Attempt2: Component extensions (and whitelisted extensions) specifying <all_urls> in their Extension match pattern should be allowed to run content scripts everywhere (including chrome://, chrome-extension://, about: and gallery pages.

The intent was to also allow these extensions to specify more granular permissions, such as about:version instead of <all_urls>, but that didn't make the cut this time. This CL also enables <all_urls> for host permissions for regular extensions, which was disabled before. Note: That still doesn't give them permission to script the gallery and chrome:// pages, etc. BUG=36275 TEST=Working on it right now. Review URL: http://codereview.chromium.org/3585009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61359 0039d316-1c4b-4281-b951-d872f2087c98
author: finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-04 12:53:17 +0000
committer: finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-10-04 12:53:17 +0000
commit: be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f (patch)
tree: ae3c5e3d628aa736e9aa0c439afb376f6b5ee74b /chrome/browser/extensions
parent: f5e3d9ec8c0bfdf82d290ad242269ebf250dd5dc (diff)
download: chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.zip
chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.tar.gz
chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.tar.bz2
5 files changed, 22 insertions, 39 deletions
diff --git a/chrome/browser/extensions/execute_code_in_tab_function.cc b/chrome/browser/extensions/execute_code_in_tab_function.cc
index 52f519d..b7bf999 100644
--- a/chrome/browser/extensions/execute_code_in_tab_function.cc
+++ b/chrome/browser/extensions/execute_code_in_tab_function.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -78,9 +78,17 @@ bool ExecuteCodeInTabFunction::RunImpl() {
 
   // NOTE: This can give the wrong answer due to race conditions, but it is OK,
   // we check again in the renderer.
-  if (!profile()->GetExtensionsService()->CanExecuteScriptOnHost(
-          GetExtension(), contents->GetURL(), &error_))
+  Extension* extension = GetExtension();
+  const std::vector<URLPattern> host_permissions =
+      extension->host_permissions();
+  if (!Extension::CanExecuteScriptOnPage(
+        contents->GetURL(),
+        extension->CanExecuteScriptEverywhere(),
+        &host_permissions,
+        NULL,
+        &error_)) {
     return false;
+  }
 
   if (script_info->HasKey(keys::kAllFramesKey)) {
     if (!script_info->GetBoolean(keys::kAllFramesKey, &all_frames_))
@@ -164,8 +172,7 @@ bool ExecuteCodeInTabFunction::Execute(const std::string& code_string) {
     DCHECK(false);
   }
   if (!contents->ExecuteCode(request_id(), extension->id(),
-                             extension->host_permissions(), is_js_code,
-                             code_string, all_frames_)) {
+                             is_js_code, code_string, all_frames_)) {
     SendResponse(false);
     return false;
   }
diff --git a/chrome/browser/extensions/extension_browsertests_misc.cc b/chrome/browser/extensions/extension_browsertests_misc.cc
index 012420a..8338a52 100644
--- a/chrome/browser/extensions/extension_browsertests_misc.cc
+++ b/chrome/browser/extensions/extension_browsertests_misc.cc
@@ -799,7 +799,6 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, DISABLED_OptionsPage) {
 
 // Test window.chrome.app.isInstalled .
 IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, PropertyAppIsInstalled) {
-
   std::string app_host("app.com");
   std::string nonapp_host("nonapp.com");
 
diff --git a/chrome/browser/extensions/extension_tabs_module.cc b/chrome/browser/extensions/extension_tabs_module.cc
index 016c3ec..60160c2 100644
--- a/chrome/browser/extensions/extension_tabs_module.cc
+++ b/chrome/browser/extensions/extension_tabs_module.cc
@@ -661,9 +661,17 @@ bool UpdateTabFunction::RunImpl() {
     // JavaScript URLs can do the same kinds of things as cross-origin XHR, so
     // we need to check host permissions before allowing them.
     if (url.SchemeIs(chrome::kJavaScriptScheme)) {
-      if (!profile()->GetExtensionsService()->CanExecuteScriptOnHost(
-          GetExtension(), contents->GetURL(), &error_))
+      Extension* extension = GetExtension();
+      const std::vector<URLPattern> host_permissions =
+          extension->host_permissions();
+      if (!Extension::CanExecuteScriptOnPage(
+              contents->GetURL(),
+              extension->CanExecuteScriptEverywhere(),
+              &host_permissions,
+              NULL,
+              &error_)) {
         return false;
+      }
 
       // TODO(aa): How does controller queue URLs? Is there any chance that this
       // JavaScript URL will end up applying to something other than
diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc
index bffb732..ea47716 100644
--- a/chrome/browser/extensions/extensions_service.cc
+++ b/chrome/browser/extensions/extensions_service.cc
@@ -1259,30 +1259,6 @@ void ExtensionsService::SetAllowFileAccess(Extension* extension, bool allow) {
       Details<Extension>(extension));
 }
 
-bool ExtensionsService::CanExecuteScriptOnHost(Extension* extension,
-                                               const GURL& url,
-                                               std::string* error) const {
-  // No extensions are allowed to execute script on the gallery because that
-  // would allow extensions to manipulate their own install pages.
-  if (url.host() == GURL(Extension::ChromeStoreURL()).host()
-      && !CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kAllowScriptingGallery)) {
-    if (error)
-      *error = errors::kCannotScriptGallery;
-    return false;
-  }
-
-  if (extension->HasHostPermission(url))
-      return true;
-
-  if (error) {
-    *error = ExtensionErrorUtils::FormatErrorMessage(errors::kCannotAccessPage,
-                                                     url.spec());
-  }
-
-  return false;
-}
-
 void ExtensionsService::CheckForExternalUpdates() {
   // This installs or updates externally provided extensions.
   // TODO(aa): Why pass this list into the provider, why not just filter it
diff --git a/chrome/browser/extensions/extensions_service.h b/chrome/browser/extensions/extensions_service.h
index 18ef1f3..1cf9fd4 100644
--- a/chrome/browser/extensions/extensions_service.h
+++ b/chrome/browser/extensions/extensions_service.h
@@ -178,13 +178,6 @@ class ExtensionsService
   bool AllowFileAccess(const Extension* extension);
   void SetAllowFileAccess(Extension* extension, bool allow);
 
-  // Returns true if the extension has permission to execute script on a
-  // particular host.
-  // TODO(aa): Also use this in the renderer, for normal content script
-  // injection. Currently, that has its own copy of this code.
-  bool CanExecuteScriptOnHost(Extension* extension,
-                              const GURL& url, std::string* error) const;
-
   const FilePath& install_directory() const { return install_directory_; }
 
   // Initialize and start all installed extensions.
author	finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-04 12:53:17 +0000
committer	finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-10-04 12:53:17 +0000
commit	be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f (patch)
tree	ae3c5e3d628aa736e9aa0c439afb376f6b5ee74b /chrome/browser/extensions
parent	f5e3d9ec8c0bfdf82d290ad242269ebf250dd5dc (diff)
download	chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.zip chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.tar.gz chromium_src-be7e5cb8d07fcae04a4ee8cfbab214a1f297a78f.tar.bz2