summaryrefslogtreecommitdiffstats
path: root/chrome/browser/tab_contents
diff options
context:
space:
mode:
authormpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-02 18:39:55 +0000
committermpcomplete@google.com <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-02 18:39:55 +0000
commit1adff06dc95bd50ac0d6973be2316a3b08f46090 (patch)
treee3f394d8b1d37799f2b339f61cb10b23a08840fc /chrome/browser/tab_contents
parent8616bbce6d475d10f4db846699dc19bc05f985fe (diff)
downloadchromium_src-1adff06dc95bd50ac0d6973be2316a3b08f46090.zip
chromium_src-1adff06dc95bd50ac0d6973be2316a3b08f46090.tar.gz
chromium_src-1adff06dc95bd50ac0d6973be2316a3b08f46090.tar.bz2
Add some browser-level checks to prohibit access to extension bindings by
non-extension renderers. Also add a check so that bindings are only exposed if the top-level frame is the chrome-extension scheme. BUG=11545 BUG=11993 TEST=none Review URL: http://codereview.chromium.org/119014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17408 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/tab_contents')
-rw-r--r--chrome/browser/tab_contents/tab_contents.cc4
1 files changed, 4 insertions, 0 deletions
diff --git a/chrome/browser/tab_contents/tab_contents.cc b/chrome/browser/tab_contents/tab_contents.cc
index e3a0bb6..a8a1247 100644
--- a/chrome/browser/tab_contents/tab_contents.cc
+++ b/chrome/browser/tab_contents/tab_contents.cc
@@ -2392,6 +2392,10 @@ bool TabContents::CreateRenderViewForRenderManager(
if (render_manager_.pending_dom_ui())
render_view_host->AllowDOMUIBindings();
+ // Ditto for extension bindings.
+ if (controller().pending_entry()->url().SchemeIs(chrome::kExtensionScheme))
+ render_view_host->AllowExtensionBindings();
+
RenderWidgetHostView* rwh_view = view_->CreateViewForWidget(render_view_host);
if (!render_view_host->CreateRenderView())
return false;
generated by cgit v1.1 at 2025-02-01 11:29:12 +0000