Index: extensions/common/manifest_handlers/sandboxed_page_info.cc |
diff --git a/extensions/common/manifest_handlers/sandboxed_page_info.cc b/extensions/common/manifest_handlers/sandboxed_page_info.cc |
index d3c82d5fdc12bb7301e9e6ea4c4dc626e4303e41..0b2e7b127e5018d6553796626f699b3dd88848c4 100644 |
--- a/extensions/common/manifest_handlers/sandboxed_page_info.cc |
+++ b/extensions/common/manifest_handlers/sandboxed_page_info.cc |
@@ -25,7 +25,8 @@ namespace keys = extensions::manifest_keys; |
namespace errors = manifest_errors; |
const char kDefaultSandboxedPageContentSecurityPolicy[] = |
- "sandbox allow-scripts allow-forms allow-popups allow-modals"; |
+ "sandbox allow-scripts allow-forms allow-popups allow-modals; " |
+ "script-src 'self'; child-src 'self';"; |
static base::LazyInstance<SandboxedPageInfo> g_empty_sandboxed_info = |
LAZY_INSTANCE_INITIALIZER; |
@@ -93,26 +94,28 @@ bool SandboxedPageHandler::Parse(Extension* extension, base::string16* error) { |
} |
if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) { |
- if (!extension->manifest()->GetString( |
- keys::kSandboxedPagesCSP, |
- &sandboxed_info->content_security_policy)) { |
+ std::string content_security_policy; |
+ if (!extension->manifest()->GetString(keys::kSandboxedPagesCSP, |
+ &content_security_policy)) { |
*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); |
return false; |
} |
- if (!csp_validator::ContentSecurityPolicyIsLegal( |
- sandboxed_info->content_security_policy) || |
+ if (!csp_validator::ContentSecurityPolicyIsLegal(content_security_policy) || |
!csp_validator::ContentSecurityPolicyIsSandboxed( |
- sandboxed_info->content_security_policy, extension->GetType())) { |
+ content_security_policy, extension->GetType())) { |
*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP); |
return false; |
} |
+ |
+ sandboxed_info->content_security_policy = |
+ csp_validator::GetEffectiveSandoxedPageCSP(content_security_policy); |
} else { |
sandboxed_info->content_security_policy = |
kDefaultSandboxedPageContentSecurityPolicy; |
- CHECK(csp_validator::ContentSecurityPolicyIsSandboxed( |
- sandboxed_info->content_security_policy, extension->GetType())); |
} |
+ CHECK(csp_validator::ContentSecurityPolicyIsSandboxed( |
+ sandboxed_info->content_security_policy, extension->GetType())); |
extension->SetManifestData(keys::kSandboxedPages, sandboxed_info.release()); |
return true; |