Add some browser-level checks to prohibit access to extension bindings by

non-extension renderers.  Also add a check so that bindings are only exposed
if the top-level frame is the chrome-extension scheme.

BUG=11545
BUG=11993
TEST=none
Review URL: http://codereview.chromium.org/119014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17408 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 2 insertions, 1 deletions

diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp
index 30fcf09..dcc2092 100644
--- a/webkit/port/bindings/v8/v8_proxy.cpp
+++ b/webkit/port/bindings/v8/v8_proxy.cpp
@@ -2027,7 +2027,8 @@ v8::Persistent<v8::Context> V8Proxy::createNewContext(
         // because we might be currently loading an URL into a blank page.
         // See http://code.google.com/p/chromium/issues/detail?id=10924
         if (it->scheme.length() > 0 &&
-            it->scheme != m_frame->loader()->activeDocumentLoader()->url().protocol())
+            (it->scheme != m_frame->loader()->activeDocumentLoader()->url().protocol() ||
+             it->scheme != m_frame->page()->mainFrame()->loader()->activeDocumentLoader()->url().protocol()))
             continue;
 
         extensionNames[index++] = it->extension->name();