summaryrefslogtreecommitdiffstats
path: root/chrome/browser
diff options
context:
space:
mode:
authoraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-22 02:25:04 +0000
committeraa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-22 02:25:04 +0000
commit62771440ed73d5f6f8b322ad5f7a2fa1837e8da9 (patch)
tree79e5441b6b2674afe18778fb42ba35a8166cae1b /chrome/browser
parent98586a039c29ac0e4cfac919e5071c371563c770 (diff)
downloadchromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.zip
chromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.tar.gz
chromium_src-62771440ed73d5f6f8b322ad5f7a2fa1837e8da9.tar.bz2
Revert change that disallowed content scripts access to
file:// URLs. It turns out teams were already depending on this and we didn't want to break them. Instead, group file:// access with NPAPI in the extension install prompt. Note: this is a pure revert of r402029 and r402069 (sorry Finnur!) except the changes in extension_install_ui.cc, which are new. BUG=28456 Review URL: http://codereview.chromium.org/430003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32770 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser')
-rw-r--r--chrome/browser/extensions/extension_install_ui.cc20
-rw-r--r--chrome/browser/extensions/extension_startup_unittest.cc9
-rw-r--r--chrome/browser/extensions/extensions_service_unittest.cc6
3 files changed, 29 insertions, 6 deletions
diff --git a/chrome/browser/extensions/extension_install_ui.cc b/chrome/browser/extensions/extension_install_ui.cc
index c89a9fa..72a7c1e 100644
--- a/chrome/browser/extensions/extension_install_ui.cc
+++ b/chrome/browser/extensions/extension_install_ui.cc
@@ -21,6 +21,7 @@
#endif // TOOLKIT_VIEWS
#include "chrome/common/extensions/extension.h"
#include "chrome/common/notification_service.h"
+#include "chrome/common/url_constants.h"
#include "grit/browser_resources.h"
#include "grit/chromium_strings.h"
#include "grit/generated_resources.h"
@@ -39,6 +40,25 @@ static std::wstring GetInstallWarning(Extension* extension) {
if (!extension->plugins().empty())
return l10n_util::GetString(IDS_EXTENSION_PROMPT_WARNING_NEW_FULL_ACCESS);
+ // We also show the severe warning if the extension has access to any file://
+ // URLs. They aren't *quite* as dangerous as full access to the system via
+ // NPAPI, but pretty dang close. Content scripts are currently the only way
+ // that extension can get access to file:// URLs.
+ for (UserScriptList::const_iterator script =
+ extension->content_scripts().begin();
+ script != extension->content_scripts().end();
+ ++script) {
+ for (UserScript::PatternList::const_iterator pattern =
+ script->url_patterns().begin();
+ pattern != script->url_patterns().end();
+ ++pattern) {
+ if (pattern->scheme() == chrome::kFileScheme) {
+ return l10n_util::GetString(
+ IDS_EXTENSION_PROMPT_WARNING_NEW_FULL_ACCESS);
+ }
+ }
+ }
+
// Otherwise, we go in descending order of severity: all hosts, several hosts,
// a single host, no hosts. For each of these, we also have a variation of the
// message for when api permissions are also requested.
diff --git a/chrome/browser/extensions/extension_startup_unittest.cc b/chrome/browser/extensions/extension_startup_unittest.cc
index f076b37..00089ae 100644
--- a/chrome/browser/extensions/extension_startup_unittest.cc
+++ b/chrome/browser/extensions/extension_startup_unittest.cc
@@ -131,9 +131,12 @@ class ExtensionStartupTestBase
void TestInjection(bool expect_css, bool expect_script) {
// Load a page affected by the content script and test to see the effect.
- HTTPTestServer* server = StartHTTPServer();
- GURL url = server->TestServerPage("file/extensions/test_file.html");
- ui_test_utils::NavigateToURL(browser(), url);
+ FilePath test_file;
+ PathService::Get(chrome::DIR_TEST_DATA, &test_file);
+ test_file = test_file.AppendASCII("extensions")
+ .AppendASCII("test_file.html");
+
+ ui_test_utils::NavigateToURL(browser(), net::FilePathToFileURL(test_file));
bool result = false;
ui_test_utils::ExecuteJavaScriptAndExtractBool(
diff --git a/chrome/browser/extensions/extensions_service_unittest.cc b/chrome/browser/extensions/extensions_service_unittest.cc
index 5024757..f9af689 100644
--- a/chrome/browser/extensions/extensions_service_unittest.cc
+++ b/chrome/browser/extensions/extensions_service_unittest.cc
@@ -539,11 +539,11 @@ TEST_F(ExtensionsServiceTest, LoadAllExtensionsFromDirectorySuccess) {
extension->toolstrips();
ASSERT_EQ(2u, scripts.size());
EXPECT_EQ(3u, scripts[0].url_patterns().size());
- EXPECT_EQ("http://*.google.com/*",
+ EXPECT_EQ("file://*",
scripts[0].url_patterns()[0].GetAsString());
- EXPECT_EQ("https://*.google.com/*",
+ EXPECT_EQ("http://*.google.com/*",
scripts[0].url_patterns()[1].GetAsString());
- EXPECT_EQ("http://localhost/*",
+ EXPECT_EQ("https://*.google.com/*",
scripts[0].url_patterns()[2].GetAsString());
EXPECT_EQ(2u, scripts[0].js_scripts().size());
ExtensionResource resource00(scripts[0].js_scripts()[0].extension_root(),