.h" | 16 #include "extensions/common/error_utils.h" |
17 #include "extensions/common/manifest_constants.h" | 17 #include "extensions/common/manifest_constants.h" |
18 #include "extensions/common/url_pattern.h" | 18 #include "extensions/common/url_pattern.h" |
19 | 19 |
20 namespace extensions { | 20 namespace extensions { |
21 | 21 |
22 namespace { | 22 namespace { |
23 | 23 |
24 namespace keys = extensions::manifest_keys; | 24 namespace keys = extensions::manifest_keys; |
25 namespace errors = manifest_errors; | 25 namespace errors = manifest_errors; |
26 | 26 |
27 const char kDefaultSandboxedPageContentSecurityPolicy[] = | 27 const char kDefaultSandboxedPageContentSecurityPolicy[] = |
28 "sandbox allow-scripts allow-forms allow-popups allow-modals"; | 28 "sandbox allow-scripts allow-forms allow-popups allow-modals; " |
| 29 "script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';"; |
29 | 30 |
30 static base::LazyInstance<SandboxedPageInfo> g_empty_sandboxed_info = | 31 static base::LazyInstance<SandboxedPageInfo> g_empty_sandboxed_info = |
31 LAZY_INSTANCE_INITIALIZER; | 32 LAZY_INSTANCE_INITIALIZER; |
32 | 33 |
33 const SandboxedPageInfo& GetSandboxedPageInfo(const Extension* extension) { | 34 const SandboxedPageInfo& GetSandboxedPageInfo(const Extension* extension) { |
34 SandboxedPageInfo* info = static_cast<SandboxedPageInfo*>( | 35 SandboxedPageInfo* info = static_cast<SandboxedPageInfo*>( |
35 extension->GetManifestData(keys::kSandboxedPages)); | 36 extension->GetManifestData(keys::kSandboxedPages)); |
36 return info ? *info : g_empty_sandboxed_info.Get(); | 37 return info ? *info : g_empty_sandboxed_info.Get(); |
37 } | 38 } |
38 | 39 |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
86 errors::kInvalidURLPatternError, extension->url().spec()); | 87 errors::kInvalidURLPatternError, extension->url().spec()); |
87 return false; | 88 return false; |
88 } | 89 } |
89 while (relative_path[0] == '/') | 90 while (relative_path[0] == '/') |
90 relative_path = relative_path.substr(1, relative_path.length() - 1); | 91 relative_path = relative_path.substr(1, relative_path.length() - 1); |
91 pattern.SetPath(pattern.path() + relative_path); | 92 pattern.SetPath(pattern.path() + relative_path); |
92 sandboxed_info->pages.AddPattern(pattern); | 93 sandboxed_info->pages.AddPattern(pattern); |
93 } | 94 } |
94 | 95 |
95 if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) { | 96 if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) { |
96 if (!extension->manifest()->GetString( | 97 std::string content_security_policy; |
97 keys::kSandboxedPagesCSP, | 98 if (!extension->manifest()->GetString(keys::kSandboxedPagesCSP, |
98 &sandboxed_info->content_security_policy)) { | 99 &content_security_policy)) { |
99 *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); | 100 *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); |
100 return false; | 101 return false; |
101 } | 102 } |
102 | 103 |
103 if (!csp_validator::ContentSecurityPolicyIsLegal( | 104 if (!csp_validator::ContentSecurityPolicyIsLegal(content_security_policy) || |
104 sandboxed_info->content_security_policy) || | |
105 !csp_validator::ContentSecurityPolicyIsSandboxed( | 105 !csp_validator::ContentSecurityPolicyIsSandboxed( |
106 sandboxed_info->content_security_policy, extension->GetType())) { | 106 content_security_policy, extension->GetType())) { |
107 *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); | 107 *error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); |
108 return false; | 108 return false; |
109 } | 109 } |
| 110 |
| 111 std::vector<InstallWarning> warnings; |
| 112 sandboxed_info->content_security_policy = |
| 113 csp_validator::GetEffectiveSandoxedPageCSP(content_security_policy, |
| 114 &warnings); |
| 115 extension->AddInstallWarnings(warnings); |
110 } else { | 116 } else { |
111 sandboxed_info->content_security_policy = | 117 sandboxed_info->content_security_policy = |
112 kDefaultSandboxedPageContentSecurityPolicy; | 118 kDefaultSandboxedPageContentSecurityPolicy; |
113 CHECK(csp_validator::ContentSecurityPolicyIsSandboxed( | |
114 sandboxed_info->content_security_policy, extension->GetType())); | |
115 } | 119 } |
| 120 CHECK(csp_validator::ContentSecurityPolicyIsSandboxed( |
| 121 sandboxed_info->content_security_policy, extension->GetType())); |
116 | 122 |
117 extension->SetManifestData(keys::kSandboxedPages, sandboxed_info.release()); | 123 extension->SetManifestData(keys::kSandboxedPages, sandboxed_info.release()); |
118 return true; | 124 return true; |
119 } | 125 } |
120 | 126 |
121 const std::vector<std::string> SandboxedPageHandler::Keys() const { | 127 const std::vector<std::string> SandboxedPageHandler::Keys() const { |
122 return SingleKey(keys::kSandboxedPages); | 128 return SingleKey(keys::kSandboxedPages); |
123 } | 129 } |
124 | 130 |
125 } // namespace extensions | 131 } // namespace extensions |
OLD | NEW |