extensions/common/manifest_handlers/sandboxed_page_info.cc - Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: extensions/common/manifest_handlers/sandboxed_page_info.cc

Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them. (Closed)

Patch Set: more commetns Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« extensions/common/csp_validator.cc ('K') | « extensions/common/manifest_handlers/csp_info_unittest.cc ('k') | extensions/test/data/manifest_tests/sandboxed_pages_valid_3.json » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: extensions/common/manifest_handlers/sandboxed_page_info.cc

diff --git a/extensions/common/manifest_handlers/sandboxed_page_info.cc b/extensions/common/manifest_handlers/sandboxed_page_info.cc

index d3c82d5fdc12bb7301e9e6ea4c4dc626e4303e41..c8ad586b8ec130e53a8b57fb879f8b8a7ea82a99 100644

--- a/extensions/common/manifest_handlers/sandboxed_page_info.cc

+++ b/extensions/common/manifest_handlers/sandboxed_page_info.cc

@@ -25,7 +25,8 @@ namespace keys = extensions::manifest_keys;

namespace errors = manifest_errors;

const char kDefaultSandboxedPageContentSecurityPolicy[] =

- "sandbox allow-scripts allow-forms allow-popups allow-modals";

+ "sandbox allow-scripts allow-forms allow-popups allow-modals; "

+ "script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';";

static base::LazyInstance<SandboxedPageInfo> g_empty_sandboxed_info =

LAZY_INSTANCE_INITIALIZER;

@@ -93,26 +94,31 @@ bool SandboxedPageHandler::Parse(Extension* extension, base::string16* error) {

}

if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) {

- if (!extension->manifest()->GetString(

- keys::kSandboxedPagesCSP,

- &sandboxed_info->content_security_policy)) {

+ std::string content_security_policy;

+ if (!extension->manifest()->GetString(keys::kSandboxedPagesCSP,

+ &content_security_policy)) {

*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);

return false;

}

- if (!csp_validator::ContentSecurityPolicyIsLegal(

- sandboxed_info->content_security_policy) ||

+ if (!csp_validator::ContentSecurityPolicyIsLegal(content_security_policy) ||

!csp_validator::ContentSecurityPolicyIsSandboxed(

- sandboxed_info->content_security_policy, extension->GetType())) {

+ content_security_policy, extension->GetType())) {

*error = base::ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);

return false;

}

+ std::vector<InstallWarning> warnings;

+ sandboxed_info->content_security_policy =

+ csp_validator::GetEffectiveSandoxedPageCSP(content_security_policy,

+ &warnings);

+ extension->AddInstallWarnings(warnings);

} else {

sandboxed_info->content_security_policy =

kDefaultSandboxedPageContentSecurityPolicy;

- CHECK(csp_validator::ContentSecurityPolicyIsSandboxed(

- sandboxed_info->content_security_policy, extension->GetType()));

}

+ CHECK(csp_validator::ContentSecurityPolicyIsSandboxed(

+ sandboxed_info->content_security_policy, extension->GetType()));

extension->SetManifestData(keys::kSandboxedPages, sandboxed_info.release());

return true;