Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5506)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/content_settings_observer.cc

Issue 498513002: Respect the clipboardRead and clipboardWrite permissions in content scripts. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address more comments Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/renderer/content_settings_observer.h ('k') | chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/content_settings_observer.cc
diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 57de0757f4b3e8869a2f264e1855cbefe7a370b1..8c9d8c6102d9cbbc9367b608de6a5905b3169ac2 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -26,6 +26,8 @@
#include "chrome/common/extensions/chrome_extension_messages.h"
#include "extensions/common/constants.h"
#include "extensions/common/extension.h"
+#include "extensions/common/permissions/api_permission.h"
+#include "extensions/common/permissions/permissions_data.h"
#include "extensions/renderer/dispatcher.h"
#endif
@@ -410,10 +412,15 @@ bool ContentSettingsObserver::allowStorage(bool local) {
bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) {
bool allowed = false;
#if defined(ENABLE_EXTENSIONS)
- WebFrame* frame = render_frame()->GetWebFrame();
- // TODO(dcheng): Should we consider a toURL() method on WebSecurityOrigin?
- Send(new ChromeViewHostMsg_CanTriggerClipboardRead(
- GURL(frame->document().securityOrigin().toString()), &allowed));
+ extensions::ScriptContext* calling_context =
+ extension_dispatcher_->script_context_set().GetCalling();
+ if (calling_context) {
+ const extensions::Extension* extension =
+ calling_context->effective_extension();
+ allowed = extension &&
+ extension->permissions_data()->HasAPIPermission(
+ extensions::APIPermission::kClipboardRead);
+ }
#endif
return allowed;
}
@@ -421,9 +428,22 @@ bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) {
bool ContentSettingsObserver::allowWriteToClipboard(bool default_value) {
bool allowed = false;
#if defined(ENABLE_EXTENSIONS)
- WebFrame* frame = render_frame()->GetWebFrame();
- Send(new ChromeViewHostMsg_CanTriggerClipboardWrite(
- GURL(frame->document().securityOrigin().toString()), &allowed));
+ // All blessed extension pages could historically write to the clipboard, so
+ // preserve that for compatibility.
+ extensions::ScriptContext* calling_context =
+ extension_dispatcher_->script_context_set().GetCalling();
+ if (calling_context) {
+ if (calling_context->effective_context_type() ==
+ extensions::Feature::BLESSED_EXTENSION_CONTEXT) {
+ allowed = true;
+ } else {
+ const extensions::Extension* extension =
+ calling_context->effective_extension();
+ allowed = extension &&
+ extension->permissions_data()->HasAPIPermission(
+ extensions::APIPermission::kClipboardWrite);
+ }
+ }
#endif
return allowed;
}
« no previous file with comments | « chrome/renderer/content_settings_observer.h ('k') | chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698