diff options
| author | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-30 18:28:39 +0000 |
|---|---|---|
| committer | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-30 18:28:39 +0000 |
| commit | c1abb3237596e83cc12639d5b9e7607b67ae77f2 (patch) | |
| tree | 4696ac8ad2d52243324f89fd2f238669785541e2 /extensions/common/features | |
| parent | 056fb8baa877888f0996eb5283721f1dbf2b5fb4 (diff) | |
| download | chromium_src-c1abb3237596e83cc12639d5b9e7607b67ae77f2.zip chromium_src-c1abb3237596e83cc12639d5b9e7607b67ae77f2.tar.gz chromium_src-c1abb3237596e83cc12639d5b9e7607b67ae77f2.tar.bz2 | |
Allow restricting WebUI-enabled extension APIs to URL patterns.
BUG=391944
R=rockot@chromium.org, jschuh@chromium.org
Review URL: https://codereview.chromium.org/422433005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@286564 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'extensions/common/features')
| -rw-r--r-- | extensions/common/features/simple_feature.cc | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/extensions/common/features/simple_feature.cc b/extensions/common/features/simple_feature.cc index bdf8fae..e623bcf 100644 --- a/extensions/common/features/simple_feature.cc +++ b/extensions/common/features/simple_feature.cc @@ -291,8 +291,8 @@ std::string SimpleFeature::Parse(const base::DictionaryValue* value) { &component_extensions_auto_granted_); // NOTE: ideally we'd sanity check that "matches" can be specified if and - // only if there's a "web_page" context, but without (Simple)Features being - // aware of their own heirarchy this is impossible. + // only if there's a "web_page" or "webui" context, but without + // (Simple)Features being aware of their own heirarchy this is impossible. // // For example, we might have feature "foo" available to "web_page" context // and "matches" google.com/*. Then a sub-feature "foo.bar" might override @@ -402,8 +402,13 @@ Feature::Availability SimpleFeature::IsAvailableToContext( if (!contexts_.empty() && contexts_.find(context) == contexts_.end()) return CreateAvailability(INVALID_CONTEXT, context); - if (context == WEB_PAGE_CONTEXT && !matches_.MatchesURL(url)) + // TODO(kalman): Consider checking |matches_| regardless of context type. + // Fewer surprises, and if the feature configuration wants to isolate + // "matches" from say "blessed_extension" then they can use complex features. + if ((context == WEB_PAGE_CONTEXT || context == WEBUI_CONTEXT) && + !matches_.MatchesURL(url)) { return CreateAvailability(INVALID_URL, url); + } for (FilterList::const_iterator filter_iter = filters_.begin(); filter_iter != filters_.end(); @@ -414,6 +419,8 @@ Feature::Availability SimpleFeature::IsAvailableToContext( return availability; } + // TODO(kalman): Assert that if the context was a webpage or WebUI context + // then at some point a "matches" restriction was checked. return CheckDependencies(base::Bind( &IsAvailableToContextForBind, extension, context, url, platform)); } |