diff options
| author | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 04:52:55 +0000 |
|---|---|---|
| committer | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-07 04:52:55 +0000 |
| commit | b281ab6e72be9b1df735395da6979c21712a8e5d (patch) | |
| tree | 083a068bf5056e4c37790b793afe04c26d60a44e /chrome/renderer | |
| parent | b792af76625e5f3d9801277b628352243fdcbb18 (diff) | |
| download | chromium_src-b281ab6e72be9b1df735395da6979c21712a8e5d.zip chromium_src-b281ab6e72be9b1df735395da6979c21712a8e5d.tar.gz chromium_src-b281ab6e72be9b1df735395da6979c21712a8e5d.tar.bz2 | |
Allow silent extension installations from the extensions gallery - Part 1.
In this episode we:
-Create a new ChildProcess privilege (SILENT_INSTALL_EXTENSION) which is granted to the extension gallery pages.
-Ensure that extension gallery pages are isolated into their own process which is never shared with other urls.
Important: The SILENT_INSTALL_EXTENSION privilege is never granted any additional abilities in this patch, so this patch only has the effect of grouping gallery URLs into a separate process.
In subsequent patch(es) we plan to (a) observe this new privilege and allow gallery urls to install extensions bypassing the normal prompts, (b) polish this UI flow [in particular, do not show the black "loading" dilaog, (c) check the id of the extension to be installed (from the crx) matches the expected id (from gallery url).
BUG=27431
Review URL: http://codereview.chromium.org/400018
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33952 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/render_view.cc | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index c47cd25..e368552 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -30,6 +30,7 @@ #include "chrome/common/child_process_logging.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/chrome_constants.h" +#include "chrome/common/extensions/extension.h" #include "chrome/common/jstemplate_builder.h" #include "chrome/common/page_zoom.h" #include "chrome/common/plugin_messages.h" @@ -1957,6 +1958,30 @@ WebNavigationPolicy RenderView::decidePolicyForNavigation( } } + // Extension gallery URLs are granted special permission to silently install + // extensions. If the navigation is either from or to a gallery URL, kick + // it up to browser so that the renderer process can be properly managed + // (i.e. display gallery urls in a seperate process that contains nothing + // else). + if (default_policy == WebKit::WebNavigationPolicyCurrentTab && + (is_content_initiated || is_redirect) && frame->parent() == NULL && + Extension::IsGalleryURL(url) != Extension::IsGalleryURL(frame->url())) { + // TODO(rafaelw): is it OK to use frame->url() as referrer rather than + // GURL() (as above)? + OpenURL(url, frame->url(), default_policy); + return WebKit::WebNavigationPolicyIgnore; // Suppress the load here. + } + + // The renderer for the extension gallery should not allow any non-gallery + // subframe navigations, since the frames would also have elevated + // permissions. + if (default_policy == WebKit::WebNavigationPolicyCurrentTab && + frame->parent() != NULL && + Extension::IsGalleryURL(frame->top()->url()) && + !Extension::IsGalleryURL(url)) { + return WebKit::WebNavigationPolicyIgnore; // Ignore the navigation. + } + // Detect when a page is "forking" a new tab that can be safely rendered in // its own process. This is done by sites like Gmail that try to open links // in new windows without script connections back to the original page. We |