diff options
| author | atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-01 18:46:38 +0000 |
|---|---|---|
| committer | atwilson@chromium.org <atwilson@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-02-01 18:46:38 +0000 |
| commit | b3b935a34147be614de2a692418b935ea6d7848c (patch) | |
| tree | 22ae0a77ad3c1c7626b9365f15c81963f1161b17 /chrome/browser | |
| parent | f2039694df980c55b8dd2084e94d94a2e8bb4f32 (diff) | |
| download | chromium_src-b3b935a34147be614de2a692418b935ea6d7848c.zip chromium_src-b3b935a34147be614de2a692418b935ea6d7848c.tar.gz chromium_src-b3b935a34147be614de2a692418b935ea6d7848c.tar.bz2 | |
Don't create bg pages if the opener doesn't have a background permission.
Now window.open() returns undefined if the caller is trying to open a background
window but does not have the proper permission.
BUG=47119
TEST=verify that window.open(url, "name", "background") returns undefined
Review URL: http://codereview.chromium.org/6250038
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73313 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
| -rw-r--r-- | chrome/browser/renderer_host/render_message_filter.cc | 12 | ||||
| -rw-r--r-- | chrome/browser/tab_contents/render_view_host_delegate_helper.cc | 12 |
2 files changed, 17 insertions, 7 deletions
diff --git a/chrome/browser/renderer_host/render_message_filter.cc b/chrome/browser/renderer_host/render_message_filter.cc index c0a4e43..b5ed28f 100644 --- a/chrome/browser/renderer_host/render_message_filter.cc +++ b/chrome/browser/renderer_host/render_message_filter.cc @@ -443,6 +443,18 @@ void RenderMessageFilter::OnReceiveContextMenuMsg(const IPC::Message& msg) { void RenderMessageFilter::OnMsgCreateWindow( const ViewHostMsg_CreateWindow_Params& params, int* route_id, int64* cloned_session_storage_namespace_id) { + // If the opener is trying to create a background window but doesn't have + // the appropriate permission, fail the attempt. + if (params.window_container_type == WINDOW_CONTAINER_TYPE_BACKGROUND) { + ChromeURLRequestContext* context = + GetRequestContextForURL(params.opener_url); + if (!context->extension_info_map()->CheckURLAccessToExtensionPermission( + params.opener_url, Extension::kBackgroundPermission)) { + *route_id = MSG_ROUTING_NONE; + return; + } + } + *cloned_session_storage_namespace_id = webkit_context_->dom_storage_context()->CloneSessionStorage( params.session_storage_namespace_id); diff --git a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc index 67b17e5..848fb70 100644 --- a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc +++ b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc @@ -46,15 +46,13 @@ RenderViewHostDelegateViewHelper::MaybeCreateBackgroundContents( !extensions_service->is_ready()) return NULL; + // Only hosted apps have web extents, so this ensures that only hosted apps + // can create BackgroundContents. We don't have to check for background + // permission as that is checked in RenderMessageFilter when the CreateWindow + // message is processed. const Extension* extension = - extensions_service->GetExtensionByURL(opener_url); + extensions_service->GetExtensionByWebExtent(opener_url); if (!extension) - extension = extensions_service->GetExtensionByWebExtent(opener_url); - // Only hosted apps with background permission are allowed to create a - // BackgroundContents. - if (!extension || - !extension->HasApiPermission(Extension::kBackgroundPermission) || - extension->GetType() != Extension::TYPE_HOSTED_APP) return NULL; // Only allow a single background contents per app. |