diff options
| author | jamesr@chromium.org <jamesr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-18 09:28:55 +0000 |
|---|---|---|
| committer | jamesr@chromium.org <jamesr@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-18 09:28:55 +0000 |
| commit | be9915fbccfaab301759501d888579976427acfb (patch) | |
| tree | c7072e00db4305cb6b65a33895dbd1dbb47e709a /chrome | |
| parent | acdaa9963d419b7b72bd8201857a23f29f626959 (diff) | |
| download | chromium_src-be9915fbccfaab301759501d888579976427acfb.zip chromium_src-be9915fbccfaab301759501d888579976427acfb.tar.gz chromium_src-be9915fbccfaab301759501d888579976427acfb.tar.bz2 | |
Remove ExtensionURLInfo, make security decisions in render process
When asking if an extension should have access to a given frame, we need to
consider the frame's URL and also if the frame is sandboxed. We check the latter
by asking if the frame's security origin is the unique origin. However, we can
only usefully do this in the render process when examining a frame. In the
browser process or other common code, there's no useful origin to use other than
one that duplicates information in the URL.
This does security checks in the render process before doing any URL-based
lookups and then uses URLs from that point on.
R=abarth, mpcomplete
BUG=259982,237267
Review URL: https://chromiumcodereview.appspot.com/16625012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@212302 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
33 files changed, 143 insertions, 236 deletions
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc index ba3f684..c6f2704 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc @@ -687,8 +687,8 @@ void ChromeContentBrowserClient::GetStoragePartitionConfigForSite( ExtensionService* extension_service = extensions::ExtensionSystem::Get(profile)->extension_service(); if (extension_service) { - extension = extension_service->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(site)); + extension = + extension_service->extensions()->GetExtensionOrAppByURL(site); if (extension && extensions::AppIsolationInfo::HasIsolatedStorage(extension)) { is_isolated = true; @@ -785,8 +785,8 @@ void ChromeContentBrowserClient::GuestWebContentsAttached( return; } const GURL& url = embedder_web_contents->GetSiteInstance()->GetSiteURL(); - const Extension* extension = service->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(url)); + const Extension* extension = + service->extensions()->GetExtensionOrAppByURL(url); if (!extension) { NOTREACHED(); return; @@ -909,7 +909,7 @@ GURL ChromeContentBrowserClient::GetEffectiveURL( return url; const Extension* extension = extension_service->extensions()-> - GetHostedAppByURL(ExtensionURLInfo(url)); + GetHostedAppByURL(url); if (!extension) return url; @@ -950,8 +950,8 @@ bool ChromeContentBrowserClient::ShouldUseProcessPerSite( if (!extension_service) return false; - const Extension* extension = extension_service->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(effective_url)); + const Extension* extension = + extension_service->extensions()->GetExtensionOrAppByURL(effective_url); if (!extension) return false; @@ -1016,7 +1016,7 @@ bool ChromeContentBrowserClient::CanCommitURL( if (!service) return true; const Extension* new_extension = - service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo(url)); + service->extensions()->GetExtensionOrAppByURL(url); if (new_extension && new_extension->is_hosted_app() && new_extension->id() == extension_misc::kWebStoreAppId && @@ -1100,7 +1100,7 @@ bool ChromeContentBrowserClient::ShouldTryToUseExistingProcessHost( // We have to have a valid extension with background page to proceed. const Extension* extension = - service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo(url)); + service->extensions()->GetExtensionOrAppByURL(url); if (!extension) return false; if (!extensions::BackgroundInfo::HasBackgroundPage(extension)) @@ -1175,9 +1175,8 @@ void ChromeContentBrowserClient::SiteInstanceGotProcess( if (!service) return; - const Extension* extension = - service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo( - site_instance->GetSiteURL())); + const Extension* extension = service->extensions()->GetExtensionOrAppByURL( + site_instance->GetSiteURL()); if (!extension) return; @@ -1205,9 +1204,8 @@ void ChromeContentBrowserClient::SiteInstanceDeleting( if (!service) return; - const Extension* extension = - service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(site_instance->GetSiteURL())); + const Extension* extension = service->extensions()->GetExtensionOrAppByURL( + site_instance->GetSiteURL()); if (!extension) return; @@ -1257,7 +1255,7 @@ bool ChromeContentBrowserClient::ShouldSwapProcessesForNavigation( // We must swap if the URL is for an extension and we are not using an // extension process. const Extension* new_extension = - service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo(new_url)); + service->extensions()->GetExtensionOrAppByURL(new_url); // Ignore all hosted apps except the Chrome Web Store, since they do not // require their own BrowsingInstance (e.g., postMessage is ok). if (new_extension && @@ -1279,7 +1277,7 @@ bool ChromeContentBrowserClient::ShouldSwapProcessesForRedirect( ProfileIOData* io_data = ProfileIOData::FromResourceContext(resource_context); return extensions::CrossesExtensionProcessBoundary( io_data->GetExtensionInfoMap()->extensions(), - ExtensionURLInfo(current_url), ExtensionURLInfo(new_url), false); + current_url, new_url, false); } bool ChromeContentBrowserClient::ShouldAssignSiteForURL(const GURL& url) { @@ -1939,8 +1937,8 @@ bool ChromeContentBrowserClient::CanCreateWindow( // because the permission check above would have caused an early return // already. We must use the full URL to find hosted apps, though, and not // just the origin. - const Extension* extension = map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(opener_url)); + const Extension* extension = + map->extensions().GetExtensionOrAppByURL(opener_url); if (extension && !extensions::BackgroundInfo::AllowJSAccess(extension)) *no_javascript_access = true; } @@ -2265,8 +2263,8 @@ bool ChromeContentBrowserClient::SupportsBrowserPlugin( if (!service) return false; - const Extension* extension = service->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(site_url)); + const Extension* extension = + service->extensions()->GetExtensionOrAppByURL(site_url); if (!extension) return false; diff --git a/chrome/browser/chromeos/offline/offline_load_page.cc b/chrome/browser/chromeos/offline/offline_load_page.cc index d752d1d..2a12636 100644 --- a/chrome/browser/chromeos/offline/offline_load_page.cc +++ b/chrome/browser/chromeos/offline/offline_load_page.cc @@ -113,8 +113,7 @@ std::string OfflineLoadPage::GetHTMLContents() { extensions::ExtensionSystem::Get(profile)->extension_service(); // Extension service does not exist in test. if (extensions_service) - extension = extensions_service->extensions()->GetHostedAppByURL( - ExtensionURLInfo(url_)); + extension = extensions_service->extensions()->GetHostedAppByURL(url_); if (extension) GetAppOfflineStrings(extension, &strings); diff --git a/chrome/browser/extensions/extension_function_dispatcher.cc b/chrome/browser/extensions/extension_function_dispatcher.cc index 14e384a..a8a0108 100644 --- a/chrome/browser/extensions/extension_function_dispatcher.cc +++ b/chrome/browser/extensions/extension_function_dispatcher.cc @@ -36,13 +36,11 @@ #include "content/public/common/result_codes.h" #include "ipc/ipc_message.h" #include "ipc/ipc_message_macros.h" -#include "third_party/WebKit/public/web/WebSecurityOrigin.h" #include "webkit/glue/resource_type.h" using extensions::Extension; using extensions::ExtensionAPI; using content::RenderViewHost; -using WebKit::WebSecurityOrigin; namespace { @@ -362,9 +360,7 @@ void ExtensionFunctionDispatcher::DispatchWithCallback( const Extension* extension = service->extensions()->GetByID( params.extension_id); if (!extension) - extension = service->extensions()->GetHostedAppByURL(ExtensionURLInfo( - WebSecurityOrigin::createFromString(params.source_origin), - params.source_url)); + extension = service->extensions()->GetHostedAppByURL(params.source_url); scoped_refptr<ExtensionFunction> function( CreateExtensionFunction(params, extension, diff --git a/chrome/browser/extensions/extension_info_map_unittest.cc b/chrome/browser/extensions/extension_info_map_unittest.cc index c37d13ab..10dace7 100644 --- a/chrome/browser/extensions/extension_info_map_unittest.cc +++ b/chrome/browser/extensions/extension_info_map_unittest.cc @@ -11,15 +11,11 @@ #include "chrome/common/extensions/extension_manifest_constants.h" #include "content/public/test/test_browser_thread.h" #include "testing/gtest/include/gtest/gtest.h" -#include "third_party/WebKit/public/platform/WebString.h" -#include "third_party/WebKit/public/platform/WebURL.h" using content::BrowserThread; using extensions::APIPermission; using extensions::Extension; using extensions::Manifest; -using WebKit::WebSecurityOrigin; -using WebKit::WebString; namespace keys = extension_manifest_keys; @@ -139,8 +135,6 @@ TEST_F(ExtensionInfoMapTest, CheckPermissions) { "tabs_extension.json")); GURL app_url("http://www.google.com/mail/foo.html"); - WebSecurityOrigin app_origin = WebSecurityOrigin::create( - GURL("http://www.google.com/mail/foo.html")); ASSERT_TRUE(app->is_app()); ASSERT_TRUE(app->web_extent().MatchesURL(app_url)); @@ -150,11 +144,10 @@ TEST_F(ExtensionInfoMapTest, CheckPermissions) { // The app should have the notifications permission, either from a // chrome-extension URL or from its web extent. const Extension* match = info_map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(app_origin, app->GetResourceURL("a.html"))); + app->GetResourceURL("a.html")); EXPECT_TRUE(match && match->HasAPIPermission(APIPermission::kNotification)); - match = info_map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(app_origin, app_url)); + match = info_map->extensions().GetExtensionOrAppByURL(app_url); EXPECT_TRUE(match && match->HasAPIPermission(APIPermission::kNotification)); EXPECT_FALSE(match && @@ -162,7 +155,7 @@ TEST_F(ExtensionInfoMapTest, CheckPermissions) { // The extension should have the tabs permission. match = info_map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(app_origin, extension->GetResourceURL("a.html"))); + extension->GetResourceURL("a.html")); EXPECT_TRUE(match && match->HasAPIPermission(APIPermission::kTab)); EXPECT_FALSE(match && @@ -170,14 +163,7 @@ TEST_F(ExtensionInfoMapTest, CheckPermissions) { // Random URL should not have any permissions. GURL evil_url("http://evil.com/a.html"); - match = info_map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(WebSecurityOrigin::create(evil_url), evil_url)); - EXPECT_FALSE(match); - - // Sandboxed origins should not have any permissions. - match = info_map->extensions().GetExtensionOrAppByURL(ExtensionURLInfo( - WebSecurityOrigin::createFromString(WebString::fromUTF8("null")), - app_url)); + match = info_map->extensions().GetExtensionOrAppByURL(evil_url); EXPECT_FALSE(match); } diff --git a/chrome/browser/extensions/extension_process_manager.cc b/chrome/browser/extensions/extension_process_manager.cc index a52418f..ae861fa 100644 --- a/chrome/browser/extensions/extension_process_manager.cc +++ b/chrome/browser/extensions/extension_process_manager.cc @@ -856,8 +856,8 @@ SiteInstance* IncognitoExtensionProcessManager::GetSiteInstanceForURL( const GURL& url) { ExtensionService* service = GetProfile()->GetExtensionService(); if (service) { - const Extension* extension = service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(url)); + const Extension* extension = + service->extensions()->GetExtensionOrAppByURL(url); if (extension && !extensions::IncognitoInfo::IsSplitMode(extension)) { return original_manager_->GetSiteInstanceForURL(url); diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc index 73a7c63..94e6812 100644 --- a/chrome/browser/extensions/extension_service.cc +++ b/chrome/browser/extensions/extension_service.cc @@ -264,8 +264,7 @@ bool ExtensionService::OnExternalExtensionUpdateUrlFound( } const Extension* ExtensionService::GetInstalledApp(const GURL& url) const { - const Extension* extension = extensions_.GetExtensionOrAppByURL( - ExtensionURLInfo(url)); + const Extension* extension = extensions_.GetExtensionOrAppByURL(url); return (extension && extension->is_app()) ? extension : NULL; } @@ -2584,15 +2583,13 @@ const Extension* ExtensionService::GetInstalledExtension( bool ExtensionService::ExtensionBindingsAllowed(const GURL& url) { // Allow bindings for all packaged extensions and component hosted apps. - const Extension* extension = extensions_.GetExtensionOrAppByURL( - ExtensionURLInfo(url)); + const Extension* extension = extensions_.GetExtensionOrAppByURL(url); return extension && (!extension->is_hosted_app() || extension->location() == Manifest::COMPONENT); } bool ExtensionService::ShouldBlockUrlInBrowserTab(GURL* url) { - const Extension* extension = extensions_.GetExtensionOrAppByURL( - ExtensionURLInfo(*url)); + const Extension* extension = extensions_.GetExtensionOrAppByURL(*url); if (extension && extension->is_platform_app()) { *url = GURL(chrome::kExtensionInvalidRequestURL); return true; diff --git a/chrome/browser/extensions/extension_web_ui.cc b/chrome/browser/extensions/extension_web_ui.cc index 3ea194b..40a4deb 100644 --- a/chrome/browser/extensions/extension_web_ui.cc +++ b/chrome/browser/extensions/extension_web_ui.cc @@ -129,7 +129,7 @@ ExtensionWebUI::ExtensionWebUI(content::WebUI* web_ui, const GURL& url) Profile* profile = Profile::FromWebUI(web_ui); ExtensionService* service = profile->GetExtensionService(); const Extension* extension = - service->extensions()->GetExtensionOrAppByURL(ExtensionURLInfo(url)); + service->extensions()->GetExtensionOrAppByURL(url); DCHECK(extension); // The base class defaults to enabling WebUI bindings, but we don't need diff --git a/chrome/browser/extensions/navigation_observer.cc b/chrome/browser/extensions/navigation_observer.cc index f8030e9..3e3bde3 100644 --- a/chrome/browser/extensions/navigation_observer.cc +++ b/chrome/browser/extensions/navigation_observer.cc @@ -59,7 +59,7 @@ void NavigationObserver::PromptToEnableExtensionIfNecessary( ExtensionService* extension_service = extensions::ExtensionSystem::Get(profile_)->extension_service(); const Extension* extension = extension_service->disabled_extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(nav_entry->GetURL())); + GetExtensionOrAppByURL(nav_entry->GetURL()); if (!extension) return; diff --git a/chrome/browser/extensions/tab_helper.cc b/chrome/browser/extensions/tab_helper.cc index cfd07b7..ac7620c 100644 --- a/chrome/browser/extensions/tab_helper.cc +++ b/chrome/browser/extensions/tab_helper.cc @@ -311,11 +311,10 @@ void TabHelper::OnGetAppInstallState(const GURL& requestor_url, const ExtensionSet* extensions = extension_service->extensions(); const ExtensionSet* disabled = extension_service->disabled_extensions(); - ExtensionURLInfo url(requestor_url); std::string state; - if (extensions->GetHostedAppByURL(url)) + if (extensions->GetHostedAppByURL(requestor_url)) state = extension_misc::kAppStateInstalled; - else if (disabled->GetHostedAppByURL(url)) + else if (disabled->GetHostedAppByURL(requestor_url)) state = extension_misc::kAppStateDisabled; else state = extension_misc::kAppStateNotInstalled; diff --git a/chrome/browser/geolocation/chrome_geolocation_permission_context.cc b/chrome/browser/geolocation/chrome_geolocation_permission_context.cc index e81d950..3782602 100644 --- a/chrome/browser/geolocation/chrome_geolocation_permission_context.cc +++ b/chrome/browser/geolocation/chrome_geolocation_permission_context.cc @@ -71,9 +71,7 @@ void ChromeGeolocationPermissionContext::RequestGeolocationPermission( if (extension_service) { const extensions::Extension* extension = extension_service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(WebKit::WebSecurityOrigin::createFromString( - UTF8ToUTF16(requesting_frame.spec())), - requesting_frame)); + requesting_frame); if (IsExtensionWithPermissionOrSuggestInConsole(APIPermission::kGeolocation, extension, profile_)) { diff --git a/chrome/browser/media/media_stream_capture_indicator.cc b/chrome/browser/media/media_stream_capture_indicator.cc index 42598a6..24fcd45 100644 --- a/chrome/browser/media/media_stream_capture_indicator.cc +++ b/chrome/browser/media/media_stream_capture_indicator.cc @@ -55,7 +55,7 @@ const extensions::Extension* GetExtension(WebContents* web_contents) { return NULL; return extension_service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(web_contents->GetURL())); + web_contents->GetURL()); } // Gets the security originator of the tab. It returns a string with no '/' diff --git a/chrome/browser/nacl_host/nacl_file_host.cc b/chrome/browser/nacl_host/nacl_file_host.cc index 18efee9..b24ca23 100644 --- a/chrome/browser/nacl_host/nacl_file_host.cc +++ b/chrome/browser/nacl_host/nacl_file_host.cc @@ -209,8 +209,7 @@ bool GetExtensionFilePath( base::FilePath* file_path) { // Check that the URL is recognized by the extension system. const extensions::Extension* extension = - extension_info_map->extensions().GetExtensionOrAppByURL( - ExtensionURLInfo(file_url)); + extension_info_map->extensions().GetExtensionOrAppByURL(file_url); if (!extension) return false; diff --git a/chrome/browser/nacl_host/nacl_host_message_filter.cc b/chrome/browser/nacl_host/nacl_host_message_filter.cc index 01cc5f8..d67a3b5 100644 --- a/chrome/browser/nacl_host/nacl_host_message_filter.cc +++ b/chrome/browser/nacl_host/nacl_host_message_filter.cc @@ -17,7 +17,7 @@ static base::FilePath GetManifestPath( ExtensionInfoMap* extension_info_map, const std::string& manifest) { GURL manifest_url(manifest); const extensions::Extension* extension = extension_info_map->extensions() - .GetExtensionOrAppByURL(ExtensionURLInfo(manifest_url)); + .GetExtensionOrAppByURL(manifest_url); if (extension != NULL && manifest_url.SchemeIs(extensions::kExtensionScheme)) { std::string path = manifest_url.path(); diff --git a/chrome/browser/notifications/balloon.cc b/chrome/browser/notifications/balloon.cc index 2a73c05..0997212 100644 --- a/chrome/browser/notifications/balloon.cc +++ b/chrome/browser/notifications/balloon.cc @@ -82,9 +82,9 @@ void Balloon::CloseByScript() { } std::string Balloon::GetExtensionId() { - const ExtensionURLInfo url(notification().origin_url()); const ExtensionService* service = profile()->GetExtensionService(); const extensions::Extension* extension = - service->extensions()->GetExtensionOrAppByURL(url); + service->extensions()->GetExtensionOrAppByURL( + notification().origin_url()); return extension ? extension->id() : std::string(); } diff --git a/chrome/browser/notifications/notification_options_menu_model.cc b/chrome/browser/notifications/notification_options_menu_model.cc index 3d2cbea..7a11a1a 100644 --- a/chrome/browser/notifications/notification_options_menu_model.cc +++ b/chrome/browser/notifications/notification_options_menu_model.cc @@ -140,8 +140,7 @@ NotificationOptionsMenuModel::NotificationOptionsMenuModel(Balloon* balloon) ExtensionService* extension_service = balloon_->profile()->GetExtensionService(); const extensions::Extension* extension = - extension_service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(origin)); + extension_service->extensions()->GetExtensionOrAppByURL(origin); // We get back no extension here when we show the notification after // the extension has crashed. if (extension) { @@ -192,8 +191,7 @@ string16 NotificationOptionsMenuModel::GetLabelForCommandId(int command_id) ExtensionService* extension_service = balloon_->profile()->GetExtensionService(); const extensions::Extension* extension = - extension_service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(origin)); + extension_service->extensions()->GetExtensionOrAppByURL(origin); if (extension) { return l10n_util::GetStringUTF16( extension_service->IsExtensionEnabled(extension->id()) ? @@ -251,8 +249,7 @@ void NotificationOptionsMenuModel::ExecuteCommand(int command_id, break; case kToggleExtensionCommand: { const extensions::Extension* extension = - extension_service->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(origin)); + extension_service->extensions()->GetExtensionOrAppByURL(origin); if (extension) { const std::string& id = extension->id(); if (extension_service->IsExtensionEnabled(id)) diff --git a/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.cc b/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.cc index a0d93e6..380b47a 100644 --- a/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.cc +++ b/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.cc @@ -164,8 +164,6 @@ void PepperExtensionsCommonMessageFilter::EnsureDispatcherOwnerInitialized() { return; Profile* profile = profile_manager->GetProfile(profile_directory_); - source_origin_ = WebKit::WebSecurityOrigin::create(document_url_).toString(); - // It will be automatically destroyed when |view_host| goes away. dispatcher_owner_ = new DispatcherOwner(this, profile, view_host); } @@ -187,7 +185,6 @@ void PepperExtensionsCommonMessageFilter::PopulateParams( params->extension_id = document_url_.host(); params->source_url = document_url_; - params->source_origin = source_origin_; // We don't need an ID to map a response to the corresponding request. params->request_id = 0; diff --git a/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.h b/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.h index 832e859..b231123 100644 --- a/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.h +++ b/chrome/browser/renderer_host/pepper/pepper_extensions_common_message_filter.h @@ -105,8 +105,6 @@ class PepperExtensionsCommonMessageFilter DispatcherOwner* dispatcher_owner_; bool dispatcher_owner_initialized_; - base::string16 source_origin_; - DISALLOW_COPY_AND_ASSIGN(PepperExtensionsCommonMessageFilter); }; diff --git a/chrome/browser/tab_contents/tab_util.cc b/chrome/browser/tab_contents/tab_util.cc index 9d82f22..fae1201 100644 --- a/chrome/browser/tab_contents/tab_util.cc +++ b/chrome/browser/tab_contents/tab_util.cc @@ -38,7 +38,7 @@ SiteInstance* GetSiteInstanceForNewTab(Profile* profile, if (ChromeWebUIControllerFactory::GetInstance()->UseWebUIForURL( profile, url) || (service && - service->extensions()->GetHostedAppByURL(ExtensionURLInfo(url)))) { + service->extensions()->GetHostedAppByURL(url))) { return SiteInstance::CreateForURL(profile, url); } diff --git a/chrome/browser/ui/app_modal_dialogs/javascript_dialog_manager.cc b/chrome/browser/ui/app_modal_dialogs/javascript_dialog_manager.cc index fc3cc463..965281b 100644 --- a/chrome/browser/ui/app_modal_dialogs/javascript_dialog_manager.cc +++ b/chrome/browser/ui/app_modal_dialogs/javascript_dialog_manager.cc @@ -251,7 +251,7 @@ string16 ChromeJavaScriptDialogManager::GetTitle(const GURL& origin_url, if (extension_host_) { const extensions::Extension* extension = extension_host_-> profile()->GetExtensionService()->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(origin_url)); + GetExtensionOrAppByURL(origin_url); if (extension) { return UTF8ToUTF16(base::StringPiece(extension->name())); } diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc index 1f261a5..2d49f99 100644 --- a/chrome/browser/ui/browser.cc +++ b/chrome/browser/ui/browser.cc @@ -2211,8 +2211,7 @@ bool Browser::MaybeCreateBackgroundContents(int route_id, // permission as that is checked in RenderMessageFilter when the CreateWindow // message is processed. const Extension* extension = - extensions_service->extensions()->GetHostedAppByURL( - ExtensionURLInfo(opener_url)); + extensions_service->extensions()->GetHostedAppByURL(opener_url); if (!extension) return false; diff --git a/chrome/browser/ui/fullscreen/fullscreen_exit_bubble_type.cc b/chrome/browser/ui/fullscreen/fullscreen_exit_bubble_type.cc index 6c06423..9cd835d 100644 --- a/chrome/browser/ui/fullscreen/fullscreen_exit_bubble_type.cc +++ b/chrome/browser/ui/fullscreen/fullscreen_exit_bubble_type.cc @@ -23,7 +23,7 @@ string16 GetLabelTextForType(FullscreenExitBubbleType type, const ExtensionSet* extensions = extension_service->extensions(); DCHECK(extensions); const extensions::Extension* extension = - extensions->GetExtensionOrAppByURL(ExtensionURLInfo(url)); + extensions->GetExtensionOrAppByURL(url); if (extension) { host = UTF8ToUTF16(extension->name()); } else if (url.SchemeIs(extensions::kExtensionScheme)) { @@ -130,4 +130,4 @@ void PermissionRequestedByType(FullscreenExitBubbleType type, } } -} // namespace +} // namespace fullscreen_bubble diff --git a/chrome/common/extensions/extension_messages.h b/chrome/common/extensions/extension_messages.h index 37dbfdc..9403e29 100644 --- a/chrome/common/extensions/extension_messages.h +++ b/chrome/common/extensions/extension_messages.h @@ -80,9 +80,6 @@ IPC_STRUCT_BEGIN(ExtensionHostMsg_Request_Params) // extension. Or, they can originate from hosted apps or normal web pages. IPC_STRUCT_MEMBER(GURL, source_url) - // Web security origin of the frame the request was sent from. - IPC_STRUCT_MEMBER(string16, source_origin) - // Unique request id to match requests and responses. IPC_STRUCT_MEMBER(int, request_id) diff --git a/chrome/common/extensions/extension_process_policy.cc b/chrome/common/extensions/extension_process_policy.cc index b38f397..cb938ee 100644 --- a/chrome/common/extensions/extension_process_policy.cc +++ b/chrome/common/extensions/extension_process_policy.cc @@ -11,7 +11,7 @@ namespace extensions { const extensions::Extension* GetNonBookmarkAppExtension( - const ExtensionSet& extensions, const ExtensionURLInfo& url) { + const ExtensionSet& extensions, const GURL& url) { // Exclude bookmark apps, which do not use the app process model. const extensions::Extension* extension = extensions.GetExtensionOrAppByURL(url); @@ -22,8 +22,8 @@ const extensions::Extension* GetNonBookmarkAppExtension( bool CrossesExtensionProcessBoundary( const ExtensionSet& extensions, - const ExtensionURLInfo& old_url, - const ExtensionURLInfo& new_url, + const GURL& old_url, + const GURL& new_url, bool should_consider_workaround) { const extensions::Extension* old_url_extension = GetNonBookmarkAppExtension( extensions, diff --git a/chrome/common/extensions/extension_process_policy.h b/chrome/common/extensions/extension_process_policy.h index 19ad254..7231c0f 100644 --- a/chrome/common/extensions/extension_process_policy.h +++ b/chrome/common/extensions/extension_process_policy.h @@ -6,7 +6,7 @@ #define CHROME_COMMON_EXTENSIONS_EXTENSION_PROCESS_POLICY_H_ class ExtensionSet; -class ExtensionURLInfo; +class GURL; namespace extensions { @@ -15,7 +15,7 @@ class Extension; // Returns the extension for the given URL. Excludes extension objects for // bookmark apps, which do not use the app process model. const Extension* GetNonBookmarkAppExtension(const ExtensionSet& extensions, - const ExtensionURLInfo& url); + const GURL& url); // Check if navigating a toplevel page from |old_url| to |new_url| would cross // an extension process boundary (e.g. navigating from a web URL into an @@ -25,8 +25,8 @@ const Extension* GetNonBookmarkAppExtension(const ExtensionSet& extensions, // http://crbug.com/59285. bool CrossesExtensionProcessBoundary( const ExtensionSet& extensions, - const ExtensionURLInfo& old_url, - const ExtensionURLInfo& new_url, + const GURL& old_url, + const GURL& new_url, bool should_consider_workaround); } // namespace extensions diff --git a/chrome/common/extensions/extension_set.cc b/chrome/common/extensions/extension_set.cc index ee538bf..5c6861c 100644 --- a/chrome/common/extensions/extension_set.cc +++ b/chrome/common/extensions/extension_set.cc @@ -11,19 +11,8 @@ #include "chrome/common/url_constants.h" #include "extensions/common/constants.h" -using WebKit::WebSecurityOrigin; using extensions::Extension; -ExtensionURLInfo::ExtensionURLInfo(WebSecurityOrigin origin, const GURL& url) - : origin_(origin), - url_(url) { - DCHECK(!origin_.isNull()); -} - -ExtensionURLInfo::ExtensionURLInfo(const GURL& url) - : url_(url) { -} - ExtensionSet::const_iterator::const_iterator() {} ExtensionSet::const_iterator::const_iterator(const const_iterator& other) @@ -75,41 +64,28 @@ void ExtensionSet::Clear() { extensions_.clear(); } -std::string ExtensionSet::GetExtensionOrAppIDByURL( - const ExtensionURLInfo& info) const { - DCHECK(!info.origin().isNull()); - - if (info.url().SchemeIs(extensions::kExtensionScheme)) - return info.origin().isUnique() ? std::string() : info.url().host(); +std::string ExtensionSet::GetExtensionOrAppIDByURL(const GURL& url) const { + if (url.SchemeIs(extensions::kExtensionScheme)) + return url.host(); - const Extension* extension = GetExtensionOrAppByURL(info); + const Extension* extension = GetExtensionOrAppByURL(url); if (!extension) return std::string(); return extension->id(); } -const Extension* ExtensionSet::GetExtensionOrAppByURL( - const ExtensionURLInfo& info) const { - // In the common case, the document's origin will correspond to its URL, - // but in some rare cases involving sandboxing, the two will be different. - // We catch those cases by checking whether the document's origin is unique. - // If that's not the case, then we conclude that the document's security - // context is well-described by its URL and proceed to use only the URL. - if (!info.origin().isNull() && info.origin().isUnique()) - return NULL; - - if (info.url().SchemeIs(extensions::kExtensionScheme)) - return GetByID(info.url().host()); +const Extension* ExtensionSet::GetExtensionOrAppByURL(const GURL& url) const { + if (url.SchemeIs(extensions::kExtensionScheme)) + return GetByID(url.host()); - return GetHostedAppByURL(info); + return GetHostedAppByURL(url); } -const Extension* ExtensionSet::GetHostedAppByURL( - const ExtensionURLInfo& info) const { +const Extension* ExtensionSet::GetHostedAppByURL(const GURL& url) const { for (ExtensionMap::const_iterator iter = extensions_.begin(); iter != extensions_.end(); ++iter) { - if (iter->second->web_extent().MatchesURL(info.url())) + if (iter->second->web_extent().MatchesURL(url)) return iter->second.get(); } @@ -129,8 +105,8 @@ const Extension* ExtensionSet::GetHostedAppByOverlappingWebExtent( bool ExtensionSet::InSameExtent(const GURL& old_url, const GURL& new_url) const { - return GetExtensionOrAppByURL(ExtensionURLInfo(old_url)) == - GetExtensionOrAppByURL(ExtensionURLInfo(new_url)); + return GetExtensionOrAppByURL(old_url) == + GetExtensionOrAppByURL(new_url); } const