Chromium Code Reviews Chromium Code Reviews
Issue 412643003:
Fix the origin access whitelist for extensions (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: extensions/renderer/dispatcher.cc |
| diff --git a/extensions/renderer/dispatcher.cc b/extensions/renderer/dispatcher.cc |
| index fa242177fa2341141849ce945ff916f1a5f9a356..5a2a481f2bc78d142be9b840549801e682100817 100644 |
| --- a/extensions/renderer/dispatcher.cc |
| +++ b/extensions/renderer/dispatcher.cc |
| @@ -271,7 +271,7 @@ void Dispatcher::DidCreateScriptContext( |
| // Initialize origin permissions for content scripts, which can't be |
| // initialized in |OnActivateExtension|. |
| if (context_type == Feature::CONTENT_SCRIPT_CONTEXT) |
| - UpdateOriginPermissions(extension); |
| + InitOriginPermissions(extension); |
| { |
| scoped_ptr<ModuleSystem> module_system( |
| @@ -506,7 +506,7 @@ void Dispatcher::WebKitInitialized() { |
| const Extension* extension = extensions_.GetByID(*iter); |
| CHECK(extension); |
| - UpdateOriginPermissions(extension); |
| + InitOriginPermissions(extension); |
| } |
| EnableCustomElementWhiteList(); |
| @@ -565,7 +565,7 @@ void Dispatcher::OnActivateExtension(const std::string& extension_id) { |
| extensions::DOMActivityLogger::AttachToWorld( |
| extensions::DOMActivityLogger::kMainWorldId, extension_id); |
| - UpdateOriginPermissions(extension); |
| + InitOriginPermissions(extension); |
| } |
| UpdateActiveExtensions(); |
| @@ -741,8 +741,14 @@ void Dispatcher::OnUpdatePermissions( |
| scoped_refptr<const PermissionSet> withheld = |
| params.withheld_permissions.ToPermissionSet(); |
| + if (is_webkit_initialized_) { |
| + UpdateOriginPermissions( |
| + extension, |
| + active->effective_hosts(), |
| + extension->permissions_data()->GetEffectiveHostPermissions()); |
| + } |
| + |
| extension->permissions_data()->SetPermissions(active, withheld); |
| - UpdateOriginPermissions(extension); |
| UpdateBindings(extension->id()); |
| } |
| @@ -771,28 +777,50 @@ void Dispatcher::UpdateActiveExtensions() { |
| delegate_->OnActiveExtensionsUpdated(active_extensions); |
| } |
| -void Dispatcher::UpdateOriginPermissions(const Extension* extension) { |
| - const URLPatternSet& hosts = |
| - extension->permissions_data()->GetEffectiveHostPermissions(); |
| - WebSecurityPolicy::resetOriginAccessWhitelists(); |
| +void Dispatcher::InitOriginPermissions(const Extension* extension) { |
| delegate_->InitOriginPermissions(extension, |
| IsExtensionActive(extension->id())); |
| - for (URLPatternSet::const_iterator iter = hosts.begin(); iter != hosts.end(); |
| - ++iter) { |
| - const char* schemes[] = { |
| - url::kHttpScheme, |
| - url::kHttpsScheme, |
| - url::kFileScheme, |
| - content::kChromeUIScheme, |
| - url::kFtpScheme, |
| - }; |
| - for (size_t j = 0; j < arraysize(schemes); ++j) { |
| - if (iter->MatchesScheme(schemes[j])) { |
| + UpdateOriginPermissions( |
| + extension, |
| + extension->permissions_data()->GetEffectiveHostPermissions(), |
| + URLPatternSet()); // No old permissions. |
| +} |
| + |
| +void Dispatcher::UpdateOriginPermissions( |
| + const Extension* extension, |
| + const URLPatternSet& new_patterns, |
|
not at google - send to devlin
2014/07/23 17:01:17
nit: could you swap new_patterns and old_patterns?
Devlin
2014/07/23 17:20:58
Done.
|
| + const URLPatternSet& old_patterns) { |
| + static const char* kSchemes[] = { |
| + url::kHttpScheme, |
| + url::kHttpsScheme, |
| + url::kFileScheme, |
| + content::kChromeUIScheme, |
| + url::kFtpScheme, |
| + }; |
| + for (size_t i = 0; i < arraysize(kSchemes); ++i) { |
| + const char* scheme = kSchemes[i]; |
| + // Remove all old patterns that aren't also in the new patterns. |
| + for (URLPatternSet::const_iterator pattern = old_patterns.begin(); |
| + pattern != old_patterns.end(); ++pattern) { |
| + if (pattern->MatchesScheme(scheme) && |
| + !new_patterns.ContainsPattern(*pattern)) { |
| + WebSecurityPolicy::removeOriginAccessWhitelistEntry( |
| + extension->url(), |
| + WebString::fromUTF8(scheme), |
| + WebString::fromUTF8(pattern->host()), |
| + pattern->match_subdomains()); |
| + } |
| + } |
| + for (URLPatternSet::const_iterator pattern = new_patterns.begin(); |
| + pattern != new_patterns.end(); ++pattern) { |
| + // Add any new patterns that weren't in the old patterns. |
|
not at google - send to devlin
2014/07/23 17:01:17
nit: this comment should be up a couple of lines t
Devlin
2014/07/23 17:20:58
Done.
|
| + if (pattern->MatchesScheme(scheme) && |
| + !old_patterns.ContainsPattern(*pattern)) { |
| WebSecurityPolicy::addOriginAccessWhitelistEntry( |
| extension->url(), |
| - WebString::fromUTF8(schemes[j]), |
| - WebString::fromUTF8(iter->host()), |
| - iter->match_subdomains()); |
| + WebString::fromUTF8(scheme), |
| + WebString::fromUTF8(pattern->host()), |
| + pattern->match_subdomains()); |
| } |
| } |
| } |
