diff options
| author | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-29 16:51:28 +0000 |
|---|---|---|
| committer | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-29 16:51:28 +0000 |
| commit | 7415e329ce844348328e54a99d36f31dc72d890c (patch) | |
| tree | 40ea05abf21ef027f66c97f38c71925a3fbeacfb /chrome/common/extensions | |
| parent | db64549243ff94833254385cbdd236ecf2d431c5 (diff) | |
| download | chromium_src-7415e329ce844348328e54a99d36f31dc72d890c.zip chromium_src-7415e329ce844348328e54a99d36f31dc72d890c.tar.gz chromium_src-7415e329ce844348328e54a99d36f31dc72d890c.tar.bz2 | |
Merge 241969 "Add a BLESSED_WEB_PAGE extension JS context type t..."
> Add a BLESSED_WEB_PAGE extension JS context type to describe the context in
> which hosted apps run. Currently they're running in BLESSED_EXTENSION which is
> dangerous not to mention wrong. WEB_PAGE is also wrong because additional APIs
> are available to hosted apps.
>
> The immediate need for this change is so that websites with hosted apps can
> still use chrome.runtime.connect/sendMessage if they're connectable. As they're
> currently classed as extension contexts the security checks are done as though
> the messages originate from an extension. This CL doesn't quite fix the bug but
> is half way there.
>
> BUG=326250
> R=koz@chromium.org,jochen@chromium.org
>
> Review URL: https://codereview.chromium.org/112293003
TBR=kalman@chromium.org
Review URL: https://codereview.chromium.org/149523003
git-svn-id: svn://svn.chromium.org/chrome/branches/1750/src@247702 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/extensions')
| -rw-r--r-- | chrome/common/extensions/api/_api_features.json | 12 | ||||
| -rw-r--r-- | chrome/common/extensions/features/simple_feature.cc | 3 | ||||
| -rw-r--r-- | chrome/common/extensions/features/simple_feature_unittest.cc | 5 |
3 files changed, 14 insertions, 6 deletions
diff --git a/chrome/common/extensions/api/_api_features.json b/chrome/common/extensions/api/_api_features.json index 62db5f7..eb87ca2 100644 --- a/chrome/common/extensions/api/_api_features.json +++ b/chrome/common/extensions/api/_api_features.json @@ -22,7 +22,11 @@ "channel": "stable", "extension_types": ["hosted_app", "extension", "legacy_packaged_app"], "contexts": [ - "blessed_extension", "unblessed_extension", "content_script", "web_page" + "blessed_extension", + "unblessed_extension", + "content_script", + "web_page", + "blessed_web_page" ], "matches": [ "http://*/*", "https://*/*", "chrome-extension://*/*", "file://*/*" @@ -237,9 +241,7 @@ "internal": true, "channel": "stable", "extension_types": ["platform_app", "extension"], - "contexts": [ - "blessed_extension", "unblessed_extension", "content_script", "web_page" - ], + "contexts": "all", "matches": ["<all_urls>"] }, "experimental.accessibility": { @@ -709,7 +711,7 @@ // Hosted apps can use the webstore API from within a blessed context. "channel": "stable", "extension_types": ["hosted_app"], - "contexts": ["blessed_extension", "web_page"], + "contexts": ["blessed_web_page", "web_page"], // Any webpage can use the webstore API. "matches": ["http://*/*", "https://*/*"] }, diff --git a/chrome/common/extensions/features/simple_feature.cc b/chrome/common/extensions/features/simple_feature.cc index b971ed6..01431ce 100644 --- a/chrome/common/extensions/features/simple_feature.cc +++ b/chrome/common/extensions/features/simple_feature.cc @@ -35,6 +35,7 @@ struct Mappings { contexts["unblessed_extension"] = Feature::UNBLESSED_EXTENSION_CONTEXT; contexts["content_script"] = Feature::CONTENT_SCRIPT_CONTEXT; contexts["web_page"] = Feature::WEB_PAGE_CONTEXT; + contexts["blessed_web_page"] = Feature::BLESSED_WEB_PAGE_CONTEXT; locations["component"] = Feature::COMPONENT_LOCATION; @@ -197,6 +198,8 @@ std::string GetDisplayName(Feature::Context context) { return "content script"; case Feature::WEB_PAGE_CONTEXT: return "web page"; + case Feature::BLESSED_WEB_PAGE_CONTEXT: + return "hosted app"; } NOTREACHED(); return ""; diff --git a/chrome/common/extensions/features/simple_feature_unittest.cc b/chrome/common/extensions/features/simple_feature_unittest.cc index b2ea868..38ba4af 100644 --- a/chrome/common/extensions/features/simple_feature_unittest.cc +++ b/chrome/common/extensions/features/simple_feature_unittest.cc @@ -430,10 +430,11 @@ TEST_F(ExtensionSimpleFeatureTest, ParseContexts) { contexts->Append(new base::StringValue("unblessed_extension")); contexts->Append(new base::StringValue("content_script")); contexts->Append(new base::StringValue("web_page")); + contexts->Append(new base::StringValue("blessed_web_page")); value->Set("contexts", contexts); scoped_ptr<SimpleFeature> feature(new SimpleFeature()); feature->Parse(value.get()); - EXPECT_EQ(4u, feature->GetContexts()->size()); + EXPECT_EQ(5u, feature->GetContexts()->size()); EXPECT_TRUE( feature->GetContexts()->count(Feature::BLESSED_EXTENSION_CONTEXT)); EXPECT_TRUE( @@ -442,6 +443,8 @@ TEST_F(ExtensionSimpleFeatureTest, ParseContexts) { feature->GetContexts()->count(Feature::CONTENT_SCRIPT_CONTEXT)); EXPECT_TRUE( feature->GetContexts()->count(Feature::WEB_PAGE_CONTEXT)); + EXPECT_TRUE( + feature->GetContexts()->count(Feature::BLESSED_WEB_PAGE_CONTEXT)); value->SetString("contexts", "all"); scoped_ptr<SimpleFeature> feature2(new SimpleFeature()); |