| Index: extensions/common/permissions/permissions_data_unittest.cc
|
| diff --git a/extensions/common/permissions/permissions_data_unittest.cc b/extensions/common/permissions/permissions_data_unittest.cc
|
| index e86b8cd9a7ebad334bad31a2d973a4a4fbaa1722..70cb8874f126d666b9aec870c3e74d62f27770a1 100644
|
| --- a/extensions/common/permissions/permissions_data_unittest.cc
|
| +++ b/extensions/common/permissions/permissions_data_unittest.cc
|
| @@ -87,6 +87,71 @@ bool RequiresActionForScriptExecution(const std::string& extension_id,
|
| GURL::EmptyGURL());
|
| }
|
|
|
| +// Checks that urls are properly restricted for the given extension.
|
| +void CheckRestrictedUrls(const Extension* extension,
|
| + bool block_chrome_urls) {
|
| + // We log the name so we know _which_ extension failed here.
|
| + const std::string& name = extension->name();
|
| + const GURL chrome_settings_url("chrome://settings/");
|
| + const GURL chrome_extension_url("chrome-extension://foo/bar.html");
|
| + const GURL google_url("https://www.google.com/");
|
| + const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
|
| + const GURL invalid_url("chrome-debugger://foo/bar.html");
|
| +
|
| + std::string error;
|
| + EXPECT_EQ(block_chrome_urls,
|
| + PermissionsData::IsRestrictedUrl(
|
| + chrome_settings_url,
|
| + chrome_settings_url,
|
| + extension,
|
| + &error)) << name;
|
| + if (block_chrome_urls)
|
| + EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name;
|
| + else
|
| + EXPECT_TRUE(error.empty()) << name;
|
| +
|
| + error.clear();
|
| + EXPECT_EQ(block_chrome_urls,
|
| + PermissionsData::IsRestrictedUrl(
|
| + chrome_extension_url,
|
| + chrome_extension_url,
|
| + extension,
|
| + &error)) << name;
|
| + if (block_chrome_urls)
|
| + EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name;
|
| + else
|
| + EXPECT_TRUE(error.empty()) << name;
|
| +
|
| + // Google should never be a restricted url.
|
| + error.clear();
|
| + EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
|
| + google_url, google_url, extension, &error)) << name;
|
| + EXPECT_TRUE(error.empty()) << name;
|
| +
|
| + // We should always be able to access our own extension pages.
|
| + error.clear();
|
| + EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
|
| + self_url, self_url, extension, &error)) << name;
|
| + EXPECT_TRUE(error.empty()) << name;
|
| +
|
| + // We should only allow other schemes for extensions when it's a whitelisted
|
| + // extension.
|
| + error.clear();
|
| + bool allow_on_other_schemes =
|
| + PermissionsData::CanExecuteScriptEverywhere(extension);
|
| + EXPECT_EQ(!allow_on_other_schemes,
|
| + PermissionsData::IsRestrictedUrl(
|
| + invalid_url, invalid_url, extension, &error)) << name;
|
| + if (!allow_on_other_schemes) {
|
| + EXPECT_EQ(ErrorUtils::FormatErrorMessage(
|
| + manifest_errors::kCannotAccessPage,
|
| + invalid_url.spec()),
|
| + error) << name;
|
| + } else {
|
| + EXPECT_TRUE(error.empty());
|
| + }
|
| +}
|
| +
|
| } // namespace
|
|
|
| TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
|
| @@ -242,6 +307,28 @@ TEST(ExtensionPermissionsTest, RequiresActionForScriptExecution) {
|
| extension, 0, GURL("https://www.google.com/")));
|
| }
|
|
|
| +TEST(ExtensionPermissionsTest, IsRestrictedUrl) {
|
| + scoped_refptr<const Extension> extension =
|
| + GetExtensionWithHostPermission("normal_extension",
|
| + kAllHostsPermission,
|
| + Manifest::INTERNAL);
|
| + // Chrome urls should be blocked for normal extensions.
|
| + CheckRestrictedUrls(extension, true);
|
| +
|
| + scoped_refptr<const Extension> component =
|
| + GetExtensionWithHostPermission("component",
|
| + kAllHostsPermission,
|
| + Manifest::COMPONENT);
|
| + // Chrome urls should be accessible by component extensions.
|
| + CheckRestrictedUrls(component, false);
|
| +
|
| + base::CommandLine::ForCurrentProcess()->AppendSwitch(
|
| + switches::kExtensionsOnChromeURLs);
|
| + // Enabling the switch should allow all extensions to access chrome urls.
|
| + CheckRestrictedUrls(extension, false);
|
| +
|
| +}
|
| +
|
| TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
|
| scoped_refptr<Extension> extension;
|
| extension = LoadManifest("permissions", "many-apis.json");
|
| @@ -553,8 +640,8 @@ TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
|
| EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
|
| EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
|
| EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
|
| - EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
|
| - EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
|
| + EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url));
|
| + EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url));
|
|
|
| const PermissionsData* permissions_data = extension->permissions_data();
|
| EXPECT_FALSE(permissions_data->HasHostPermission(settings_url));
|
|
|
Chromium Code Reviews
Issue 352523003:
Have the Debugger extension api check that it has access to the tab (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master