From 1adff06dc95bd50ac0d6973be2316a3b08f46090 Mon Sep 17 00:00:00 2001
From: "mpcomplete@google.com"
 <mpcomplete@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 2 Jun 2009 18:39:55 +0000
Subject: Add some browser-level checks to prohibit access to extension
 bindings by non-extension renderers.  Also add a check so that bindings are
 only exposed if the top-level frame is the chrome-extension scheme.

BUG=11545
BUG=11993
TEST=none
Review URL: http://codereview.chromium.org/119014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17408 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/port/bindings/v8/v8_proxy.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'webkit/port')

diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp
index 30fcf09..dcc2092 100644
--- a/webkit/port/bindings/v8/v8_proxy.cpp
+++ b/webkit/port/bindings/v8/v8_proxy.cpp
@@ -2027,7 +2027,8 @@ v8::Persistent<v8::Context> V8Proxy::createNewContext(
         // because we might be currently loading an URL into a blank page.
         // See http://code.google.com/p/chromium/issues/detail?id=10924
         if (it->scheme.length() > 0 &&
-            it->scheme != m_frame->loader()->activeDocumentLoader()->url().protocol())
+            (it->scheme != m_frame->loader()->activeDocumentLoader()->url().protocol() ||
+             it->scheme != m_frame->page()->mainFrame()->loader()->activeDocumentLoader()->url().protocol()))
             continue;
 
         extensionNames[index++] = it->extension->name();
-- 
cgit v1.1