Extension* ExtensionSet::GetByID(const std::string& id) const { @@ -150,31 +126,16 @@ std::set<std::string> ExtensionSet::GetIDs() const { return ids; } -bool ExtensionSet::ExtensionBindingsAllowed( - const ExtensionURLInfo& info) const { - if (info.origin().isUnique() || IsSandboxedPage(info)) - return false; - - if (info.url().SchemeIs(extensions::kExtensionScheme)) +bool ExtensionSet::ExtensionBindingsAllowed(const GURL& url) const { + if (url.SchemeIs(extensions::kExtensionScheme)) return true; ExtensionMap::const_iterator i = extensions_.begin(); for (; i != extensions_.end(); ++i) { if (i->second->location() == extensions::Manifest::COMPONENT && - i->second->web_extent().MatchesURL(info.url())) + i->second->web_extent().MatchesURL(url)) return true; } return false; } - -bool ExtensionSet::IsSandboxedPage(const ExtensionURLInfo& info) const { - if (info.url().SchemeIs(extensions::kExtensionScheme)) { - const Extension* extension = GetByID(info.url().host()); - if (extension) { - return extensions::SandboxedPageInfo::IsSandboxedPage(extension, - info.url().path()); - } - } - return false; -} diff --git a/chrome/common/extensions/extension_set.h b/chrome/common/extensions/extension_set.h index 34a39f3..e07a629 100644 --- a/chrome/common/extensions/extension_set.h +++ b/chrome/common/extensions/extension_set.h @@ -12,31 +12,8 @@ #include "base/gtest_prod_util.h" #include "base/memory/ref_counted.h" #include "chrome/common/extensions/extension.h" -#include "third_party/WebKit/public/web/WebSecurityOrigin.h" #include "url/gurl.h" -class ExtensionURLInfo { - public: - // The extension system uses both a document's origin and its URL to - // grant permissions. Ideally, we would use only the origin, but because - // the web extent of a hosted app can be less than an entire origin, we - // take the URL into account as well - ExtensionURLInfo(WebKit::WebSecurityOrigin origin, const GURL& url); - - // WARNING! Using this constructor can miss important security checks if - // you're trying to find a running extension. For example, if the - // URL in question is being rendered inside an iframe sandbox, then - // we might incorrectly grant it access to powerful extension APIs. - explicit ExtensionURLInfo(const GURL& url); - - const WebKit::WebSecurityOrigin& origin() const { return origin_; } - const GURL& url() const { return url_; } - - private: - WebKit::WebSecurityOrigin origin_; - GURL url_; -}; - // The one true extension container. Extensions are identified by their id. // Only one extension can be in the set with a given ID. class ExtensionSet { @@ -102,19 +79,17 @@ class ExtensionSet { // Returns the extension ID, or empty if none. This includes web URLs that // are part of an extension's web extent. - std::string GetExtensionOrAppIDByURL(const ExtensionURLInfo& info) const; + std::string GetExtensionOrAppIDByURL(const GURL& url) const; // Returns the Extension, or NULL if none. This includes web URLs that are // part of an extension's web extent. // NOTE: This can return NULL if called before UpdateExtensions receives // bulk extension data (e.g. if called from // EventBindings::HandleContextCreated) - const extensions::Extension* GetExtensionOrAppByURL( - const ExtensionURLInfo& info) const; + const extensions::Extension* GetExtensionOrAppByURL(const GURL& url) const; // Returns the hosted app whose web extent contains the URL. - const extensions::Extension* GetHostedAppByURL( - const ExtensionURLInfo& info) const; + const extensions::Extension* GetHostedAppByURL(const GURL& url) const; // Returns a hosted app that contains any URL that overlaps with the given // extent, if one exists. @@ -134,11 +109,7 @@ class ExtensionSet { // Returns true if |info| should get extension api bindings and be permitted // to make api calls. Note that this is independent of what extension // permissions the given extension has been granted. - bool ExtensionBindingsAllowed(const ExtensionURLInfo& info) const; - - // Returns true if |info| is an extension page that is to be served in a - // unique sandboxed origin. - bool IsSandboxedPage(const ExtensionURLInfo& info) const; + bool ExtensionBindingsAllowed(const GURL& url) const; private: FRIEND_TEST_ALL_PREFIXES(ExtensionSetTest, ExtensionSet); diff --git a/chrome/common/extensions/extension_set_unittest.cc b/chrome/common/extensions/extension_set_unittest.cc index 36dc7ea..84a9ae3 100644 --- a/chrome/common/extensions/extension_set_unittest.cc +++ b/chrome/common/extensions/extension_set_unittest.cc @@ -83,19 +83,19 @@ TEST(ExtensionSetTest, ExtensionSet) { // Get extension by its chrome-extension:// URL EXPECT_EQ(ext2, extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(ext2->GetResourceURL("test.html")))); + ext2->GetResourceURL("test.html"))); EXPECT_EQ(ext3, extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(ext3->GetResourceURL("test.html")))); + ext3->GetResourceURL("test.html"))); EXPECT_EQ(ext4, extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(ext4->GetResourceURL("test.html")))); + ext4->GetResourceURL("test.html"))); // Get extension by web extent. EXPECT_EQ(ext2, extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(GURL("http://code.google.com/p/chromium/monkey")))); + GURL("http://code.google.com/p/chromium/monkey"))); EXPECT_EQ(ext3, extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(GURL("http://dev.chromium.org/design-docs/")))); + GURL("http://dev.chromium.org/design-docs/"))); EXPECT_FALSE(extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(GURL("http://blog.chromium.org/")))); + GURL("http://blog.chromium.org/"))); // Test InSameExtent(). EXPECT_TRUE(extensions.InSameExtent( diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc index 79d57a7..e17227a 100644 --- a/chrome/renderer/chrome_content_renderer_client.cc +++ b/chrome/renderer/chrome_content_renderer_client.cc @@ -617,7 +617,7 @@ WebPlugin* ChromeContentRendererClient::CreatePlugin( } const Extension* extension = g_current_client->extension_dispatcher_->extensions()-> - GetExtensionOrAppByURL(ExtensionURLInfo(manifest_url)); + GetExtensionOrAppByURL(manifest_url); if (!IsNaClAllowed(manifest_url, app_url, is_nacl_unrestricted, @@ -860,7 +860,7 @@ void ChromeContentRendererClient::GetNavigationErrorStrings( if (failed_url.is_valid() && !failed_url.SchemeIs(extensions::kExtensionScheme)) { extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(failed_url)); + failed_url); } bool is_post = EqualsASCII(failed_request.httpMethod(), "POST"); @@ -961,7 +961,7 @@ bool ChromeContentRendererClient::ShouldFork(WebFrame* frame, // Determine if the new URL is an extension (excluding bookmark apps). const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension( - *extensions, ExtensionURLInfo(url)); + *extensions, url); bool is_extension_url = !!new_url_extension; // If the navigation would cross an app extent boundary, we also need @@ -978,8 +978,7 @@ bool ChromeContentRendererClient::ShouldFork(WebFrame* frame, *send_referrer = true; const Extension* extension = - extension_dispatcher_->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(url)); + extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url); if (extension && extension->is_app()) { UMA_HISTOGRAM_ENUMERATION( extension->is_platform_app() ? @@ -1140,11 +1139,10 @@ bool ChromeContentRendererClient::CrossesExtensionExtents( // in an extension process, we want to keep it in process to allow the // opener to script it. WebDocument opener_document = frame->opener()->document(); - GURL opener_url = opener_document.url(); - WebSecurityOrigin opener_origin = opener_document.securityOrigin(); - bool opener_is_extension_url = !!extensions.GetExtensionOrAppByURL( - ExtensionURLInfo(opener_origin, opener_url)); WebSecurityOrigin opener = frame->opener()->document().securityOrigin(); + bool opener_is_extension_url = + !opener.isUnique() && extensions.GetExtensionOrAppByURL( + opener_document.url()) != NULL; if (!is_extension_url && !opener_is_extension_url && extension_dispatcher_->is_extension_process() && @@ -1163,8 +1161,7 @@ bool ChromeContentRendererClient::CrossesExtensionExtents( bool should_consider_workaround = !!frame->opener(); return extensions::CrossesExtensionProcessBoundary( - extensions, ExtensionURLInfo(old_url), ExtensionURLInfo(new_url), - should_consider_workaround); + extensions, old_url, new_url, should_consider_workaround); } void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) { diff --git a/chrome/renderer/extensions/app_bindings.cc b/chrome/renderer/extensions/app_bindings.cc index 8f07ed2..268727a 100644 --- a/chrome/renderer/extensions/app_bindings.cc +++ b/chrome/renderer/extensions/app_bindings.cc @@ -119,10 +119,13 @@ void AppBindings::GetDetailsForFrame( v8::Handle<v8::Value> AppBindings::GetDetailsForFrameImpl( WebFrame* frame) { + if (frame->document().securityOrigin().isUnique()) + return v8::Null(); + const Extension* extension = dispatcher_->extensions()->GetExtensionOrAppByURL( - ExtensionURLInfo(frame->document().securityOrigin(), - frame->document().url())); + frame->document().url()); + if (!extension) return v8::Null(); @@ -166,11 +169,11 @@ void AppBindings::GetRunningState( // The app associated with the top level frame. const Extension* parent_app = extensions->GetHostedAppByURL( - ExtensionURLInfo(parent_frame->document().url())); + parent_frame->document().url()); // The app associated with this frame. - const Extension* this_app = extensions->GetHostedAppByURL(ExtensionURLInfo( - context()->web_frame()->document().url())); + const Extension* this_app = extensions->GetHostedAppByURL( + context()->web_frame()->document().url()); if (!this_app || !parent_app) { args.GetReturnValue().Set( diff --git a/chrome/renderer/extensions/dispatcher.cc b/chrome/renderer/extensions/dispatcher.cc index f8d9094..9db8cab 100644 --- a/chrome/renderer/extensions/dispatcher.cc +++ b/chrome/renderer/extensions/dispatcher.cc @@ -24,6 +24,7 @@ #include "chrome/common/extensions/features/feature.h" #include "chrome/common/extensions/manifest.h" #include "chrome/common/extensions/manifest_handlers/externally_connectable.h" +#include "chrome/common/extensions/manifest_handlers/sandboxed_page_info.h" #include "chrome/common/extensions/message_bundle.h" #include "chrome/common/extensions/permissions/permission_set.h" #include "chrome/common/extensions/permissions/permissions_data.h" @@ -73,6 +74,7 @@ #include "content/public/renderer/render_thread.h" #include "content/public/renderer/render_view.h" #include "content/public/renderer/v8_value_converter.h" +#include "extensions/common/constants.h" #include "extensions/common/view_type.h" #include "grit/common_resources.h" #include "grit/renderer_resources.h" @@ -1015,11 +1017,10 @@ void Dispatcher::DidCreateScriptContext( extension_id = ""; } - ExtensionURLInfo url_info(frame->document().securityOrigin(), - UserScriptSlave::GetDataSourceURLForFrame(frame)); - - Feature::Context context_type = - ClassifyJavaScriptContext(extension_id, extension_group, url_info); + Feature::Context context_type = ClassifyJavaScriptContext( + extension_id, extension_group, + UserScriptSlave::GetDataSourceURLForFrame(frame), + frame->document().securityOrigin()); ChromeV8Context* context = new ChromeV8Context(v8_context, frame, extension, context_type); @@ -1127,18 +1128,18 @@ std::string Dispatcher::GetExtensionID(const WebFrame* frame, int world_id) { return user_script_slave_->GetExtensionIdForIsolatedWorld(world_id); } + // TODO(kalman): Delete this check. + if (frame->document().securityOrigin().isUnique()) + return std::string(); + // Extension pages (chrome-extension:// URLs). GURL frame_url = UserScriptSlave::GetDataSourceURLForFrame(frame); - return extensions_.GetExtensionOrAppIDByURL( - ExtensionURLInfo(frame->document().securityOrigin(), frame_url)); + return extensions_.GetExtensionOrAppIDByURL(frame_url); } bool Dispatcher::IsWithinPlatformApp(const WebFrame* frame) { - // We intentionally don't use the origin parameter for ExtensionURLInfo since - // it would be empty (i.e. unique) for sandboxed resources and thus not match. - ExtensionURLInfo url_info( - UserScriptSlave::GetDataSourceURLForFrame(frame->top())); - const