Merge 82297 - Make sure that extensions can launch web urls with web safe schemes only.

Reviewed in http://codereview.chromium.org/6879047.

BUG=79862
TEST=ExtensionManifestTest.AppLaunchURL
Review URL: http://codereview.chromium.org/6879077
Review URL: http://codereview.chromium.org/6990039

git-svn-id: svn://svn.chromium.org/chrome/branches/742/src@86313 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 27 insertions, 3 deletions

diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index 21dd73c..e7b391a 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -1278,8 +1278,10 @@ bool Extension::LoadLaunchURL(const DictionaryValue* manifest,
       return false;
     }
 
-    // Ensure the launch URL is a valid absolute URL.
-    if (!GURL(launch_url).is_valid()) {
+    // Ensure the launch URL is a valid absolute URL and web extent scheme.
+    GURL url(launch_url);
+    URLPattern pattern(kValidWebExtentSchemes);
+    if (!url.is_valid() || !pattern.SetScheme(url.scheme())) {
       *error = errors::kInvalidLaunchWebURL;
       return false;
     }
diff --git a/chrome/common/extensions/extension_manifests_unittest.cc b/chrome/common/extensions/extension_manifests_unittest.cc
index f304619..641cd66 100644
--- a/chrome/common/extensions/extension_manifests_unittest.cc
+++ b/chrome/common/extensions/extension_manifests_unittest.cc
@@ -256,7 +256,11 @@ TEST_F(ExtensionManifestTest, AppLaunchURL) {
                      errors::kInvalidLaunchLocalPath);
   LoadAndExpectError("launch_path_invalid_value.json",
                      errors::kInvalidLaunchLocalPath);
-  LoadAndExpectError("launch_url_invalid_type.json",
+  LoadAndExpectError("launch_url_invalid_type_1.json",
+                     errors::kInvalidLaunchWebURL);
+  LoadAndExpectError("launch_url_invalid_type_2.json",
+                     errors::kInvalidLaunchWebURL);
+  LoadAndExpectError("launch_url_invalid_type_3.json",
                      errors::kInvalidLaunchWebURL);
 
   scoped_refptr<Extension> extension;
diff --git a/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type.json b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_1.json
index 17a7d88..17a7d88 100644
--- a/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type.json
+++ b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_1.json
diff --git a/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json
new file mode 100644
index 0000000..e6b9a99
--- /dev/null
+++ b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_2.json
@@ -0,0 +1,9 @@
+{
+  "name": "test",
+  "version": "1",
+  "app": {
+    "launch": {
+      "web_url": "chrome://history/"
+    }
+  }
+}
diff --git a/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json
new file mode 100644
index 0000000..ce69fb0
--- /dev/null
+++ b/chrome/test/data/extensions/manifest_tests/launch_url_invalid_type_3.json
@@ -0,0 +1,9 @@
+{
+  "name": "test",
+  "version": "1",
+  "app": {
+    "launch": {
+      "web_url": "javascript:alert(1)"
+    }
+  }
+}