Add Content Security Policy (CSP) to chrome://flash page.

Review URL: http://codereview.chromium.org/7108065

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@88850 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 86 insertions, 70 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 16adfdd..3a86cd1 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -4545,6 +4545,14 @@ Keep your key file in a safe place. You will need it to create new versions of y
         </message>
       </if>
 
+      <!-- chrome://flash strings -->
+      <message name="IDS_FLASH_LOADING_MESSAGE" desc="Shown while loading until full list of modules is retrieved">
+      Loading...
+      </message>
+      <message name="IDS_FLASH_TITLE_MESSAGE" desc="Shown while loading until full list of modules is retrieved">
+      About Flash
+      </message>
+
       <!-- about:version strings -->
       <message name="IDS_ABOUT_VERSION_TITLE" desc="Title on the about:version page">
         About Version
diff --git a/chrome/browser/browser_resources.grd b/chrome/browser/browser_resources.grd
index 7dc9646..7e41a03 100644
--- a/chrome/browser/browser_resources.grd
+++ b/chrome/browser/browser_resources.grd
@@ -12,7 +12,8 @@
       <if expr="os.find('win') != -1">
         <include name="IDR_ABOUT_CONFLICTS_HTML" file="resources\about_conflicts.html" flattenhtml="true" type="BINDATA" />
       </if>
-      <include name="IDR_ABOUT_FLASH_HTML" file="resources\about_flash.html" flattenhtml="true" type="BINDATA" />
+      <include name="IDR_ABOUT_FLASH_HTML" file="resources\about_flash.html" flattenhtml="true" allowexternalscript="true" type="BINDATA" />
+      <include name="IDR_ABOUT_FLASH_JS" file="resources\about_flash.js" type="BINDATA" />
       <if expr="os == 'linux2' or os.find('bsd') != -1 or os == 'sunos5'">
         <include name="IDR_ABOUT_MEMORY_HTML" file="resources\about_memory_linux.html" flattenhtml="true" type="BINDATA" />
       </if>
diff --git a/chrome/browser/resources/about_flash.html b/chrome/browser/resources/about_flash.html
index 28d916a..0f3e4be 100644
--- a/chrome/browser/resources/about_flash.html
+++ b/chrome/browser/resources/about_flash.html
@@ -1,5 +1,9 @@
 <!DOCTYPE HTML>
 <html i18n-values="dir:textdirection;">
+<!-- X-WebKit-CSP is our development name for Content-Security-Policy.
+     TODO(tsepez) rename when Content-security-policy is done.
+-->
+<meta http-equiv="X-WebKit-CSP" content="object-src 'none'; script-src chrome://resources 'self' 'unsafe-eval'">
 <head>
 <style>
 .key {
@@ -10,41 +14,6 @@
   margin-left: 15px;
 }
 </style>
-<script>
-  /**
-  * Takes the |moduleListData| input argument which represents data about
-  * the currently available modules and populates the html jstemplate
-  * with that data. It expects an object structure like the above.
-  * @param {Object} moduleListData Information about available modules
-  */
-  function renderTemplate(moduleListData) {
-    // This is the javascript code that processes the template:
-    var input = new JsEvalContext(moduleListData);
-    var output = document.getElementById('flashInfoTemplate');
-    jstProcess(input, output);
-  }
-
-  /**
-  * Asks the C++ FlashUIDOMHandler to get details about the Flash and return
-  * the data in returnFlashInfo() (below).
-  */
-  function requestFlashInfo() {
-    chrome.send('requestFlashInfo', []);
-  }
-
-  /**
-  * Called by the WebUI to re-populate the page with data representing the
-  * current state of Flash.
-  */
-  function returnFlashInfo(moduleListData) {
-    document.getElementById('loading-message').style.visibility = 'hidden';
-    document.getElementById('body-container').style.visibility = 'visible';
-    renderTemplate(moduleListData);
-  }
-
-  // Get data and have it displayed upon loading.
-  document.addEventListener('DOMContentLoaded', requestFlashInfo);
-</script>
 </head>
 <body i18n-values=".style.fontFamily:fontfamily;.style.fontSize:fontsize">
 <div id="loading-message" i18n-content="loadingMessage">LOADING_MESSAGE</div>
@@ -60,5 +29,10 @@
     </table>
   </div>
 </div>
+<script src="chrome://flash/about_flash.js"></script>
+<script src="chrome://flash/strings.js"></script>
+<script src="chrome://resources/js/i18n_template.js"></script>
+<script src="chrome://resources/js/i18n_process.js"></script>
+<script src="chrome://resources/js/jstemplate_compiled.js"></script>
 </body>
 </html>
diff --git a/chrome/browser/resources/about_flash.js b/chrome/browser/resources/about_flash.js
new file mode 100644
index 0000000..4f51d77
--- /dev/null
+++ b/chrome/browser/resources/about_flash.js
@@ -0,0 +1,34 @@
+/**
+* Takes the |moduleListData| input argument which represents data about
+* the currently available modules and populates the html jstemplate
+* with that data. It expects an object structure like the above.
+* @param {Object} moduleListData Information about available modules
+*/
+function renderTemplate(moduleListData) {
+  // This is the javascript code that processes the template:
+  var input = new JsEvalContext(moduleListData);
+  var output = document.getElementById('flashInfoTemplate');
+  jstProcess(input, output);
+}
+
+/**
+* Asks the C++ FlashUIDOMHandler to get details about the Flash and return
+* the data in returnFlashInfo() (below).
+*/
+function requestFlashInfo() {
+  chrome.send('requestFlashInfo', []);
+}
+
+/**
+* Called by the WebUI to re-populate the page with data representing the
+* current state of Flash.
+*/
+function returnFlashInfo(moduleListData) {
+  document.getElementById('loading-message').style.visibility = 'hidden';
+  document.getElementById('body-container').style.visibility = 'visible';
+  renderTemplate(moduleListData);
+}
+
+// Get data and have it displayed upon loading.
+document.addEventListener('DOMContentLoaded', requestFlashInfo);
+
diff --git a/chrome/browser/ui/webui/flash_ui.cc b/chrome/browser/ui/webui/flash_ui.cc
index aa52ddf..c364a77 100644
--- a/chrome/browser/ui/webui/flash_ui.cc
+++ b/chrome/browser/ui/webui/flash_ui.cc
@@ -13,7 +13,7 @@
 #include "chrome/browser/crash_upload_list.h"
 #include "chrome/browser/platform_util.h"
 #include "chrome/browser/profiles/profile.h"
-#include "chrome/browser/ui/webui/chrome_url_data_manager.h"
+#include "chrome/browser/ui/webui/chrome_web_ui_data_source.h"
 #include "chrome/browser/ui/webui/crashes_ui.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/jstemplate_builder.h"
@@ -34,9 +34,8 @@
 #include "base/win/windows_version.h"
 #endif
 
