Issue 10407017: Convert RSS extension to use manifest version 2 (with CSP protection).

Issue 10407017: Convert RSS extension to use manifest version 2 (with CSP protection). (Closed)

Created:
8 years, 7 months ago by Finnur

Modified:
8 years, 7 months ago

Reviewers:
abarth-chromium

CC:
chromium-reviews, Aaron Boodman, mihaip-chromium-reviews_chromium.org, Mike West

Base URL:
svn://svn.chromium.org/chrome/trunk/src/

Visibility:
Public.

More Reviews

Description

Convert RSS extension to use manifest version 2 (with CSP protection). Also filter out unwanted protocols from the feed list. This CL is a continuation of Mike West's changelist to convert the RSS extension to version 2 (with some additional code). BUG=128256, 91986 TEST=RSS Extension (and automated tests) should work as before. Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=137873

Patch Set 1 #

Total comments: 2

Patch Set 2 : #

Created: 8 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+170 lines, -793 lines)			Patch
M	chrome/browser/extensions/extension_browsertests_misc.cc	View		15 chunks	+0 lines, -45 lines	0 comments	Download
D	chrome/test/data/extensions/subscribe_page_action/background.html	View		1 chunk	+0 lines, -62 lines	0 comments	Download
A +	chrome/test/data/extensions/subscribe_page_action/background.js	View		1 chunk	+52 lines, -56 lines	0 comments	Download
M	chrome/test/data/extensions/subscribe_page_action/manifest.json	View		1 chunk	+30 lines, -25 lines	0 comments	Download
M	chrome/test/data/extensions/subscribe_page_action/options.html	View		5 chunks	+13 lines, -255 lines	0 comments	Download
A +	chrome/test/data/extensions/subscribe_page_action/options.js	View		6 chunks	+44 lines, -228 lines	0 comments	Download
M	chrome/test/data/extensions/subscribe_page_action/popup.html	View		1 chunk	+2 lines, -72 lines	0 comments	Download
A +	chrome/test/data/extensions/subscribe_page_action/popup.js	View		2 chunks	+6 lines, -31 lines	0 comments	Download
M	chrome/test/data/extensions/subscribe_page_action/subscribe.html	View		2 chunks	+3 lines, -18 lines	0 comments	Download
M	chrome/test/data/extensions/subscribe_page_action/subscribe.js	View	1	2 chunks	+20 lines, -1 line	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

abarth-chromium

LGTM http://codereview.chromium.org/10407017/diff/1/chrome/test/data/extensions/subscribe_page_action/subscribe.js File chrome/test/data/extensions/subscribe_page_action/subscribe.js (right): http://codereview.chromium.org/10407017/diff/1/chrome/test/data/extensions/subscribe_page_action/subscribe.js#newcode148 chrome/test/data/extensions/subscribe_page_action/subscribe.js:148: 'value="script-src \'self\';">'; Can you add an object-src directive ...

8 years, 7 months ago (2012-05-17 17:02:32 UTC) #2

Finnur

8 years, 7 months ago (2012-05-17 19:20:37 UTC) #3

https://chromiumcodereview.appspot.com/10407017/diff/1/chrome/test/data/exten...
File chrome/test/data/extensions/subscribe_page_action/subscribe.js (right):

https://chromiumcodereview.appspot.com/10407017/diff/1/chrome/test/data/exten...
chrome/test/data/extensions/subscribe_page_action/subscribe.js:148:
'value="script-src \'self\';">';
Added. I'm not using any plugins (that I know of) but the question is really
"are the feeds we render using plugins to do so?"

... and if they are, should we even be allowing that? I'm leaning towards no on
that. We can try this out and see what happens.

I'll run this CL again through my manual tests (automated test running is in
progress) and if it looks good I'll check it in.

Thanks!

On 2012/05/17 17:02:34, abarth wrote:
> Can you add an object-src directive here?  Assuming you're not using any
> plugins, you can probably use object-src 'none'

Expand Messages | Collapse Messages