diff options
author | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-22 02:25:04 +0000 |
---|---|---|
committer | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-22 02:25:04 +0000 |
commit | 62771440ed73d5f6f8b322ad5f7a2fa1837e8da9 (patch) | |
tree | 79e5441b6b2674afe18778fb42ba35a8166cae1b /chrome/browser | |
parent | 98586a039c29ac0e4cfac919e5071c371563c770 (diff) | |
download | chromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.zip chromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.tar.gz chromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.tar.bz2 |
Revert change that disallowed content scripts access to
file:// URLs. It turns out teams were already depending on
this and we didn't want to break them.
Instead, group file:// access with NPAPI in the extension
install prompt.
Note: this is a pure revert of r402029 and r402069 (sorry
Finnur!) except the changes in extension_install_ui.cc,
which are new.
BUG=28456
Review URL: http://codereview.chromium.org/430003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32770 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
-rw-r--r-- | chrome/browser/extensions/extension_install_ui.cc | 20 | ||||
-rw-r--r-- | chrome/browser/extensions/extension_startup_unittest.cc | 9 | ||||
-rw-r--r-- | chrome/browser/extensions/extensions_service_unittest.cc | 6 |
3 files changed, 29 insertions, 6 deletions
diff --git a/chrome/browser/extensions/extension_install_ui.cc b/chrome/browser/extensions/extension_install_ui.cc index c89a9fa..72a7c1e 100644 --- a/chrome/browser/extensions/extension_install_ui.cc +++ b/chrome/browser/extensions/extension_install_ui.cc @@ -21,6 +21,7 @@ #endif // TOOLKIT_VIEWS #include "chrome/common/extensions/extension.h" #include "chrome/common/notification_service.h" +#include "chrome/common/url_constants.h" #include "grit/browser_resources.h" #include "grit/chromium_strings.h" #include "grit/generated_resources.h" @@ -39,6 +40,25 @@ static std::wstring GetInstallWarning(Extension* extension) { if (!extension->plugins().empty()) return l10n_util::GetString(IDS_EXTENSION_PROMPT_WARNING_NEW_FULL_ACCESS); + // We also show the severe warning if the extension has access to any file:// + // URLs. They aren't *quite* as dangerous as full access to the system via + // NPAPI, but pretty dang close. Content scripts are currently the only way + // that extension can get access to file:// URLs. + for (UserScriptList::const_iterator script = + extension->content_scripts().begin(); + script != extension->content_scripts().end(); + ++script) { + for (UserScript::PatternList::const_iterator pattern = + script->url_patterns().begin(); + pattern != script->url_patterns().end(); + ++pattern) { + if (pattern->scheme() == chrome::kFileScheme) { + return l10n_util::GetString( + IDS_EXTENSION_PROMPT_WARNING_NEW_FULL_ACCESS); + } + } + } + // Otherwise, we go in descending order of severity: all hosts, several hosts, // a single host, no hosts. For each of these, we also have a variation of the // message for when api permissions are also requested. diff --git a/chrome/browser/extensions/extension_startup_unittest.cc b/chrome/browser/extensions/extension_startup_unittest.cc index f076b37..00089ae 100644 --- a/chrome/browser/extensions/extension_startup_unittest.cc +++ b/chrome/browser/extensions/extension_startup_unittest.cc @@ -131,9 +131,12 @@ class ExtensionStartupTestBase void TestInjection(bool expect_css, bool expect_script) { // Load a page affected by the content script and test to see the effect. - HTTPTestServer* server = StartHTTPServer(); - GURL url = server->TestServerPage("file/extensions/test_file.html"); - ui_test_utils::NavigateToURL(browser(), url); + FilePath test_file; + PathService::Get(chrome::DIR_TEST_DATA, &test_file); + test_file = test_file.AppendASCII("extensions") + .AppendASCII("test_file.html"); + + ui_test_utils::NavigateToURL(browser(), net::FilePathToFileURL(test_file)); bool result = false; ui_test_utils::ExecuteJavaScriptAndExtractBool( diff --git a/chrome/browser/extensions/extensions_service_unittest.cc b/chrome/browser/extensions/extensions_service_unittest.cc index 5024757..f9af689 100644 --- a/chrome/browser/extensions/extensions_service_unittest.cc +++ b/chrome/browser/extensions/extensions_service_unittest.cc @@ -539,11 +539,11 @@ TEST_F(ExtensionsServiceTest, LoadAllExtensionsFromDirectorySuccess) { extension->toolstrips(); ASSERT_EQ(2u, scripts.size()); EXPECT_EQ(3u, scripts[0].url_patterns().size()); - EXPECT_EQ("http://*.google.com/*", + EXPECT_EQ("file://*", scripts[0].url_patterns()[0].GetAsString()); - EXPECT_EQ("https://*.google.com/*", + EXPECT_EQ("http://*.google.com/*", scripts[0].url_patterns()[1].GetAsString()); - EXPECT_EQ("http://localhost/*", + EXPECT_EQ("https://*.google.com/*", scripts[0].url_patterns()[2].GetAsString()); EXPECT_EQ(2u, scripts[0].js_scripts().size()); ExtensionResource resource00(scripts[0].js_scripts()[0].extension_root(), |