diff options
| author | finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-03 09:03:41 +0000 |
|---|---|---|
| committer | finnur@chromium.org <finnur@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-03 09:03:41 +0000 |
| commit | 56585ef925940e248319b9d6098ae64011e4abea (patch) | |
| tree | 63c0041c16603f7fbb9fd0d64440a809e9c19327 /chrome/common/render_messages_params.h | |
| parent | 6abefa7f2d50f1d55c93a0d0b4b5a7cc4ec1507f (diff) | |
| download | chromium_src-56585ef925940e248319b9d6098ae64011e4abea.zip chromium_src-56585ef925940e248319b9d6098ae64011e4abea.tar.gz chromium_src-56585ef925940e248319b9d6098ae64011e4abea.tar.bz2 | |
Component extensions (and whitelisted extensions) specifying <all_urls> in their Extension match pattern should be allowed to run content scripts everywhere (including chrome://, chrome-extension://, about: and gallery pages.
The intent was to also allow these extensions to specify more granular permissions, such as about:version instead of <all_urls>, but that didn't make the cut this time.
This CL also enables <all_urls> for host permissions for regular extensions, which was disabled before. Note: That still doesn't give them permission to script the gallery and chrome:// pages, etc.
BUG=36275
TEST=New: ExtensionBrowserTest.AllUrlsWhitelistedExtension, ExtensionBrowserTest.AllUrlsRegularExtensions
Review URL: http://codereview.chromium.org/3440027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61323 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/render_messages_params.h')
| -rw-r--r-- | chrome/common/render_messages_params.h | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/chrome/common/render_messages_params.h b/chrome/common/render_messages_params.h index dfb78b8..0359b1e 100644 --- a/chrome/common/render_messages_params.h +++ b/chrome/common/render_messages_params.h @@ -746,7 +746,6 @@ struct ViewHostMsg_IDBObjectStoreOpenCursor_Params { struct ViewMsg_ExecuteCode_Params { ViewMsg_ExecuteCode_Params(); ViewMsg_ExecuteCode_Params(int request_id, const std::string& extension_id, - const std::vector<URLPattern>& host_permissions, bool is_javascript, const std::string& code, bool all_frames); ~ViewMsg_ExecuteCode_Params(); @@ -758,10 +757,6 @@ struct ViewMsg_ExecuteCode_Params { // execute the code inside of. std::string extension_id; - // The host permissions of the requesting extension. So that we can check them - // right before injecting, to avoid any race conditions. - std::vector<URLPattern> host_permissions; - // Whether the code is JavaScript or CSS. bool is_javascript; @@ -921,6 +916,8 @@ struct ViewMsg_ExtensionRendererInfo { std::string name; GURL icon_url; Extension::Location location; + bool allowed_to_execute_script_everywhere; + std::vector<URLPattern> host_permissions; }; struct ViewMsg_ExtensionsUpdated_Params { |