Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7278)

Unified Diff: chrome/renderer/extensions/extension_dispatcher.cc

Issue 10458063: Add sanbdoxed_pages to allow extension/app pages to be served in a sandboxed, unique origin (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: CheckCurrentContextAccessToExtensionAPI Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/renderer/extensions/extension_dispatcher.cc
diff --git a/chrome/renderer/extensions/extension_dispatcher.cc b/chrome/renderer/extensions/extension_dispatcher.cc
index 8226de81f55566ed5a7a4b22761903b17b629b15..d1ed29ab48b4d1ab159110f332a406a6b2d918f8 100644
--- a/chrome/renderer/extensions/extension_dispatcher.cc
+++ b/chrome/renderer/extensions/extension_dispatcher.cc
@@ -896,6 +896,16 @@ Feature::Context ExtensionDispatcher::ClassifyJavaScriptContext(
if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS)
return Feature::CONTENT_SCRIPT_CONTEXT;
+ // We have an explicit check for sandboxed pages first since:
+ // 1. Sandboxed pages run in the same process as regular extension pages, so
+ // the extension is considered active.
+ // 2. ScriptContext creation (which triggers bindings injection) happens
+ // before the SecurityContext is updated with the sandbox flags (after
+ // reading the CSP header), so url_info.url().securityOrigin() is not
+ // unique yet.
+ if (extensions_.IsSandboxedPage(url_info))
+ return Feature::WEB_PAGE_CONTEXT;
+
if (IsExtensionActive(extension_id))
return Feature::BLESSED_EXTENSION_CONTEXT;
@@ -934,8 +944,8 @@ bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI(
return false;
}
- if (!IsExtensionActive(context->extension()->id()) &&
- ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name)) {
+ if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) &&
+ context->context_type() != Feature::BLESSED_EXTENSION_CONTEXT) {
static const char kMessage[] =
"%s can only be used in an extension process.";
std::string error_msg = base::StringPrintf(kMessage, function_name.c_str());
@@ -944,5 +954,14 @@ bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI(
return false;
}
+ // We should never end up with sandboxed contexts trying to invoke extension
Mihai Parparita -not on Chrome 2012/06/05 23:39:06 Adam also suggested checking at API invocation tim
+ // APIs, they don't get extension bindings injected. If we end up here it
+ // means that a sandboxed page somehow managed to invoke an API anyway, so
+ // we should abort.
+ WebKit::WebFrame* frame = context->web_frame();
+ ExtensionURLInfo url_info(frame->document().securityOrigin(),
+ UserScriptSlave::GetDataSourceURLForFrame(frame));
+ CHECK(!extensions_.IsSandboxedPage(url_info));
+
return true;
}

Powered by Google App Engine
This is Rietveld 408576698