Enable CSP by default for extensions with manifest_version >= 2.

Review URL: http://codereview.chromium.org/8585020

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110531 0039d316-1c4b-4281-b951-d872f2087c98

9 files changed, 84 insertions, 4 deletions

diff --git a/chrome/browser/extensions/content_security_policy_apitest.cc b/chrome/browser/extensions/content_security_policy_apitest.cc
index 208bb74..1740e2e 100644
--- a/chrome/browser/extensions/content_security_policy_apitest.cc
+++ b/chrome/browser/extensions/content_security_policy_apitest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -7,8 +7,12 @@
 #include "net/base/mock_host_resolver.h"
 
 IN_PROC_BROWSER_TEST_F(ExtensionApiTest, ContentSecurityPolicy) {
-  CommandLine::ForCurrentProcess()->AppendSwitch(
-      switches::kEnableExperimentalExtensionApis);
   ASSERT_TRUE(StartTestServer());
   ASSERT_TRUE(RunExtensionTest("content_security_policy")) << message_;
 }
+
+IN_PROC_BROWSER_TEST_F(ExtensionApiTest, DefaultContentSecurityPolicy) {
+  ASSERT_TRUE(StartTestServer());
+  ASSERT_TRUE(RunExtensionTest("default_content_security_policy")) <<
+      message_;
+}
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index f898a52..1ea3041d 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -63,6 +63,9 @@ const char kPrivate[] = "PRIVATE";
 
 const int kRSAKeySize = 1024;
 
+const char kDefaultContentSecurityPolicy[] =
+    "script-src 'self'; object-src 'self'";
+
 // Converts a normal hexadecimal string into the alphabet used by extensions.
 // We use the characters 'a'-'p' instead of '0'-'f' to avoid ever having a
 // completely numeric host, since some software interprets that as an IP
@@ -1275,7 +1278,8 @@ bool Extension::IsTrustedId(const std::string& id) {
 }
 
 Extension::Extension(const FilePath& path, Location location)
-    : incognito_split_mode_(false),
+    : manifest_version_(0),
+      incognito_split_mode_(false),
       offline_enabled_(false),
       location_(location),
       converted_from_user_script_(false),
@@ -1454,6 +1458,19 @@ bool Extension::InitFromValue(const DictionaryValue& source, int flags,
   optional_permission_set_ = new ExtensionPermissionSet();
   required_permission_set_ = new ExtensionPermissionSet();
 
+  if (source.HasKey(keys::kManifestVersion)) {
+    int manifest_version = 0;
+    if (!source.GetInteger(keys::kManifestVersion, &manifest_version) ||
+        manifest_version < 1) {
+      *error = errors::kInvalidManifestVersion;
+      return false;
+    }
+    manifest_version_ = manifest_version;
+  } else {
+    // Version 1 was the original version, which lacked a version indicator.
+    manifest_version_ = 1;
+  }
+
   if (source.HasKey(keys::kPublicKey)) {
     std::string public_key_bytes;
     if (!source.GetString(keys::kPublicKey,
@@ -2217,6 +2234,11 @@ bool Extension::InitFromValue(const DictionaryValue& source, int flags,
       return false;
     }
     content_security_policy_ = content_security_policy;
+  } else if (manifest_version_ >= 2) {
+    // Manifest version 2 introduced a default Content-Security-Policy.
+    // TODO(abarth): Should we continue to let extensions override the
+    //               default Content-Security-Policy?
+    content_security_policy_ = kDefaultContentSecurityPolicy;
   }
 
   // Initialize devtools page url (optional).
diff --git a/chrome/common/extensions/extension.h b/chrome/common/extensions/extension.h
index 9aefb4c..146c534 100644
--- a/chrome/common/extensions/extension.h
+++ b/chrome/common/extensions/extension.h
@@ -494,6 +494,7 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
   const std::string& name() const { return name_; }
   const std::string& public_key() const { return public_key_; }
   const std::string& description() const { return description_; }
+  int manifest_version() const { return manifest_version_; }
   bool converted_from_user_script() const {
     return converted_from_user_script_;
   }
@@ -714,6 +715,14 @@ class Extension : public base::RefCountedThreadSafe<Extension> {
   // The absolute path to the directory the extension is stored in.
   FilePath path_;
 
