diff options
| author | nkostylev@chromium.org <nkostylev@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-03 01:02:13 +0000 |
|---|---|---|
| committer | nkostylev@chromium.org <nkostylev@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-03 01:02:13 +0000 |
| commit | e8d9c420df04b216c86c10c895fc61f79317c08a (patch) | |
| tree | 02856aec88ef7f56cd8cbca3211bfcc5921027b7 /chrome/renderer | |
| parent | dd5287ab214f09da26122a1cb7ed02a64844283d (diff) | |
| download | chromium_src-e8d9c420df04b216c86c10c895fc61f79317c08a.zip chromium_src-e8d9c420df04b216c86c10c895fc61f79317c08a.tar.gz chromium_src-e8d9c420df04b216c86c10c895fc61f79317c08a.tar.bz2 | |
Revert 149610 - Extension resources should only load in contexts the extension has permission to access.
See http://codereview.chromium.org/10792008/ for background.
BUG=139592
Review URL: https://chromiumcodereview.appspot.com/10828067
TBR=mkwst@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10826134
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149760 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/extensions/extension_resource_request_policy.cc | 72 |
1 files changed, 21 insertions, 51 deletions
diff --git a/chrome/renderer/extensions/extension_resource_request_policy.cc b/chrome/renderer/extensions/extension_resource_request_policy.cc index 091538c..9f1e842 100644 --- a/chrome/renderer/extensions/extension_resource_request_policy.cc +++ b/chrome/renderer/extensions/extension_resource_request_policy.cc @@ -7,7 +7,6 @@ #include "base/command_line.h" #include "base/logging.h" #include "base/stringprintf.h" -#include "base/string_util.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/url_constants.h" #include "chrome/common/extensions/extension.h" @@ -48,44 +47,27 @@ bool ExtensionResourceRequestPolicy::CanRequestResource( return false; } - GURL frame_url = frame->document().url(); - - // In the case of loading a frame, frame* points to the frame being loaded, - // not the containing frame. This means that frame->document().url() ends up - // not being useful to us. - // - // WebKit doesn't currently pass us enough information to know when we're a - // frame, so we hack it by checking for 'about:blank', which should only - // happen in this situation. - // - // TODO(aa): Fix WebKit to pass the context of the load: crbug.com/139788. - if (frame_url == GURL(chrome::kAboutBlankURL) && frame->parent()) - frame_url = frame->parent()->document().url(); - - bool extension_has_access_to_frame = - extension->GetEffectiveHostPermissions().MatchesURL(frame_url); - bool frame_has_empty_origin = frame_url.is_empty(); - bool frame_is_data_url = frame_url.SchemeIs(chrome::kDataScheme); - bool frame_is_devtools = frame_url.SchemeIs(chrome::kChromeDevToolsScheme) && - !extension->devtools_url().is_empty(); - bool frame_is_extension = frame_url.SchemeIs(chrome::kExtensionScheme); - bool is_own_resource = frame_url.GetOrigin() == extension->url(); - bool is_resource_nacl_manifest = - extension->IsResourceNaClManifest(resource_url.path()); - bool is_resource_web_accessible = - extension->IsResourceWebAccessible(resource_url.path()) || - CommandLine::ForCurrentProcess()->HasSwitch( - switches::kDisableExtensionsResourceWhitelist); - - // Given that the goal here is to prevent malicious injection of a benign - // extension's content into a context where it might be damaging, allowing - // unvalidated "nexe" resources is low-risk. If a mechanism for synchronously - // validating that the "nexe" is a NaCl executable appears, we should use it. - bool is_resource_nexe = extension->HasNaClModules() && - EndsWith(resource_url.path(), ".nexe", true); - - if (!frame_has_empty_origin && !frame_is_devtools && !is_own_resource) { - if (!is_resource_web_accessible) { + // Disallow loading of extension resources which are not explicitely listed + // as web accessible if the manifest version is 2 or greater. + if (!extension->IsResourceWebAccessible(resource_url.path()) && + !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kDisableExtensionsResourceWhitelist)) { + GURL frame_url = frame->document().url(); + GURL page_url = frame->top()->document().url(); + + // Exceptions are: + // - empty origin (needed for some edge cases when we have empty origins) + bool is_empty_origin = frame_url.is_empty(); + // - extensions requesting their own resources (frame_url check is for + // images, page_url check is for iframes) + bool is_own_resource = frame_url.GetOrigin() == extension->url() || + page_url.GetOrigin() == extension->url(); + // - devtools (chrome-extension:// URLs are loaded into frames of devtools + // to support the devtools extension APIs) + bool is_dev_tools = page_url.SchemeIs(chrome::kChromeDevToolsScheme) && + !extension->devtools_url().is_empty(); + + if (!is_empty_origin && !is_own_resource && !is_dev_tools) { std::string message = base::StringPrintf( "Denying load of %s. Resources must be listed in the " "web_accessible_resources manifest key in order to be loaded by " @@ -96,18 +78,6 @@ bool ExtensionResourceRequestPolicy::CanRequestResource( WebKit::WebString::fromUTF8(message))); return false; } - - if (!extension_has_access_to_frame && !frame_is_extension && - !frame_is_data_url && !is_resource_nacl_manifest && !is_resource_nexe) { - std::string message = base::StringPrintf( - "Denying load of %s. An extension's resources can only be loaded " - "into a page for which the extension has explicit host permissions.", - resource_url.spec().c_str()); - frame->addMessageToConsole( - WebKit::WebConsoleMessage(WebKit::WebConsoleMessage::LevelError, - WebKit::WebString::fromUTF8(message))); - return false; - } } return true; |