| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/renderer/content_setting.h" | 5 #include "extensions/renderer/content_setting.h" |
| 6 | 6 |
| 7 #include "base/memory/ptr_util.h" | 7 #include "base/memory/ptr_util.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "content/public/common/console_message_level.h" | 10 #include "content/public/common/console_message_level.h" |
| 11 #include "extensions/renderer/api_request_handler.h" | 11 #include "extensions/renderer/api_request_handler.h" |
| 12 #include "extensions/renderer/api_signature.h" | 12 #include "extensions/renderer/api_signature.h" |
| 13 #include "extensions/renderer/api_type_reference_map.h" | 13 #include "extensions/renderer/api_type_reference_map.h" |
| 14 #include "extensions/renderer/binding_access_checker.h" |
| 14 #include "extensions/renderer/console.h" | 15 #include "extensions/renderer/console.h" |
| 15 #include "extensions/renderer/script_context_set.h" | 16 #include "extensions/renderer/script_context_set.h" |
| 16 #include "gin/arguments.h" | 17 #include "gin/arguments.h" |
| 17 #include "gin/converter.h" | 18 #include "gin/converter.h" |
| 18 #include "gin/handle.h" | 19 #include "gin/handle.h" |
| 19 #include "gin/object_template_builder.h" | 20 #include "gin/object_template_builder.h" |
| 20 | 21 |
| 21 namespace extensions { | 22 namespace extensions { |
| 22 | 23 |
| 23 namespace { | 24 namespace { |
| 24 | 25 |
| 25 // Content settings that are deprecated. | 26 // Content settings that are deprecated. |
| 26 const char* const kDeprecatedTypes[] = { | 27 const char* const kDeprecatedTypes[] = { |
| 27 "fullscreen", "mouselock", | 28 "fullscreen", "mouselock", |
| 28 }; | 29 }; |
| 29 | 30 |
| 30 bool IsDeprecated(base::StringPiece type) { | 31 bool IsDeprecated(base::StringPiece type) { |
| 31 return std::find(std::begin(kDeprecatedTypes), std::end(kDeprecatedTypes), | 32 return std::find(std::begin(kDeprecatedTypes), std::end(kDeprecatedTypes), |
| 32 type) != std::end(kDeprecatedTypes); | 33 type) != std::end(kDeprecatedTypes); |
| 33 } | 34 } |
| 34 } | 35 } |
| 35 | 36 |
| 36 v8::Local<v8::Object> ContentSetting::Create( | 37 v8::Local<v8::Object> ContentSetting::Create( |
| 37 const binding::RunJSFunction& run_js, | 38 const binding::RunJSFunction& run_js, |
| 38 v8::Isolate* isolate, | 39 v8::Isolate* isolate, |
| 39 const std::string& property_name, | 40 const std::string& property_name, |
| 40 const base::ListValue* property_values, | 41 const base::ListValue* property_values, |
| 41 APIRequestHandler* request_handler, | 42 APIRequestHandler* request_handler, |
| 42 APIEventHandler* event_handler, | 43 APIEventHandler* event_handler, |
| 43 APITypeReferenceMap* type_refs) { | 44 APITypeReferenceMap* type_refs, |
| 45 const BindingAccessChecker* access_checker) { |
| 44 std::string pref_name; | 46 std::string pref_name; |
| 45 CHECK(property_values->GetString(0u, &pref_name)); | 47 CHECK(property_values->GetString(0u, &pref_name)); |
| 46 const base::DictionaryValue* value_spec = nullptr; | 48 const base::DictionaryValue* value_spec = nullptr; |
| 47 CHECK(property_values->GetDictionary(1u, &value_spec)); | 49 CHECK(property_values->GetDictionary(1u, &value_spec)); |
| 48 | 50 |
| 49 gin::Handle<ContentSetting> handle = gin::CreateHandle( | 51 gin::Handle<ContentSetting> handle = gin::CreateHandle( |
| 50 isolate, new ContentSetting(run_js, request_handler, type_refs, pref_name, | 52 isolate, new ContentSetting(run_js, request_handler, type_refs, |
| 51 *value_spec)); | 53 access_checker, pref_name, *value_spec)); |
| 52 return handle.ToV8().As<v8::Object>(); | 54 return handle.ToV8().As<v8::Object>(); |
| 53 } | 55 } |
| 54 | 56 |
| 55 ContentSetting::ContentSetting(const binding::RunJSFunction& run_js, | 57 ContentSetting::ContentSetting(const binding::RunJSFunction& run_js, |
| 56 APIRequestHandler* request_handler, | 58 APIRequestHandler* request_handler, |
| 57 const APITypeReferenceMap* type_refs, | 59 const APITypeReferenceMap* type_refs, |
| 60 const BindingAccessChecker* access_checker, |
