Chromium Code Reviews Chromium Code Reviews
Issue 913393003:
Restrict extensionview to chrome-extension:// (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/guest_view/extension_view/extension_view_guest.h" | 5 #include "extensions/browser/guest_view/extension_view/extension_view_guest.h" |
| 6 | 6 |
| 7 #include "base/metrics/user_metrics.h" | 7 #include "base/metrics/user_metrics.h" |
| 8 #include "components/crx_file/id_util.h" | |
| 8 #include "content/public/browser/render_process_host.h" | 9 #include "content/public/browser/render_process_host.h" |
| 9 #include "content/public/common/result_codes.h" | 10 #include "content/public/common/result_codes.h" |
| 10 #include "extensions/browser/api/extensions_api_client.h" | 11 #include "extensions/browser/api/extensions_api_client.h" |
| 11 #include "extensions/browser/guest_view/extension_view/extension_view_constants. h" | 12 #include "extensions/browser/guest_view/extension_view/extension_view_constants. h" |
| 12 #include "extensions/common/constants.h" | 13 #include "extensions/common/constants.h" |
| 13 #include "extensions/common/extension_messages.h" | 14 #include "extensions/common/extension_messages.h" |
| 14 #include "extensions/strings/grit/extensions_strings.h" | 15 #include "extensions/strings/grit/extensions_strings.h" |
| 15 | 16 |
| 16 using content::WebContents; | 17 using content::WebContents; |
| 17 using namespace extensions::core_api; | 18 using namespace extensions::core_api; |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 33 } | 34 } |
| 34 | 35 |
| 35 // static | 36 // static |
| 36 extensions::GuestViewBase* ExtensionViewGuest::Create( | 37 extensions::GuestViewBase* ExtensionViewGuest::Create( |
| 37 content::WebContents* owner_web_contents) { | 38 content::WebContents* owner_web_contents) { |
| 38 return new ExtensionViewGuest(owner_web_contents); | 39 return new ExtensionViewGuest(owner_web_contents); |
| 39 } | 40 } |
| 40 | 41 |
| 41 void ExtensionViewGuest::NavigateGuest(const std::string& src, | 42 void ExtensionViewGuest::NavigateGuest(const std::string& src, |
| 42 bool force_navigation) { | 43 bool force_navigation) { |
| 43 if (src.empty()) | 44 GURL url = extension_url_.Resolve(src); |
| 45 | |
| 46 // If the URL is not valid, about:blank, or the same origin as the extension, | |
| 47 // then navigate to about:blank. | |
| 48 bool url_not_allowed = (url != GURL(url::kAboutBlankURL)) && | |
| 49 (url.GetOrigin() != extension_url_.GetOrigin()); | |
| 50 if (!url.is_valid() || url_not_allowed) { | |
| 51 NavigateGuest(url::kAboutBlankURL, true /* force_navigation */); | |
| 44 return; | 52 return; |
| 53 } | |
| 45 | 54 |
| 46 GURL url(src); | 55 if (!force_navigation && (view_page_ == url)) |
| 47 if (!url.is_valid() && !force_navigation && (url == view_page_)) | |
| 48 return; | 56 return; |
| 49 | 57 |
| 50 web_contents()->GetRenderProcessHost()->FilterURL(false, &url); | 58 web_contents()->GetRenderProcessHost()->FilterURL(false, &url); |
| 51 web_contents()->GetController().LoadURL(url, content::Referrer(), | 59 web_contents()->GetController().LoadURL(url, content::Referrer(), |
| 52 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, | 60 ui::PAGE_TRANSITION_AUTO_TOPLEVEL, |
| 53 std::string()); | 61 std::string()); |
| 54 | 62 |
| 55 view_page_ = url; | 63 view_page_ = url; |
| 56 } | 64 } |
| 57 | 65 |
| 58 // GuestViewBase implementation. | 66 // GuestViewBase implementation. |
| 59 bool ExtensionViewGuest::CanRunInDetachedState() const { | 67 bool ExtensionViewGuest::CanRunInDetachedState() const { |
| 60 return true; | 68 return true; |
| 61 } | 69 } |
| 62 | 70 |
| 63 void ExtensionViewGuest::CreateWebContents( | 71 void ExtensionViewGuest::CreateWebContents( |
| 64 const base::DictionaryValue& create_params, | 72 const base::DictionaryValue& create_params, |
| 65 const WebContentsCreatedCallback& callback) { | 73 const WebContentsCreatedCallback& callback) { |
| 66 std::string str; | 74 // Gets the extension ID. |
| 67 if (!create_params.GetString(extensionview::kAttributeSrc, &str)) { | 75 create_params.GetString(extensionview::kAttributeExtension, &extension_id_); |
|
Fady Samuel
2015/02/18 00:40:58
I don't see any point in storing the extension_id_
apacible
2015/02/18 00:56:15
Done.