-namespace {
-
-const int kTimeout = 8 * 1000;  // 8 seconds.
+static const char kAboutFlashJsFile[] = "about_flash.js";
+static const char kStringsJsFile[] = "strings.js";
 
 ////////////////////////////////////////////////////////////////////////////////
 //
@@ -44,10 +43,9 @@ const int kTimeout = 8 * 1000;  // 8 seconds.
 //
 ////////////////////////////////////////////////////////////////////////////////
 
-class FlashUIHTMLSource : public ChromeURLDataManager::DataSource {
+class FlashUIHTMLSource : public ChromeWebUIDataSource {
  public:
-  FlashUIHTMLSource()
-      : DataSource(chrome::kChromeUIFlashHost, MessageLoop::current()) {}
+  FlashUIHTMLSource();
 
   // Called when the network layer has requested a resource underneath
   // the path we registered.
@@ -55,41 +53,42 @@ class FlashUIHTMLSource : public ChromeURLDataManager::DataSource {
                                 bool is_incognito,
                                 int request_id);
 
-  virtual std::string GetMimeType(const std::string&) const {
-    return "text/html";
-  }
+  virtual std::string GetMimeType(const std::string&) const;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(FlashUIHTMLSource);
 };
 
+FlashUIHTMLSource::FlashUIHTMLSource()
+    : ChromeWebUIDataSource(chrome::kChromeUIFlashHost) {
+  AddLocalizedString("loadingMessage", IDS_FLASH_LOADING_MESSAGE);
+  AddLocalizedString("flashLongTitle", IDS_FLASH_TITLE_MESSAGE);
+}
+
 void FlashUIHTMLSource::StartDataRequest(const std::string& path,
-                                             bool is_incognito,
-                                             int request_id) {
-  // Strings used in the JsTemplate file.
-  DictionaryValue localized_strings;
-  localized_strings.SetString("loadingMessage",
-      l10n_util::GetStringUTF16(IDS_CONFLICTS_LOADING_MESSAGE));
-  localized_strings.SetString("flashLongTitle", "About Flash");
-
-  ChromeURLDataManager::DataSource::SetFontAndTextDirection(&localized_strings);
-
-  static const base::StringPiece html(
-      ResourceBundle::GetSharedInstance().GetRawDataResource(
-          IDR_ABOUT_FLASH_HTML));
-  std::string full_html(html.data(), html.size());
-  jstemplate_builder::AppendJsonHtml(&localized_strings, &full_html);
-  jstemplate_builder::AppendI18nTemplateSourceHtml(&full_html);
-  jstemplate_builder::AppendI18nTemplateProcessHtml(&full_html);
-  jstemplate_builder::AppendJsTemplateSourceHtml(&full_html);
-
-  scoped_refptr<RefCountedBytes> html_bytes(new RefCountedBytes);
-  html_bytes->data.resize(full_html.size());
-  std::copy(full_html.begin(), full_html.end(), html_bytes->data.begin());
-
-  SendResponse(request_id, html_bytes);
+                                         bool is_incognito,
+                                         int request_id) {
+  if (path == kStringsJsFile) {
+    SendLocalizedStringsAsJSON(request_id);
+  } else {
+    int id = (path == kAboutFlashJsFile ?
+              IDR_ABOUT_FLASH_JS :
+              IDR_ABOUT_FLASH_HTML);
+    SendFromResourceBundle(request_id, id);
+  }
 }
 
+std::string FlashUIHTMLSource::GetMimeType(const std::string& path) const {
+  if (path == kAboutFlashJsFile || path == kStringsJsFile)
+    return "application/javascript";
+
+  return "text/html";
+}
+
+namespace {
+
+const int kTimeout = 8 * 1000;  // 8 seconds.
+
 ////////////////////////////////////////////////////////////////////////////////
 //
 // FlashDOMHandler