Disallow WebSQL and localStorage in platform apps.

BUG=none
TEST=PlatformAppBrowserTest.DisallowStorage

Review URL: http://codereview.chromium.org/9192021

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119088 0039d316-1c4b-4281-b951-d872f2087c98

6 files changed, 62 insertions, 7 deletions

diff --git a/chrome/browser/extensions/extension_webkit_preferences.cc b/chrome/browser/extensions/extension_webkit_preferences.cc
index c72cc34..d20390c 100644
--- a/chrome/browser/extensions/extension_webkit_preferences.cc
+++ b/chrome/browser/extensions/extension_webkit_preferences.cc
@@ -12,7 +12,10 @@ namespace extension_webkit_preferences {
 void SetPreferences(const Extension* extension,
                     content::ViewType render_view_type,
                     WebPreferences* webkit_prefs) {
-  if (extension && !extension->is_hosted_app()) {
+  if (!extension)
+    return;
+
+  if (!extension->is_hosted_app()) {
     // Extensions are trusted so we override any user preferences for disabling
     // javascript or images.
     webkit_prefs->loads_images_automatically = true;
@@ -30,11 +33,15 @@ void SetPreferences(const Extension* extension,
       webkit_prefs->accelerated_2d_canvas_enabled = false;
     }
   }
-  if (extension) {
-    // Enable WebGL features that regular pages can't access, since they add
-    // more risk of fingerprinting.
-    webkit_prefs->privileged_webgl_extensions_enabled = true;
+
+  if (extension->is_platform_app()) {
+    webkit_prefs->databases_enabled = false;
+    webkit_prefs->local_storage_enabled = false;
   }
+
+  // Enable WebGL features that regular pages can't access, since they add
+  // more risk of fingerprinting.
+  webkit_prefs->privileged_webgl_extensions_enabled = true;
 }
 
 }  // extension_webkit_preferences
diff --git a/chrome/browser/extensions/platform_app_browsertest.cc b/chrome/browser/extensions/platform_app_browsertest.cc
index 8644eb2..abde2eed 100644
--- a/chrome/browser/extensions/platform_app_browsertest.cc
+++ b/chrome/browser/extensions/platform_app_browsertest.cc
@@ -210,3 +210,14 @@ IN_PROC_BROWSER_TEST_F(PlatformAppBrowserTest, MAYBE_DisallowNavigation) {
 IN_PROC_BROWSER_TEST_F(PlatformAppBrowserTest, MAYBE_DisallowModalDialogs) {
   ASSERT_TRUE(RunPlatformAppTest("platform_apps/modal_dialogs")) << message_;
 }
+
+// Tests that localStorage and WebSQL are disabled for platform apps.
+// Disabled until shell windows are implemented for non-GTK, non-Views toolkits.
+#if defined(TOOLKIT_GTK) || defined(TOOLKIT_VIEWS)
+#define MAYBE_DisallowStorage DisallowStorage
+#else
+#define MAYBE_DisallowStorage DISABLED_DisallowStorage
+#endif
+IN_PROC_BROWSER_TEST_F(PlatformAppBrowserTest, MAYBE_DisallowStorage) {
+  ASSERT_TRUE(RunPlatformAppTest("platform_apps/storage")) << message_;
+}
diff --git a/chrome/test/data/extensions/platform_apps/storage/main.html b/chrome/test/data/extensions/platform_apps/storage/main.html
new file mode 100644
index 0000000..5834483
--- /dev/null
+++ b/chrome/test/data/extensions/platform_apps/storage/main.html
@@ -0,0 +1,6 @@
+<!--
+ * Copyright (c) 2012 The Chromium Authors. All rights reserved.  Use of this
+ * source code is governed by a BSD-style license that can be found in the
+ * LICENSE file.
+-->
+<script src="main.js"></script>
diff --git a/chrome/test/data/extensions/platform_apps/storage/main.js b/chrome/test/data/extensions/platform_apps/storage/main.js
new file mode 100644
index 0000000..015517b
--- /dev/null
+++ b/chrome/test/data/extensions/platform_apps/storage/main.js
@@ -0,0 +1,20 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+chrome.test.runTests([
+  function testOpenDatabase() {
+    chrome.test.assertTrue(!window.openDatabase);
+    chrome.test.succeed();
+  },
+
+  function testOpenDatabaseSync() {
+    chrome.test.assertTrue(!window.openDatabaseSync);
+    chrome.test.succeed();
+  },
+
+  function testLocalStorage() {
+    chrome.test.assertTrue(!window.localStorage);
+    chrome.test.succeed();
+  }
+]);
diff --git a/chrome/test/data/extensions/platform_apps/storage/manifest.json b/chrome/test/data/extensions/platform_apps/storage/manifest.json
new file mode 100644
index 0000000..f38837a
--- /dev/null
+++ b/chrome/test/data/extensions/platform_apps/storage/manifest.json
@@ -0,0 +1,12 @@
+{
+  "name": "Platform App Test: loalStorage/WebSQL are disallowed",
+  "platform_app": true,
+  "version": "1",
+  "manifest_version": 2,
+  "app": {
+    "launch": {
+      "local_path": "main.html",
+      "container": "shell"
+    }
+  }
+}
diff --git a/webkit/glue/webpreferences.cc b/webkit/glue/webpreferences.cc
index 71808f4..8d807e2 100644
--- a/webkit/glue/webpreferences.cc
+++ b/webkit/glue/webpreferences.cc
@@ -207,8 +207,7 @@ void WebPreferences::Apply(WebView* web_view) const {
   settings->setXSSAuditorEnabled(xss_auditor_enabled);
   settings->setDNSPrefetchingEnabled(dns_prefetching_enabled);
   settings->setLocalStorageEnabled(local_storage_enabled);
-  WebRuntimeFeatures::enableDatabase(
-      WebRuntimeFeatures::isDatabaseEnabled() || databases_enabled);
+  WebRuntimeFeatures::enableDatabase(databases_enabled);
   settings->setOfflineWebApplicationCacheEnabled(application_cache_enabled);
   settings->setCaretBrowsingEnabled(caret_browsing_enabled);
   settings->setHyperlinkAuditingEnabled(hyperlink_auditing_enabled);