+  // The version of this extension's manifest. We increase the manifest
+  // version when making breaking changes to the extension system.
+  // Version 1 was the first manifest version (implied by a lack of a
+  // manifest_version attribute in the extension's manifest). We initialize
+  // this member variable to 0 to distinguish the "uninitialized" case from
+  // the case when we know the manifest version actually is 1.
+  int manifest_version_;
+
   // Default locale for fall back. Can be empty if extension is not localized.
   std::string default_locale_;
 
diff --git a/chrome/common/extensions/extension_constants.cc b/chrome/common/extensions/extension_constants.cc
index b0bb370..85bfd52 100644
--- a/chrome/common/extensions/extension_constants.cc
+++ b/chrome/common/extensions/extension_constants.cc
@@ -53,6 +53,7 @@ const char* kLaunchLocalPath = "app.launch.local_path";
 const char* kLaunchWebURL = "app.launch.web_url";
 const char* kLaunchWidth = "app.launch.width";
 const char* kLayouts = "layouts";
+const char* kManifestVersion = "manifest_version";
 const char* kMatches = "matches";
 const char* kMinimumChromeVersion = "minimum_chrome_version";
 const char* kName = "name";
@@ -271,6 +272,8 @@ const char* kInvalidLaunchWidthContainer =
     "Invalid container type for 'app.launch.width'.";
 const char* kInvalidManifest =
     "Manifest file is invalid.";
+const char* kInvalidManifestVersion =
+    "Invalid value for 'manifest_version'.";
 const char* kInvalidMatch =
     "Invalid value for 'content_scripts[*].matches[*]': *";
 const char* kInvalidMatchCount =
diff --git a/chrome/common/extensions/extension_constants.h b/chrome/common/extensions/extension_constants.h
index 1f47f8f..ecdb13d 100644
--- a/chrome/common/extensions/extension_constants.h
+++ b/chrome/common/extensions/extension_constants.h
@@ -55,6 +55,7 @@ namespace extension_manifest_keys {
   extern const char* kLaunchWebURL;
   extern const char* kLaunchWidth;
   extern const char* kLayouts;
+  extern const char* kManifestVersion;
   extern const char* kMatches;
   extern const char* kMinimumChromeVersion;
   extern const char* kNaClModules;
@@ -203,6 +204,7 @@ namespace extension_manifest_errors {
   extern const char* kInvalidLaunchWidth;
   extern const char* kInvalidLaunchWidthContainer;
   extern const char* kInvalidManifest;
+  extern const char* kInvalidManifestVersion;
   extern const char* kInvalidMatch;
   extern const char* kInvalidMatchCount;
   extern const char* kInvalidMatches;
diff --git a/chrome/test/data/extensions/api_test/content_security_policy/test.js b/chrome/test/data/extensions/api_test/content_security_policy/test.js
index 26aa4ca..be250bd 100644
--- a/chrome/test/data/extensions/api_test/content_security_policy/test.js
+++ b/chrome/test/data/extensions/api_test/content_security_policy/test.js
@@ -1,3 +1,7 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
 window.externalCanary = "Alive";
 
 chrome.test.getConfig(function(config) {
diff --git a/chrome/test/data/extensions/api_test/default_content_security_policy/manifest.json b/chrome/test/data/extensions/api_test/default_content_security_policy/manifest.json
new file mode 100644
index 0000000..a2efd05
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/default_content_security_policy/manifest.json
@@ -0,0 +1,7 @@
+{
+  "name": "default content security policy tests",
+  "version": "0.1",
+  "manifest_version": 2,
+  "description": "Checks that extensions with version 2 manifests have a default Content-Security-Policy.",
+  "background_page": "test.html"
+}
diff --git a/chrome/test/data/extensions/api_test/default_content_security_policy/test.html b/chrome/test/data/extensions/api_test/default_content_security_policy/test.html
new file mode 100644
index 0000000..b4a0461
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/default_content_security_policy/test.html
@@ -0,0 +1,4 @@
+<script>
+window.inlineCanary = "FAIL: This script should not run!";
+</script>
+<script src="test.js"></script>
diff --git a/chrome/test/data/extensions/api_test/default_content_security_policy/test.js b/chrome/test/data/extensions/api_test/default_content_security_policy/test.js
new file mode 100644
index 0000000..be250bd
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/default_content_security_policy/test.js
@@ -0,0 +1,25 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+window.externalCanary = "Alive";
+
+chrome.test.getConfig(function(config) {
+
+  function inlineScriptDoesNotRun() {
+    chrome.test.assertEq(window.inlineCanary, undefined);
+    chrome.test.runNextTest();
+  }
+
+  function externalScriptDoesRun() {
+    // This test is somewhat zen in the sense that if external scripts are
+    // blocked, we don't be able to even execute the test harness...
+    chrome.test.assertEq(window.externalCanary, "Alive");
+    chrome.test.runNextTest();
+  }
+
+  chrome.test.runTests([
+    inlineScriptDoesNotRun,
+    externalScriptDoesRun
+  ]);
+});