From c0cecd1fb74b856db81c03eac8b39078add7e53f Mon Sep 17 00:00:00 2001 From: "jstritar@chromium.org" Date: Thu, 5 Apr 2012 16:50:12 +0000 Subject: Restrict platform app access to WebKit features by modifying JS bindings. BUG=119751 TEST=PlatformAppBrowserTest.* Review URL: http://codereview.chromium.org/9963019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130946 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome/renderer/extensions/extension_dispatcher.cc | 6 ++++ chrome/renderer/renderer_resources.grd | 1 + .../renderer/resources/extensions/platform_app.css | 4 +++ .../renderer/resources/extensions/platform_app.js | 40 ++++++++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 chrome/renderer/resources/extensions/platform_app.js (limited to 'chrome/renderer') diff --git a/chrome/renderer/extensions/extension_dispatcher.cc b/chrome/renderer/extensions/extension_dispatcher.cc index 561cb04..eb320fd 100644 --- a/chrome/renderer/extensions/extension_dispatcher.cc +++ b/chrome/renderer/extensions/extension_dispatcher.cc @@ -527,6 +527,7 @@ void ExtensionDispatcher::PopulateSourceMap() { source_map_.RegisterSource("pageAction", IDR_PAGE_ACTION_CUSTOM_BINDINGS_JS); source_map_.RegisterSource("pageCapture", IDR_PAGE_CAPTURE_CUSTOM_BINDINGS_JS); + source_map_.RegisterSource("platformApp", IDR_PLATFORM_APP_JS); source_map_.RegisterSource("storage", IDR_STORAGE_CUSTOM_BINDINGS_JS); source_map_.RegisterSource("tabs", IDR_TABS_CUSTOM_BINDINGS_JS); source_map_.RegisterSource("tts", IDR_TTS_CUSTOM_BINDINGS_JS); @@ -657,6 +658,11 @@ void ExtensionDispatcher::DidCreateScriptContext( InstallBindings(module_system.get(), v8_context, "extension"); } + // Inject custom JS into the platform app context to block certain features + // of the document and window. + if (extension && extension->is_platform_app()) + module_system->Require("platformApp"); + context->set_module_system(module_system.Pass()); context->DispatchOnLoadEvent( diff --git a/chrome/renderer/renderer_resources.grd b/chrome/renderer/renderer_resources.grd index 08a7a8f..599d2dd 100644 --- a/chrome/renderer/renderer_resources.grd +++ b/chrome/renderer/renderer_resources.grd @@ -22,6 +22,7 @@ without changes to the corresponding grd file. fb9 --> + diff --git a/chrome/renderer/resources/extensions/platform_app.css b/chrome/renderer/resources/extensions/platform_app.css index fddbe16..3216539 100644 --- a/chrome/renderer/resources/extensions/platform_app.css +++ b/chrome/renderer/resources/extensions/platform_app.css @@ -1,4 +1,8 @@ /* + * Copyright (c) 2012 The Chromium Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * * A style sheet for Chrome platform apps. */ diff --git a/chrome/renderer/resources/extensions/platform_app.js b/chrome/renderer/resources/extensions/platform_app.js new file mode 100644 index 0000000..3660a81 --- /dev/null +++ b/chrome/renderer/resources/extensions/platform_app.js @@ -0,0 +1,40 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +var errorMsg = 'Not available for platform apps.'; +var stub = function() { throw errorMsg; }; + +// Disable document.open|close|write. +document.open = stub; +document.close = stub; +document.write = stub; + +// Disable history. +window.history = { + open: stub, + back: stub, + forward: stub, + go: stub, + pushState: stub, + replaceState: stub, + get length() { throw errorMsg; }, + get state() { throw errorMsg; } +}; + +// Disable find. +window.find = stub; + +// Disable modal dialogs. +window.alert = stub; +window.confirm = stub; +window.prompt = stub; + +// Disable window.*bar. +var stubBar = { get visible() { throw errorMsg; } }; +window.locationbar = stubBar; +window.menubar = stubBar; +window.personalbar = stubBar; +window.scrollbars = stubBar; +window.statusbar = stubBar; +window.toolbar = stubBar; -- cgit v1.1