Index: extensions/common/permissions/permissions_data_unittest.cc |
=================================================================== |
--- extensions/common/permissions/permissions_data_unittest.cc (revision 287393) |
+++ extensions/common/permissions/permissions_data_unittest.cc (working copy) |
@@ -87,6 +87,71 @@ |
GURL::EmptyGURL()); |
} |
+// Checks that urls are properly restricted for the given extension. |
+void CheckRestrictedUrls(const Extension* extension, |
+ bool block_chrome_urls) { |
+ // We log the name so we know _which_ extension failed here. |
+ const std::string& name = extension->name(); |
+ const GURL chrome_settings_url("chrome://settings/"); |
+ const GURL chrome_extension_url("chrome-extension://foo/bar.html"); |
+ const GURL google_url("https://www.google.com/"); |
+ const GURL self_url("chrome-extension://" + extension->id() + "/foo.html"); |
+ const GURL invalid_url("chrome-debugger://foo/bar.html"); |
+ |
+ std::string error; |
+ EXPECT_EQ(block_chrome_urls, |
+ PermissionsData::IsRestrictedUrl( |
+ chrome_settings_url, |
+ chrome_settings_url, |
+ extension, |
+ &error)) << name; |
+ if (block_chrome_urls) |
+ EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name; |
+ else |
+ EXPECT_TRUE(error.empty()) << name; |
+ |
+ error.clear(); |
+ EXPECT_EQ(block_chrome_urls, |
+ PermissionsData::IsRestrictedUrl( |
+ chrome_extension_url, |
+ chrome_extension_url, |
+ extension, |
+ &error)) << name; |
+ if (block_chrome_urls) |
+ EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name; |
+ else |
+ EXPECT_TRUE(error.empty()) << name; |
+ |
+ // Google should never be a restricted url. |
+ error.clear(); |
+ EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
+ google_url, google_url, extension, &error)) << name; |
+ EXPECT_TRUE(error.empty()) << name; |
+ |
+ // We should always be able to access our own extension pages. |
+ error.clear(); |
+ EXPECT_FALSE(PermissionsData::IsRestrictedUrl( |
+ self_url, self_url, extension, &error)) << name; |
+ EXPECT_TRUE(error.empty()) << name; |
+ |
+ // We should only allow other schemes for extensions when it's a whitelisted |
+ // extension. |
+ error.clear(); |
+ bool allow_on_other_schemes = |
+ PermissionsData::CanExecuteScriptEverywhere(extension); |
+ EXPECT_EQ(!allow_on_other_schemes, |
+ PermissionsData::IsRestrictedUrl( |
+ invalid_url, invalid_url, extension, &error)) << name; |
+ if (!allow_on_other_schemes) { |
+ EXPECT_EQ(ErrorUtils::FormatErrorMessage( |
+ manifest_errors::kCannotAccessPage, |
+ invalid_url.spec()), |
+ error) << name; |
+ } else { |
+ EXPECT_TRUE(error.empty()); |
+ } |
+} |
+ |
} // namespace |
TEST(ExtensionPermissionsTest, EffectiveHostPermissions) { |
@@ -242,6 +307,28 @@ |
extension, 0, GURL("https://www.google.com/"))); |
} |
+TEST(ExtensionPermissionsTest, IsRestrictedUrl) { |
+ scoped_refptr<const Extension> extension = |
+ GetExtensionWithHostPermission("normal_extension", |
+ kAllHostsPermission, |
+ Manifest::INTERNAL); |
+ // Chrome urls should be blocked for normal extensions. |
+ CheckRestrictedUrls(extension, true); |
+ |
+ scoped_refptr<const Extension> component = |
+ GetExtensionWithHostPermission("component", |
+ kAllHostsPermission, |
+ Manifest::COMPONENT); |
+ // Chrome urls should be accessible by component extensions. |
+ CheckRestrictedUrls(component, false); |
+ |
+ base::CommandLine::ForCurrentProcess()->AppendSwitch( |
+ switches::kExtensionsOnChromeURLs); |
+ // Enabling the switch should allow all extensions to access chrome urls. |
+ CheckRestrictedUrls(extension, false); |
+ |
+} |
+ |
TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) { |
scoped_refptr<Extension> extension; |
extension = LoadManifest("permissions", "many-apis.json"); |
@@ -553,8 +640,8 @@ |
EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path)); |
EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url)); |
EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url)); |
- EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url)); |
- EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url)); |
+ EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url)); |
+ EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url)); |
const PermissionsData* permissions_data = extension->permissions_data(); |
EXPECT_FALSE(permissions_data->HasHostPermission(settings_url)); |