Disallow chrome.tabs.executeScript from injecting code into gallery

BUG=30146 TEST=browertest is pending: http://codereview.chromium.org/506066 Review URL: http://codereview.chromium.org/501098 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35200 0039d316-1c4b-4281-b951-d872f2087c98
author: rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-23 02:15:11 +0000
committer: rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-12-23 02:15:11 +0000
commit: 6794ec581c6a33e1f600d3eae65c276bd7d1a0ed (patch)
tree: 5e94eb0dcf5c05ef9ed2bdf1f92f7964ae57e4a6
parent: 589c93ffd0947d459f41d9ea68a6ec331678e891 (diff)
download: chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.zip
chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.tar.gz
chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.tar.bz2
4 files changed, 22 insertions, 0 deletions
diff --git a/chrome/browser/extensions/execute_code_in_tab_function.cc b/chrome/browser/extensions/execute_code_in_tab_function.cc
index 5dc6690..3d15458 100644
--- a/chrome/browser/extensions/execute_code_in_tab_function.cc
+++ b/chrome/browser/extensions/execute_code_in_tab_function.cc
@@ -11,6 +11,7 @@
 #include "chrome/browser/extensions/file_reader.h"
 #include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/common/extensions/extension.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/extensions/extension_error_utils.h"
 
 namespace keys = extension_tabs_module_constants;
@@ -68,6 +69,16 @@ bool ExecuteCodeInTabFunction::RunImpl() {
   DCHECK(browser);
   DCHECK(contents);
 
+  // Disallow executeScript when the target contents is a gallery page.
+  // This mirrors a check in UserScriptSlave::InjectScripts
+  // NOTE: This can give the wrong answer due to race conditions, but it is OK,
+  // we check again in the renderer.
+  if (contents->GetURL().host() ==
+      GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+    error_ = keys::kCannotScriptGalleryError;
+    return false;
+  }
+
   // NOTE: This can give the wrong answer due to race conditions, but it is OK,
   // we check again in the renderer.
   if (!GetExtension()->CanAccessHost(contents->GetURL())) {
diff --git a/chrome/browser/extensions/extension_tabs_module_constants.cc b/chrome/browser/extensions/extension_tabs_module_constants.cc
index a3fc48d..0d21460 100644
--- a/chrome/browser/extensions/extension_tabs_module_constants.cc
+++ b/chrome/browser/extensions/extension_tabs_module_constants.cc
@@ -44,6 +44,8 @@ const char kInternalVisibleTabCaptureError[] =
 const char kNotImplementedError[] = "This call is not yet implemented";
 const char kCannotAccessPageError[] = "Cannot access contents of url \"*\". "
     "Extension manifest must request permission to access this host.";
+const char kCannotScriptGalleryError[] = "The extensions gallery cannot be "
+    "scripted.";
 const char kSupportedInWindowsOnlyError[] = "Supported in Windows only";
 
 const char kNoCodeOrFileToExecuteError[] = "No source code or file specified.";
diff --git a/chrome/browser/extensions/extension_tabs_module_constants.h b/chrome/browser/extensions/extension_tabs_module_constants.h
index 6e0967d..a8bf1ac 100644
--- a/chrome/browser/extensions/extension_tabs_module_constants.h
+++ b/chrome/browser/extensions/extension_tabs_module_constants.h
@@ -48,6 +48,7 @@ extern const char kInvalidUrlError[];
 extern const char kInternalVisibleTabCaptureError[];
 extern const char kNotImplementedError[];
 extern const char kCannotAccessPageError[];
+extern const char kCannotScriptGalleryError[];
 extern const char kSupportedInWindowsOnlyError[];
 
 extern const char kNoCodeOrFileToExecuteError[];
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index 6313755..eda13e57 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -26,6 +26,7 @@
 #include "chrome/common/child_process_logging.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_constants.h"
+#include "chrome/common/extensions/extension_constants.h"
 #include "chrome/common/jstemplate_builder.h"
 #include "chrome/common/page_zoom.h"
 #include "chrome/common/plugin_messages.h"
@@ -3841,6 +3842,13 @@ void RenderView::OnExecuteCode(const ViewMsg_ExecuteCode_Params& params) {
 
 void RenderView::ExecuteCodeImpl(WebFrame* frame,
                                  const ViewMsg_ExecuteCode_Params& params) {
+  // Don't execute scripts in gallery pages.
+  GURL frame_url = GURL(frame->url());
+  if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host()) {
+    Send(new ViewMsg_ExecuteCodeFinished(routing_id_, request_id, true));
+    return;
+  }
+
   std::vector<WebFrame*> frame_vector;
   frame_vector.push_back(frame);
   if (params.all_frames)
author	rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-23 02:15:11 +0000
committer	rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-12-23 02:15:11 +0000
commit	6794ec581c6a33e1f600d3eae65c276bd7d1a0ed (patch)
tree	5e94eb0dcf5c05ef9ed2bdf1f92f7964ae57e4a6
parent	589c93ffd0947d459f41d9ea68a6ec331678e891 (diff)
download	chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.zip chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.tar.gz chromium_src-6794ec581c6a33e1f600d3eae65c276bd7d1a0ed.tar.bz2