diff options
| author | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-24 00:24:54 +0000 |
|---|---|---|
| committer | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-24 00:24:54 +0000 |
| commit | 8b4e3d7d9143ef5f4b6d0841788563891a2e997f (patch) | |
| tree | c0e5bef3625ff0f891f2763d166915bba9839683 /chrome/browser | |
| parent | 4865b1e6ecf947d72fa549a694d24876a79924f9 (diff) | |
| download | chromium_src-8b4e3d7d9143ef5f4b6d0841788563891a2e997f.zip chromium_src-8b4e3d7d9143ef5f4b6d0841788563891a2e997f.tar.gz chromium_src-8b4e3d7d9143ef5f4b6d0841788563891a2e997f.tar.bz2 | |
Merge 35202 - (fix merge error).
Reland Disallow chrome.tabs.executeScript from injecting code into gallery
TBR=aa
BUG=30146
TEST=browertest is pending: http://codereview.chromium.org/506066
Original review: http://codereview.chromium.org/501098/
Review URL: http://codereview.chromium.org/518005
TBR=rafaelw@chromium.org
Review URL: http://codereview.chromium.org/515025
git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@35247 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
3 files changed, 14 insertions, 0 deletions
diff --git a/chrome/browser/extensions/execute_code_in_tab_function.cc b/chrome/browser/extensions/execute_code_in_tab_function.cc index 602766b..4417df5 100644 --- a/chrome/browser/extensions/execute_code_in_tab_function.cc +++ b/chrome/browser/extensions/execute_code_in_tab_function.cc @@ -11,6 +11,7 @@ #include "chrome/browser/extensions/file_reader.h" #include "chrome/browser/tab_contents/tab_contents.h" #include "chrome/common/extensions/extension.h" +#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/extensions/extension_error_utils.h" namespace keys = extension_tabs_module_constants; @@ -68,6 +69,16 @@ bool ExecuteCodeInTabFunction::RunImpl() { DCHECK(browser); DCHECK(contents); + // Disallow executeScript when the target contents is a gallery page. + // This mirrors a check in UserScriptSlave::InjectScripts + // NOTE: This can give the wrong answer due to race conditions, but it is OK, + // we check again in the renderer. + if (contents->GetURL().host() == + GURL(extension_urls::kGalleryBrowsePrefix).host()) { + error_ = keys::kCannotScriptGalleryError; + return false; + } + // NOTE: This can give the wrong answer due to race conditions, but it is OK, // we check again in the renderer. if (!GetExtension()->CanAccessHost(contents->GetURL())) { diff --git a/chrome/browser/extensions/extension_tabs_module_constants.cc b/chrome/browser/extensions/extension_tabs_module_constants.cc index a3fc48d..0d21460 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.cc +++ b/chrome/browser/extensions/extension_tabs_module_constants.cc @@ -44,6 +44,8 @@ const char kInternalVisibleTabCaptureError[] = const char kNotImplementedError[] = "This call is not yet implemented"; const char kCannotAccessPageError[] = "Cannot access contents of url \"*\". " "Extension manifest must request permission to access this host."; +const char kCannotScriptGalleryError[] = "The extensions gallery cannot be " + "scripted."; const char kSupportedInWindowsOnlyError[] = "Supported in Windows only"; const char kNoCodeOrFileToExecuteError[] = "No source code or file specified."; diff --git a/chrome/browser/extensions/extension_tabs_module_constants.h b/chrome/browser/extensions/extension_tabs_module_constants.h index 6e0967d..a8bf1ac 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.h +++ b/chrome/browser/extensions/extension_tabs_module_constants.h @@ -48,6 +48,7 @@ extern const char kInvalidUrlError[]; extern const char kInternalVisibleTabCaptureError[]; extern const char kNotImplementedError[]; extern const char kCannotAccessPageError[]; +extern const char kCannotScriptGalleryError[]; extern const char kSupportedInWindowsOnlyError[]; extern const char kNoCodeOrFileToExecuteError[]; |