Add chrome-extension:// to the list of allowed urls for all internal/webui

Content Security Policy rules. This is necessary to allow a trusted accessibility component extension (ChromeVox) to inject script tags into webui pages. This will not hurt security because user_script_slave.cc already has a check to prevent arbitrary extensions from loading on these pages. Only component extensions will be allowed. BUG=89443 TEST=manual Review URL: http://codereview.chromium.org/7399002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92776 0039d316-1c4b-4281-b951-d872f2087c98
author: dmazzoni@chromium.org <dmazzoni@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-16 01:36:45 +0000
committer: dmazzoni@chromium.org <dmazzoni@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-16 01:36:45 +0000
commit: a5768f861ba75bb190073dfc9a4bf39fe78aadd0 (patch)
tree: fe6099c378dfb60617df3c3e316d52f77bf7f7fa /chrome/browser/browser_about_handler.cc
parent: 6de4ea211e300e137cfec2176a1a012e5ec27e3e (diff)
download: chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.zip
chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.tar.gz
chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/chrome/browser/browser_about_handler.cc b/chrome/browser/browser_about_handler.cc
index 005d0df..8a52552 100644
--- a/chrome/browser/browser_about_handler.cc
+++ b/chrome/browser/browser_about_handler.cc
@@ -410,7 +410,9 @@ void AppendHeader(std::string* output, int refresh,
   }
   output->append(
       "<meta charset=\"utf-8\">\n<meta http-equiv=\"X-WebKit-CSP\" "
-      "content=\"object-src 'none'; script-src 'self' 'unsafe-eval'\">\n");
+      "content=\"object-src 'none'; "
+      "script-src chrome-extension://mndnfokpggljbaajbnioimlmbfngpief "
+      " 'self' 'unsafe-eval'\">\n");
   if (refresh > 0) {
     output->append("<meta http-equiv=\"refresh\" content=\"");
     output->append(base::IntToString(refresh));
author	dmazzoni@chromium.org <dmazzoni@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-16 01:36:45 +0000
committer	dmazzoni@chromium.org <dmazzoni@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-16 01:36:45 +0000
commit	a5768f861ba75bb190073dfc9a4bf39fe78aadd0 (patch)
tree	fe6099c378dfb60617df3c3e316d52f77bf7f7fa /chrome/browser/browser_about_handler.cc
parent	6de4ea211e300e137cfec2176a1a012e5ec27e3e (diff)
download	chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.zip chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.tar.gz chromium_src-a5768f861ba75bb190073dfc9a4bf39fe78aadd0.tar.bz2