Extension* extension = extensions_.GetExtensionOrAppByURL(url_info); + GURL url(UserScriptSlave::GetDataSourceURLForFrame(frame->top())); + const Extension* extension = extensions_.GetExtensionOrAppByURL(url); return extension && extension->is_platform_app(); } @@ -1375,10 +1376,25 @@ void Dispatcher::OnCancelSuspend(const std::string& extension_id) { DispatchEvent(extension_id, kOnSuspendCanceledEvent); } +// TODO(kalman): This is checking for the wrong thing, it should be checking if +// the frame's security origin is unique. The extension sandbox directive is +// checked for in chrome/common/extensions/csp_handler.cc. +bool Dispatcher::IsSandboxedPage(const GURL& url) const { + if (url.SchemeIs(extensions::kExtensionScheme)) { + const Extension* extension = extensions_.GetByID(url.host()); + if (extension) { + return extensions::SandboxedPageInfo::IsSandboxedPage(extension, + url.path()); + } + } + return false; +} + Feature::Context Dispatcher::ClassifyJavaScriptContext( const std::string& extension_id, int extension_group, - const ExtensionURLInfo& url_info) { + const GURL& url, + const WebKit::WebSecurityOrigin& origin) { DCHECK_GE(extension_group, 0); if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS) { return extensions_.Contains(extension_id) ? @@ -1391,20 +1407,22 @@ Feature::Context Dispatcher::ClassifyJavaScriptContext( // the extension is considered active. // 2. ScriptContext creation (which triggers bindings injection) happens // before the SecurityContext is updated with the sandbox flags (after - // reading the CSP header), so url_info.url().securityOrigin() is not - // unique yet. - if (extensions_.IsSandboxedPage(url_info)) + // reading the CSP header), so the caller can't check if the context's + // security origin is unique yet. + if (IsSandboxedPage(url)) return Feature::WEB_PAGE_CONTEXT; if (IsExtensionActive(extension_id)) return Feature::BLESSED_EXTENSION_CONTEXT; - if (extensions_.ExtensionBindingsAllowed(url_info)) { + // TODO(kalman): This isUnique() check is wrong, it should be performed as + // part of IsSandboxedPage(). + if (!origin.isUnique() && extensions_.ExtensionBindingsAllowed(url)) { return extensions_.Contains(extension_id) ? Feature::UNBLESSED_EXTENSION_CONTEXT : Feature::UNSPECIFIED_CONTEXT; } - if (url_info.url().is_valid()) + if (url.is_valid()) return Feature::WEB_PAGE_CONTEXT; return Feature::UNSPECIFIED_CONTEXT; @@ -1433,9 +1451,7 @@ bool Dispatcher::CheckContextAccessToExtensionAPI( // Theoretically we could end up with bindings being injected into sandboxed // frames, for example content scripts. Don't let them execute API functions. WebKit::WebFrame* frame = context->web_frame(); - ExtensionURLInfo url_info(frame->document().securityOrigin(), - UserScriptSlave::GetDataSourceURLForFrame(frame)); - if (extensions_.IsSandboxedPage(url_info)) { + if (IsSandboxedPage(UserScriptSlave::GetDataSourceURLForFrame(frame))) { static const char kMessage[] = "%s cannot be used within a sandboxed frame."; std::string error_msg = base::StringPrintf(kMessage, function_name.c_str()); diff --git a/chrome/renderer/extensions/dispatcher.h b/chrome/renderer/extensions/dispatcher.h index a341369..b43067d 100644 --- a/chrome/renderer/extensions/dispatcher.h +++ b/chrome/renderer/extensions/dispatcher.h @@ -31,6 +31,7 @@ struct ExtensionMsg_Loaded_Params; namespace WebKit { class WebFrame; +class WebSecurityOrigin; } namespace base { @@ -230,10 +231,14 @@ class Dispatcher : public content::RenderProcessObserver { // are not in the same origin). bool IsWithinPlatformApp(const WebKit::WebFrame* frame); + bool IsSandboxedPage(const GURL& url) const; + // Returns the Feature::Context type of context for a JavaScript context. - Feature::Context ClassifyJavaScriptContext(const std::string& extension_id, - int extension_group, - const ExtensionURLInfo& url_info); + Feature::Context ClassifyJavaScriptContext( + const std::string& extension_id, + int extension_group, + const GURL& url, + const WebKit::WebSecurityOrigin& origin); // Gets |field| from |object| or creates it as an empty object if it doesn't // exist. diff --git a/chrome/renderer/extensions/request_sender.cc b/chrome/renderer/extensions/request_sender.cc index 1c2cc0f..02ddac0 100644 --- a/chrome/renderer/extensions/request_sender.cc +++ b/chrome/renderer/extensions/request_sender.cc @@ -11,7 +11,6 @@ #include "content/public/renderer/render_view.h" #include "third_party/WebKit/public/web/WebDocument.h" #include "third_party/WebKit/public/web/WebFrame.h" -#include "third_party/WebKit/public/web/WebSecurityOrigin.h" #include "third_party/WebKit/public/web/WebUserGestureIndicator.h" namespace extensions { @@ -81,12 +80,8 @@ void RequestSender::StartRequest(Source* source, return; GURL source_url; - WebKit::WebSecurityOrigin source_origin; - WebKit::WebFrame* webframe = context->web_frame(); - if (webframe) { + if (WebKit::WebFrame* webframe = context->web_frame()) source_url = webframe->document().url(); - source_origin = webframe->document().securityOrigin(); - } InsertRequest(request_id, new PendingRequest(name, source)); @@ -95,7 +90,6 @@ void RequestSender::StartRequest(Source* source, params.arguments.Swap(value_args); params.extension_id = context->GetExtensionID(); params.source_url = source_url; - params.source_origin = source_origin.toString(); params.request_id = request_id; params.has_callback = has_callback; params.user_gesture = diff --git a/chrome/renderer/extensions/resource_request_policy.cc b/chrome/renderer/extensions/resource_request_policy.cc index 002bb46..f82e972 100644 --- a/chrome/renderer/extensions/resource_request_policy.cc +++ b/chrome/renderer/extensions/resource_request_policy.cc @@ -39,7 +39,7 @@ bool ResourceRequestPolicy::CanRequestResource( CHECK(resource_url.SchemeIs(extensions::kExtensionScheme)); const Extension* extension = - loaded_extensions->GetExtensionOrAppByURL(ExtensionURLInfo(resource_url)); + loaded_extensions->GetExtensionOrAppByURL(resource_url); if (!extension) { // Allow the load in the case of a non-existent extension. We'll just get a // 404 from the browser process. |