chrome/browser/chrome_content_browser_client.cc - Issue 9837074: Make it so that allow_js_access: false can be used with background pages created by window.open.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/chrome_content_browser_client.cc

Issue 9837074: Make it so that allow_js_access: false can be used with background pages created by window.open. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix indentation. Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/chrome_content_browser_client.cc

diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc

index 60b44a392013111b8d52e68bcc11b9c6eddd7206..10914582abf1eea4e8e5fd9f58350878d312f8d3 100644

--- a/chrome/browser/chrome_content_browser_client.cc

+++ b/chrome/browser/chrome_content_browser_client.cc

@@ -1269,29 +1269,35 @@ bool ChromeContentBrowserClient::CanCreateWindow(

const GURL& source_origin,

WindowContainerType container_type,

content::ResourceContext* context,

- int render_process_id) {

+ int render_process_id,

+ bool* no_javascript_access) {

DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

+ *no_javascript_access = false;

// If the opener is trying to create a background window but doesn't have

// the appropriate permission, fail the attempt.

if (container_type == WINDOW_CONTAINER_TYPE_BACKGROUND) {

ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);

ExtensionInfoMap* map = io_data->GetExtensionInfoMap();

- // If the opener is not allowed to script its background window, then return

- // false so that the window.open call returns null. In this case, only

- // the manifest is permitted to create a background window.

+ if (!map->SecurityOriginHasAPIPermission(

+ source_origin,

+ render_process_id,

+ ExtensionAPIPermission::kBackground)) {

+ return false;

+ }

// Note: this use of GetExtensionOrAppByURL is safe but imperfect. It may

// return a recently installed Extension even if this CanCreateWindow call

// was made by an old copy of the page in a normal web process. That's ok,

- // because the permission check below will still fail. We must use the

- // full URL to find hosted apps, though, and not just the origin.

+ // because the permission check above would have caused an early return

+ // already. We must use the full URL to find hosted apps, though, and not

+ // just the origin.

const Extension* extension = map->extensions().GetExtensionOrAppByURL(

ExtensionURLInfo(opener_url));

if (extension && !extension->allow_background_js_access())

- return false;

- return map->SecurityOriginHasAPIPermission(

- source_origin, render_process_id, ExtensionAPIPermission::kBackground);

+ *no_javascript_access = true;

}

return true;

}

« no previous file with comments | « chrome/browser/chrome_content_browser_client.h ('k') | chrome/browser/extensions/app_background_page_apitest.cc » ('j') | no next file with comments »