diff options
| author | sdoyon@chromium.org <sdoyon@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-09 17:35:08 +0000 |
|---|---|---|
| committer | sdoyon@chromium.org <sdoyon@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-09 17:35:08 +0000 |
| commit | 638d45d84246e0a0f301c1b7aaa618a45431c0d1 (patch) | |
| tree | 7c0d56a114a0bf82318925d5d07f13b964fa5f36 /chrome | |
| parent | 8b46a3f8b8d138b391ebe93c1b8e43bb2fc18e97 (diff) | |
| download | chromium_src-638d45d84246e0a0f301c1b7aaa618a45431c0d1.zip chromium_src-638d45d84246e0a0f301c1b7aaa618a45431c0d1.tar.gz chromium_src-638d45d84246e0a0f301c1b7aaa618a45431c0d1.tar.bz2 | |
Add --allow-scripting-gallery command line switch to allow extensions
and scripts to run on the Chrome Extensions Gallery site. There are
security concerns in enabling this and so it remains off by default,
but this is needed for automation testing of the gallery.
Cleanup: Have UserScriptSlave::InjectScripts() return void instead of a bogus bool.
TEST=Visit http://chrome.google.com/extensions, check that content scripts work when the command-line switch is given, and are not injected when the switch is not given.
BUG=none
Review URL: http://codereview.chromium.org/2912002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@51977 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/extensions/extensions_service.cc | 4 | ||||
| -rw-r--r-- | chrome/browser/renderer_host/browser_render_process_host.cc | 1 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 5 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
| -rw-r--r-- | chrome/renderer/render_view.cc | 4 | ||||
| -rw-r--r-- | chrome/renderer/user_script_slave.cc | 13 | ||||
| -rw-r--r-- | chrome/renderer/user_script_slave.h | 2 |
7 files changed, 22 insertions, 8 deletions
diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc index 78c600f..9a91533 100644 --- a/chrome/browser/extensions/extensions_service.cc +++ b/chrome/browser/extensions/extensions_service.cc @@ -720,7 +720,9 @@ bool ExtensionsService::CanExecuteScriptOnHost(Extension* extension, std::string* error) const { // No extensions are allowed to execute script on the gallery because that // would allow extensions to manipulate their own install pages. - if (url.host() == GURL(Extension::ChromeStoreURL()).host()) { + if (url.host() == GURL(Extension::ChromeStoreURL()).host() + && !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowScriptingGallery)) { if (error) *error = errors::kCannotScriptGallery; return false; diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc index 4089631..411a597 100644 --- a/chrome/browser/renderer_host/browser_render_process_host.cc +++ b/chrome/browser/renderer_host/browser_render_process_host.cc @@ -511,6 +511,7 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer( // for official Google Chrome builds. switches::kInProcessPlugins, #endif // GOOGLE_CHROME_BUILD + switches::kAllowScriptingGallery, switches::kDomAutomationController, switches::kUserAgent, switches::kNoReferrers, diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index 5e7f3e9..c940f29 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -25,6 +25,11 @@ const char kAllowFileAccessFromFiles[] = "allow-file-access-from-files"; // Allows debugging of sandboxed processes (see zygote_main_linux.cc). const char kAllowSandboxDebugging[] = "allow-sandbox-debugging"; +// Allows injecting extensions and user scripts on the extensions +// gallery site. Normally prevented for security reasons, but can be +// useful for automation testing of the gallery. +const char kAllowScriptingGallery[] = "allow-scripting-gallery"; + // Enable web inspector for all windows, even if they're part of the browser. // Allows us to use our dev tools to debug browser windows itself. const char kAlwaysEnableDevTools[] = "always-enable-dev-tools"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 87c248e..8430862 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -22,6 +22,7 @@ namespace switches { extern const char kActivateOnLaunch[]; extern const char kAllowFileAccessFromFiles[]; extern const char kAllowSandboxDebugging[]; +extern const char kAllowScriptingGallery[]; extern const char kAlwaysEnableDevTools[]; extern const char kApp[]; extern const char kAppId[]; diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index f5c1aeb..7ec95a3 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -5012,7 +5012,9 @@ void RenderView::ExecuteCodeImpl(WebFrame* frame, const ViewMsg_ExecuteCode_Params& params) { // Don't execute scripts in gallery pages. GURL frame_url = GURL(frame->url()); - if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host()) { + if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host() + && !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowScriptingGallery)) { Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true)); return; } diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc index b2b7a04..e064093 100644 --- a/chrome/renderer/user_script_slave.cc +++ b/chrome/renderer/user_script_slave.cc @@ -141,18 +141,21 @@ void UserScriptSlave::InsertInitExtensionCode( incognito ? "true" : "false")))); } -bool UserScriptSlave::InjectScripts(WebFrame* frame, +void UserScriptSlave::InjectScripts(WebFrame* frame, UserScript::RunLocation location) { GURL frame_url = GURL(frame->url()); // Don't bother if this is not a URL we inject script into. if (!URLPattern(UserScript::kValidUserScriptSchemes).IsValidScheme( frame_url.scheme())) - return true; + return; // Don't inject user scripts into the gallery itself. This prevents // a user script from removing the "report abuse" link, for example. - if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host()) - return true; + if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host() + && !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowScriptingGallery)) { + return; + } PerfTimer timer; int num_css = 0; @@ -244,5 +247,5 @@ bool UserScriptSlave::InjectScripts(WebFrame* frame, LOG(INFO) << "Injected " << num_scripts << " scripts and " << num_css << " css files into " << frame->url().spec().data(); - return true; + return; } diff --git a/chrome/renderer/user_script_slave.h b/chrome/renderer/user_script_slave.h index cf8fb8d..a1b0a04 100644 --- a/chrome/renderer/user_script_slave.h +++ b/chrome/renderer/user_script_slave.h @@ -37,7 +37,7 @@ class UserScriptSlave { // Inject the appropriate scripts into a frame based on its URL. // TODO(aa): Extract a UserScriptFrame interface out of this to improve // testability. - bool InjectScripts(WebKit::WebFrame* frame, UserScript::RunLocation location); + void InjectScripts(WebKit::WebFrame* frame, UserScript::RunLocation location); static int GetIsolatedWorldId(const std::string& extension_id); |