| 58 const std::string& pref_name, | 61 const std::string& pref_name, |
| 59 const base::DictionaryValue& set_value_spec) | 62 const base::DictionaryValue& set_value_spec) |
| 60 : run_js_(run_js), | 63 : run_js_(run_js), |
| 61 request_handler_(request_handler), | 64 request_handler_(request_handler), |
| 62 type_refs_(type_refs), | 65 type_refs_(type_refs), |
| 66 access_checker_(access_checker), |
| 63 pref_name_(pref_name), | 67 pref_name_(pref_name), |
| 64 argument_spec_(ArgumentType::OBJECT) { | 68 argument_spec_(ArgumentType::OBJECT) { |
| 65 // The set() call takes an object { setting: { type: <t> }, ... }, where <t> | 69 // The set() call takes an object { setting: { type: <t> }, ... }, where <t> |
| 66 // is the custom set() argument specified above by value_spec. | 70 // is the custom set() argument specified above by value_spec. |
| 67 ArgumentSpec::PropertiesMap properties; | 71 ArgumentSpec::PropertiesMap properties; |
| 68 properties["primaryPattern"] = | 72 properties["primaryPattern"] = |
| 69 base::MakeUnique<ArgumentSpec>(ArgumentType::STRING); | 73 base::MakeUnique<ArgumentSpec>(ArgumentType::STRING); |
| 70 { | 74 { |
| 71 auto secondary_pattern_spec = | 75 auto secondary_pattern_spec = |
| 72 base::MakeUnique<ArgumentSpec>(ArgumentType::STRING); | 76 base::MakeUnique<ArgumentSpec>(ArgumentType::STRING); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 122 | 126 |
| 123 void ContentSetting::HandleFunction(const std::string& method_name, | 127 void ContentSetting::HandleFunction(const std::string& method_name, |
| 124 gin::Arguments* arguments) { | 128 gin::Arguments* arguments) { |
| 125 v8::Isolate* isolate = arguments->isolate(); | 129 v8::Isolate* isolate = arguments->isolate(); |
| 126 v8::HandleScope handle_scope(isolate); | 130 v8::HandleScope handle_scope(isolate); |
| 127 v8::Local<v8::Context> context = arguments->GetHolderCreationContext(); | 131 v8::Local<v8::Context> context = arguments->GetHolderCreationContext(); |
| 128 | 132 |
| 129 std::vector<v8::Local<v8::Value>> argument_list = arguments->GetAll(); | 133 std::vector<v8::Local<v8::Value>> argument_list = arguments->GetAll(); |
| 130 | 134 |
| 131 std::string full_name = "contentSettings.ContentSetting." + method_name; | 135 std::string full_name = "contentSettings.ContentSetting." + method_name; |
| 136 |
| 137 if (!access_checker_->HasAccessOrThrowError(context, full_name)) |
| 138 return; |
| 139 |
| 132 std::unique_ptr<base::ListValue> converted_arguments; | 140 std::unique_ptr<base::ListValue> converted_arguments; |
| 133 v8::Local<v8::Function> callback; | 141 v8::Local<v8::Function> callback; |
| 134 std::string error; | 142 std::string error; |
| 135 if (!type_refs_->GetTypeMethodSignature(full_name)->ParseArgumentsToJSON( | 143 if (!type_refs_->GetTypeMethodSignature(full_name)->ParseArgumentsToJSON( |
| 136 context, argument_list, *type_refs_, &converted_arguments, &callback, | 144 context, argument_list, *type_refs_, &converted_arguments, &callback, |
| 137 &error)) { | 145 &error)) { |
| 138 arguments->ThrowTypeError("Invalid invocation: " + error); | 146 arguments->ThrowTypeError("Invalid invocation: " + error); |
| 139 return; | 147 return; |
| 140 } | 148 } |
| 141 | 149 |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 179 } | 187 } |
| 180 } | 188 } |
| 181 | 189 |
| 182 converted_arguments->Insert(0u, base::MakeUnique<base::Value>(pref_name_)); | 190 converted_arguments->Insert(0u, base::MakeUnique<base::Value>(pref_name_)); |
| 183 request_handler_->StartRequest( | 191 request_handler_->StartRequest( |
| 184 context, "contentSettings." + method_name, std::move(converted_arguments), | 192 context, "contentSettings." + method_name, std::move(converted_arguments), |
| 185 callback, v8::Local<v8::Function>(), binding::RequestThread::UI); | 193 callback, v8::Local<v8::Function>(), binding::RequestThread::UI); |
| 186 } | 194 } |
| 187 | 195 |
| 188 } // namespace extensions | 196 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2953453002:
[Extensions Bindings] Add access checks in custom types (Closed)
