diff options
Diffstat (limited to 'chrome/browser')
8 files changed, 64 insertions, 21 deletions
diff --git a/chrome/browser/extensions/extension_function.h b/chrome/browser/extensions/extension_function.h index 02bab68..d763696 100644 --- a/chrome/browser/extensions/extension_function.h +++ b/chrome/browser/extensions/extension_function.h @@ -66,6 +66,15 @@ class ExtensionFunction : public base::RefCounted<ExtensionFunction> { virtual void Run() = 0; protected: + // Gets the extension that called this function. This can return NULL for + // async functions. + Extension* GetExtension() { + if (dispatcher()) + return dispatcher()->GetExtension(); + else + return NULL; + } + // The peer to the dispatcher that will service this extension function call. scoped_refptr<ExtensionFunctionDispatcher::Peer> peer_; diff --git a/chrome/browser/extensions/extension_function_dispatcher.cc b/chrome/browser/extensions/extension_function_dispatcher.cc index 276dd16..36f4192 100644 --- a/chrome/browser/extensions/extension_function_dispatcher.cc +++ b/chrome/browser/extensions/extension_function_dispatcher.cc @@ -251,6 +251,16 @@ ExtensionHost* ExtensionFunctionDispatcher::GetExtensionHost() { return delegate_->GetExtensionHost(); } +Extension* ExtensionFunctionDispatcher::GetExtension() { + ExtensionsService* service = profile()->GetExtensionsService(); + DCHECK(service); + + Extension* extension = service->GetExtensionById(extension_id()); + DCHECK(extension); + + return extension; +} + void ExtensionFunctionDispatcher::HandleRequest(const std::string& name, const std::string& args, int request_id, diff --git a/chrome/browser/extensions/extension_function_dispatcher.h b/chrome/browser/extensions/extension_function_dispatcher.h index 7a47b3f..492c431e 100644 --- a/chrome/browser/extensions/extension_function_dispatcher.h +++ b/chrome/browser/extensions/extension_function_dispatcher.h @@ -13,6 +13,7 @@ #include "googleurl/src/gurl.h" class Browser; +class Extension; class ExtensionFunction; class ExtensionHost; class Profile; @@ -74,6 +75,10 @@ class ExtensionFunctionDispatcher { // tab hosted extension pages, this will return NULL. ExtensionHost* GetExtensionHost(); + // Gets the extension the function is being invoked by. This should not ever + // return NULL. + Extension* GetExtension(); + // Handle a malformed message. Possibly the result of an attack, so kill // the renderer. void HandleBadMessage(ExtensionFunction* api); diff --git a/chrome/browser/extensions/extension_javascript_url_apitest.cc b/chrome/browser/extensions/extension_javascript_url_apitest.cc new file mode 100644 index 0000000..87e4789 --- /dev/null +++ b/chrome/browser/extensions/extension_javascript_url_apitest.cc @@ -0,0 +1,13 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chrome/browser/extensions/extension_apitest.h" + +IN_PROC_BROWSER_TEST_F(ExtensionApiTest, JavaScriptURLPermissions) { + host_resolver()->AddRule("a.com", "127.0.0.1"); + host_resolver()->AddRule("b.com", "127.0.0.1"); + StartHTTPServer(); + + ASSERT_TRUE(RunExtensionTest("javascript_url_permissions")) << message_; +} diff --git a/chrome/browser/extensions/extension_tabs_module.cc b/chrome/browser/extensions/extension_tabs_module.cc index e79c161..01788ea 100644 --- a/chrome/browser/extensions/extension_tabs_module.cc +++ b/chrome/browser/extensions/extension_tabs_module.cc @@ -21,6 +21,7 @@ #include "chrome/browser/window_sizer.h" #include "chrome/common/extensions/extension.h" #include "chrome/common/extensions/extension_error_utils.h" +#include "chrome/common/url_constants.h" #include "net/base/base64.h" #include "skia/ext/image_operations.h" #include "skia/ext/platform_canvas.h" @@ -44,10 +45,6 @@ static bool GetTabById(int tab_id, Profile* profile, Browser** browser, TabContents** contents, int* tab_index, std::string* error_message); -// Construct an absolute path from a relative path. -static GURL AbsolutePath(Profile* profile, const std::string& extension_id, - const std::string& relative_url); - int ExtensionTabUtil::GetWindowId(const Browser* browser) { return browser->session_id().id(); } @@ -471,7 +468,7 @@ bool CreateTabFunction::RunImpl() { url.reset(new GURL(url_string)); if (!url->is_valid()) { // The path as passed in is not valid. Try converting to absolute path. - *url = AbsolutePath(profile(), extension_id(), url_string); + *url = GetExtension()->GetResourceURL(url_string); if (!url->is_valid()) { error_ = ExtensionErrorUtils::FormatErrorMessage(keys::kInvalidUrlError, url_string); @@ -558,7 +555,7 @@ bool UpdateTabFunction::RunImpl() { if (!new_gurl.is_valid()) { // The path as passed in is not valid. Try converting to absolute path. - new_gurl = AbsolutePath(profile(), extension_id(), url); + new_gurl = GetExtension()->GetResourceURL(url); if (!new_gurl.is_valid()) { error_ = ExtensionErrorUtils::FormatErrorMessage(keys::kInvalidUrlError, url); @@ -566,8 +563,26 @@ bool UpdateTabFunction::RunImpl() { } } + // JavaScript URLs can do the same kinds of things as cross-origin XHR, so + // we need to check host permissions before allowing them. + if (new_gurl.SchemeIs(chrome::kJavaScriptScheme)) { + if (!GetExtension()->CanAccessHost(contents->GetURL())) { + error_ = ExtensionErrorUtils::FormatErrorMessage( + keys::kCannotAccessPageError, contents->GetURL().spec()); + return false; + } + + // TODO(aa): How does controller queue URLs? Is there any chance that this + // JavaScript URL will end up applying to something other than + // controller->GetURL()? + } + controller.LoadURL(new_gurl, GURL(), PageTransition::LINK); - DCHECK_EQ(new_gurl.spec(), contents->GetURL().spec()); + + // The URL of a tab contents never actually changes to a JavaScript URL, so + // this check only makes sense in other cases. + if (!new_gurl.SchemeIs(chrome::kJavaScriptScheme)) + DCHECK_EQ(new_gurl.spec(), contents->GetURL().spec()); } bool selected = false; @@ -828,13 +843,6 @@ static Browser* GetBrowserInProfileWithId(Profile* profile, return NULL; } -static GURL AbsolutePath(Profile* profile, const std::string& extension_id, - const std::string& relative_url) { - ExtensionsService* service = profile->GetExtensionsService(); - Extension* extension = service->GetExtensionById(extension_id); - return Extension::GetResourceURL(extension->url(), relative_url); -} - static bool GetTabById(int tab_id, Profile* profile, Browser** browser, TabStripModel** tab_strip, TabContents** contents, diff --git a/chrome/browser/extensions/extension_tabs_module_constants.cc b/chrome/browser/extensions/extension_tabs_module_constants.cc index da73ec6..a143e44 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.cc +++ b/chrome/browser/extensions/extension_tabs_module_constants.cc @@ -42,6 +42,8 @@ const char kInvalidUrlError[] = "Invalid url: \"*\"."; const char kInternalVisibleTabCaptureError[] = "Internal error while trying to capture visible region of the current tab"; const char kNotImplementedError[] = "This call is not yet implemented"; +const char kCannotAccessPageError[] = "Cannot access contents of url \"*\". " + "Extension manifest must request permission to access this host."; const char kGetWindowFunction[] = "windows.get"; const char kGetCurrentWindowFunction[] = "windows.getCurrent"; diff --git a/chrome/browser/extensions/extension_tabs_module_constants.h b/chrome/browser/extensions/extension_tabs_module_constants.h index e6e73a0..574389a 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.h +++ b/chrome/browser/extensions/extension_tabs_module_constants.h @@ -47,6 +47,7 @@ extern const char kNoSelectedTabError[]; extern const char kInvalidUrlError[]; extern const char kInternalVisibleTabCaptureError[]; extern const char kNotImplementedError[]; +extern const char kCannotAccessPageError[]; // Function names, Windows API. extern const char kGetWindowFunction[]; diff --git a/chrome/browser/search_engines/template_url_scraper_unittest.cc b/chrome/browser/search_engines/template_url_scraper_unittest.cc index a93790f..32173d0 100644 --- a/chrome/browser/search_engines/template_url_scraper_unittest.cc +++ b/chrome/browser/search_engines/template_url_scraper_unittest.cc @@ -20,13 +20,6 @@ class TemplateURLScraperTest : public InProcessBrowserTest { TemplateURLScraperTest() { } - protected: - virtual void ConfigureHostResolverProc(net::RuleBasedHostResolverProc* proc) { - InProcessBrowserTest::ConfigureHostResolverProc(proc); - // We use foo.com in our tests. - proc->AddRule("*.foo.com", "localhost"); - } - private: DISALLOW_COPY_AND_ASSIGN(TemplateURLScraperTest); }; @@ -61,6 +54,8 @@ class TemplateURLModelLoader : public NotificationObserver { /* IN_PROC_BROWSER_TEST_F(TemplateURLScraperTest, ScrapeWithOnSubmit) { + host_resolver()->AddRule("*.foo.com", "localhost"); + TemplateURLModel* template_urls = browser()->profile()->GetTemplateURLModel(); TemplateURLModelLoader loader(template_urls); |