diff options
| author | mihaip@chromium.org <mihaip@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-06 01:41:22 +0000 |
|---|---|---|
| committer | mihaip@chromium.org <mihaip@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-06 01:41:22 +0000 |
| commit | dbb2416d77c8794278aa9e5c396addffee3025d0 (patch) | |
| tree | b7fb5e2b45f1318012848b3ee01520c490bd01a5 /chrome/renderer/extensions | |
| parent | 210c7bed9de215f7c6e14dcd72ab6544ed68b303 (diff) | |
| download | chromium_src-dbb2416d77c8794278aa9e5c396addffee3025d0.zip chromium_src-dbb2416d77c8794278aa9e5c396addffee3025d0.tar.gz chromium_src-dbb2416d77c8794278aa9e5c396addffee3025d0.tar.bz2 | |
Add sandboxed_pages to allow extension/app pages to be served in a
sandboxed, unique origin. This allows manifest_version 2 extensions to have
pages that are exempt from their Content Security Policy (but these pages
can't call extension APIs either).
Depends on http://webkit.org/b/88014
Review URL: https://chromiumcodereview.appspot.com/10458063
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@140689 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer/extensions')
| -rw-r--r-- | chrome/renderer/extensions/extension_dispatcher.cc | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/chrome/renderer/extensions/extension_dispatcher.cc b/chrome/renderer/extensions/extension_dispatcher.cc index 8226de8..d1ed29a 100644 --- a/chrome/renderer/extensions/extension_dispatcher.cc +++ b/chrome/renderer/extensions/extension_dispatcher.cc @@ -896,6 +896,16 @@ Feature::Context ExtensionDispatcher::ClassifyJavaScriptContext( if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS) return Feature::CONTENT_SCRIPT_CONTEXT; + // We have an explicit check for sandboxed pages first since: + // 1. Sandboxed pages run in the same process as regular extension pages, so + // the extension is considered active. + // 2. ScriptContext creation (which triggers bindings injection) happens + // before the SecurityContext is updated with the sandbox flags (after + // reading the CSP header), so url_info.url().securityOrigin() is not + // unique yet. + if (extensions_.IsSandboxedPage(url_info)) + return Feature::WEB_PAGE_CONTEXT; + if (IsExtensionActive(extension_id)) return Feature::BLESSED_EXTENSION_CONTEXT; @@ -934,8 +944,8 @@ bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI( return false; } - if (!IsExtensionActive(context->extension()->id()) && - ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name)) { + if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) && + context->context_type() != Feature::BLESSED_EXTENSION_CONTEXT) { static const char kMessage[] = "%s can only be used in an extension process."; std::string error_msg = base::StringPrintf(kMessage, function_name.c_str()); @@ -944,5 +954,14 @@ bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI( return false; } + // We should never end up with sandboxed contexts trying to invoke extension + // APIs, they don't get extension bindings injected. If we end up here it + // means that a sandboxed page somehow managed to invoke an API anyway, so + // we should abort. + WebKit::WebFrame* frame = context->web_frame(); + ExtensionURLInfo url_info(frame->document().securityOrigin(), + UserScriptSlave::GetDataSourceURLForFrame(frame)); + CHECK(!extensions_.IsSandboxedPage(url_info)); + return true; } |