Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(569)

Unified Diff: extensions/renderer/dispatcher.cc

Issue 412643003: Fix the origin access whitelist for extensions (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/renderer/dispatcher.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/dispatcher.cc
diff --git a/extensions/renderer/dispatcher.cc b/extensions/renderer/dispatcher.cc
index fa242177fa2341141849ce945ff916f1a5f9a356..0124a43048966a4fa52a6b7bf2adcc7b3077fd13 100644
--- a/extensions/renderer/dispatcher.cc
+++ b/extensions/renderer/dispatcher.cc
@@ -271,7 +271,7 @@ void Dispatcher::DidCreateScriptContext(
// Initialize origin permissions for content scripts, which can't be
// initialized in |OnActivateExtension|.
if (context_type == Feature::CONTENT_SCRIPT_CONTEXT)
- UpdateOriginPermissions(extension);
+ InitOriginPermissions(extension);
{
scoped_ptr<ModuleSystem> module_system(
@@ -506,7 +506,7 @@ void Dispatcher::WebKitInitialized() {
const Extension* extension = extensions_.GetByID(*iter);
CHECK(extension);
- UpdateOriginPermissions(extension);
+ InitOriginPermissions(extension);
}
EnableCustomElementWhiteList();
@@ -565,7 +565,7 @@ void Dispatcher::OnActivateExtension(const std::string& extension_id) {
extensions::DOMActivityLogger::AttachToWorld(
extensions::DOMActivityLogger::kMainWorldId, extension_id);
- UpdateOriginPermissions(extension);
+ InitOriginPermissions(extension);
}
UpdateActiveExtensions();
@@ -741,8 +741,27 @@ void Dispatcher::OnUpdatePermissions(
scoped_refptr<const PermissionSet> withheld =
params.withheld_permissions.ToPermissionSet();
+ // If webkit isn't initialized, this will be done when it finishes starting
not at google - send to devlin 2014/07/23 01:18:54 s/webkit/blink/ though I think the comment isn't
Devlin 2014/07/23 15:41:51 Done.
+ // up.
+ if (is_webkit_initialized_) {
+ bool was_added = params.was_added;
not at google - send to devlin 2014/07/23 01:18:54 this alias seems like overkill.
Devlin 2014/07/23 15:41:51 Done.
+ URLPatternSet difference;
+ if (was_added) {
+ URLPatternSet::CreateDifference(
+ active->effective_hosts(),
+ extension->permissions_data()->GetEffectiveHostPermissions(),
+ &difference);
+ } else {
+ URLPatternSet::CreateDifference(
+ extension->permissions_data()->GetEffectiveHostPermissions(),
+ active->effective_hosts(),
+ &difference);
+ }
+
+ UpdateOriginPermissions(extension, was_added, difference);
+ }
+
extension->permissions_data()->SetPermissions(active, withheld);
- UpdateOriginPermissions(extension);
UpdateBindings(extension->id());
}
@@ -771,24 +790,32 @@ void Dispatcher::UpdateActiveExtensions() {
delegate_->OnActiveExtensionsUpdated(active_extensions);
}
-void Dispatcher::UpdateOriginPermissions(const Extension* extension) {
- const URLPatternSet& hosts =
- extension->permissions_data()->GetEffectiveHostPermissions();
- WebSecurityPolicy::resetOriginAccessWhitelists();
Devlin 2014/07/22 21:56:47 This was introduced in https://codereview.chromium
not at google - send to devlin 2014/07/23 01:18:54 right... good point. This would be such a simpler
Devlin 2014/07/23 15:41:51 But to add the new ones, we add the new ones for _
not at google - send to devlin 2014/07/23 15:45:35 I don't think so? add/remove take the origin which
Devlin 2014/07/23 16:14:01 Ahhh, I see, I misunderstood (thought you meant st
+void Dispatcher::InitOriginPermissions(const Extension* extension) {
delegate_->InitOriginPermissions(extension,
IsExtensionActive(extension->id()));
- for (URLPatternSet::const_iterator iter = hosts.begin(); iter != hosts.end();
- ++iter) {
- const char* schemes[] = {
- url::kHttpScheme,
- url::kHttpsScheme,
- url::kFileScheme,
- content::kChromeUIScheme,
- url::kFtpScheme,
- };
+ UpdateOriginPermissions(
+ extension,
+ true, // was added
+ extension->permissions_data()->GetEffectiveHostPermissions());
+}
+
+void Dispatcher::UpdateOriginPermissions(
+ const Extension* extension,
+ bool was_added,
+ const URLPatternSet& patterns) {
+ static const char* schemes[] = {
not at google - send to devlin 2014/07/23 01:18:55 kSchemes?
Devlin 2014/07/23 15:41:51 Done.
+ url::kHttpScheme,
+ url::kHttpsScheme,
+ url::kFileScheme,
+ content::kChromeUIScheme,
+ url::kFtpScheme,
+ };
+ for (URLPatternSet::const_iterator iter = patterns.begin();
+ iter != patterns.end(); ++iter) {
for (size_t j = 0; j < arraysize(schemes); ++j) {
if (iter->MatchesScheme(schemes[j])) {
- WebSecurityPolicy::addOriginAccessWhitelistEntry(
+ (was_added ? WebSecurityPolicy::addOriginAccessWhitelistEntry
+ : WebSecurityPolicy::removeOriginAccessWhitelistEntry)(
extension->url(),
WebString::fromUTF8(schemes[j]),
WebString::fromUTF8(iter->host()),
« no previous file with comments | « extensions/renderer/dispatcher.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698