| |
| 76 | |
| 77 if (!crx_file::id_util::IdIsValid(extension_id_)) { | |
| 68 callback.Run(nullptr); | 78 callback.Run(nullptr); |
| 69 return; | 79 return; |
| 70 } | 80 } |
| 71 | 81 |
| 72 GURL source(str); | 82 // Gets the extension URL. |
| 73 if (!source.is_valid()) { | 83 extension_url_ = |
| 84 extensions::Extension::GetBaseURLFromExtensionId(extension_id_); | |
| 85 | |
| 86 if (!extension_url_.is_valid()) { | |
| 74 callback.Run(nullptr); | 87 callback.Run(nullptr); |
| 75 return; | 88 return; |
| 76 } | 89 } |
| 77 | 90 |
| 78 content::SiteInstance* view_site_instance = | 91 content::SiteInstance* view_site_instance = |
| 79 content::SiteInstance::CreateForURL(browser_context(), source); | 92 content::SiteInstance::CreateForURL(browser_context(), |
| 93 extension_url_); | |
| 80 | 94 |
| 81 WebContents::CreateParams params(browser_context(), view_site_instance); | 95 WebContents::CreateParams params(browser_context(), view_site_instance); |
| 82 params.guest_delegate = this; | 96 params.guest_delegate = this; |
| 83 callback.Run(WebContents::Create(params)); | 97 callback.Run(WebContents::Create(params)); |
| 84 } | 98 } |
| 85 | 99 |
| 86 void ExtensionViewGuest::DidInitialize( | 100 void ExtensionViewGuest::DidInitialize( |
| 87 const base::DictionaryValue& create_params) { | 101 const base::DictionaryValue& create_params) { |
| 88 extension_function_dispatcher_.reset( | 102 extension_function_dispatcher_.reset( |
| 89 new extensions::ExtensionFunctionDispatcher(browser_context(), this)); | 103 new extensions::ExtensionFunctionDispatcher(browser_context(), this)); |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 100 | 114 |
| 101 const char* ExtensionViewGuest::GetAPINamespace() const { | 115 const char* ExtensionViewGuest::GetAPINamespace() const { |
| 102 return extensionview::kAPINamespace; | 116 return extensionview::kAPINamespace; |
| 103 } | 117 } |
| 104 | 118 |
| 105 int ExtensionViewGuest::GetTaskPrefix() const { | 119 int ExtensionViewGuest::GetTaskPrefix() const { |
| 106 return IDS_EXTENSION_TASK_MANAGER_EXTENSIONVIEW_TAG_PREFIX; | 120 return IDS_EXTENSION_TASK_MANAGER_EXTENSIONVIEW_TAG_PREFIX; |
| 107 } | 121 } |
| 108 | 122 |
| 109 // content::WebContentsObserver implementation. | 123 // content::WebContentsObserver implementation. |
| 124 void ExtensionViewGuest::DidCommitProvisionalLoadForFrame( | |
| 125 content::RenderFrameHost* render_frame_host, | |
| 126 const GURL& url, | |
| 127 ui::PageTransition transition_type) { | |
| 128 if (!render_frame_host->GetParent()) | |
| 129 view_page_ = url; | |
| 130 | |
| 131 scoped_ptr<base::DictionaryValue> args(new base::DictionaryValue()); | |
| 132 args->SetString(guestview::kUrl, url.spec()); | |
| 133 DispatchEventToView( | |
| 134 new GuestViewBase::Event(extensionview::kEventLoadCommit, args.Pass())); | |
| 135 } | |
| 136 | |
| 137 void ExtensionViewGuest::DidNavigateMainFrame( | |
| 138 const content::LoadCommittedDetails& details, | |
| 139 const content::FrameNavigateParams& params) { | |
| 140 if (attached() && (params.url.GetOrigin() != view_page_.GetOrigin())) { | |
| 141 base::RecordAction(base::UserMetricsAction("BadMessageTerminate_EVG")); | |
| 142 web_contents()->GetRenderProcessHost()->Shutdown( | |
| 143 content::RESULT_CODE_KILLED_BAD_MESSAGE, false /* wait */); | |
| 144 } | |
| 145 } | |
| 146 | |
| 110 bool ExtensionViewGuest::OnMessageReceived(const IPC::Message& message) { | 147 bool ExtensionViewGuest::OnMessageReceived(const IPC::Message& message) { |
| 111 bool handled = true; | 148 bool handled = true; |
| 112 IPC_BEGIN_MESSAGE_MAP(ExtensionViewGuest, message) | 149 IPC_BEGIN_MESSAGE_MAP(ExtensionViewGuest, message) |
| 113 IPC_MESSAGE_HANDLER(ExtensionHostMsg_Request, OnRequest) | 150 IPC_MESSAGE_HANDLER(ExtensionHostMsg_Request, OnRequest) |
| 114 IPC_MESSAGE_UNHANDLED(handled = false) | 151 IPC_MESSAGE_UNHANDLED(handled = false) |
| 115 IPC_END_MESSAGE_MAP() | 152 IPC_END_MESSAGE_MAP() |
| 116 return handled; | 153 return handled; |
| 117 } | 154 } |
| 118 | 155 |
| 119 // Private | 156 // Private |
| 120 void ExtensionViewGuest::OnRequest( | 157 void ExtensionViewGuest::OnRequest( |
| 121 const ExtensionHostMsg_Request_Params& params) { | 158 const ExtensionHostMsg_Request_Params& params) { |
| 122 extension_function_dispatcher_->Dispatch(params, | 159 extension_function_dispatcher_->Dispatch(params, |
| 123 web_contents()->GetRenderViewHost()); | 160 web_contents()->GetRenderViewHost()); |
| 124 } | 161 } |
| 125 | 162 |
| 126 void ExtensionViewGuest::ApplyAttributes(const base::DictionaryValue& params) { | 163 void ExtensionViewGuest::ApplyAttributes(const base::DictionaryValue& params) { |
| 127 std::string src; | 164 std::string src; |
| 128 params.GetString(extensionview::kAttributeSrc, &src); | 165 params.GetString(extensionview::kAttributeSrc, &src); |
| 129 NavigateGuest(src, false /* force_navigation */); | 166 NavigateGuest(src, false /* force_navigation */); |
| 130 } | 167 } |
| 131 | 168 |
| 132 } // namespace extensions | 169 } // namespace extensions |
| OLD | NEW |
