Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/extensions/dispatcher.cc

Issue 10829186: Tabs API is usable without tabs permission. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: . Created 8 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/ui/panels/panel.cc ('K') | « chrome/common/extensions/permissions/permission_set_unittest.cc ('k') | chrome/test/data/extensions/api_test/active_tab/background.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/dispatcher.h" 5 #include "chrome/renderer/extensions/dispatcher.h"
6 6
7 #include "base/callback.h" 7 #include "base/callback.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "base/string_piece.h" 10 #include "base/string_piece.h"
(...skipping 1045 matching lines...) Expand 10 before | Expand all | Expand 10 after
1056 DLOG(ERROR) << "Not in a v8::Context"; 1056 DLOG(ERROR) << "Not in a v8::Context";
1057 return false; 1057 return false;
1058 } 1058 }
1059 1059
1060 if (!context->extension()) { 1060 if (!context->extension()) {
1061 v8::ThrowException( 1061 v8::ThrowException(
1062 v8::Exception::Error(v8::String::New("Not in an extension."))); 1062 v8::Exception::Error(v8::String::New("Not in an extension.")));
1063 return false; 1063 return false;
1064 } 1064 }
1065 1065
1066 // We need to whitelist tabs.executeScript and tabs.insertCSS because they 1066 if (!context->extension()->HasAPIPermission(function_name)) {
1067 // are granted under special circumstances with the activeTab permission
1068 // (note that the browser checks too, so this isn't a security problem).
1069 //
1070 // Only the browser knows which tab this call will be sent to... sometimes we
1071 // *could* figure it out (if the extension gives an explicit tab ID in the
1072 // call), but the expected case will be the extension passing through -1,
1073 // meaning the active tab, and only the browser safely knows what this is.
1074 bool skip_permission_check = (function_name == "tabs.executeScript") ||
1075 (function_name == "tabs.insertCSS");
1076
1077 if (!skip_permission_check &&
1078 !context->extension()->HasAPIPermission(function_name)) {
1079 static const char kMessage[] = 1067 static const char kMessage[] =
1080 "You do not have permission to use '%s'. Be sure to declare" 1068 "You do not have permission to use '%s'. Be sure to declare"
1081 " in your manifest what permissions you need."; 1069 " in your manifest what permissions you need.";
1082 std::string error_msg = base::StringPrintf(kMessage, function_name.c_str()); 1070 std::string error_msg = base::StringPrintf(kMessage, function_name.c_str());
1083 v8::ThrowException( 1071 v8::ThrowException(
1084 v8::Exception::Error(v8::String::New(error_msg.c_str()))); 1072 v8::Exception::Error(v8::String::New(error_msg.c_str())));
1085 return false; 1073 return false;
1086 } 1074 }
1087 1075
1088 if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) && 1076 if (ExtensionAPI::GetSharedInstance()->IsPrivileged(function_name) &&
(...skipping 12 matching lines...) Expand all
1101 // we should abort. 1089 // we should abort.
1102 WebKit::WebFrame* frame = context->web_frame(); 1090 WebKit::WebFrame* frame = context->web_frame();
1103 ExtensionURLInfo url_info(frame->document().securityOrigin(), 1091 ExtensionURLInfo url_info(frame->document().securityOrigin(),
1104 UserScriptSlave::GetDataSourceURLForFrame(frame)); 1092 UserScriptSlave::GetDataSourceURLForFrame(frame));
1105 CHECK(!extensions_.IsSandboxedPage(url_info)); 1093 CHECK(!extensions_.IsSandboxedPage(url_info));
1106 1094
1107 return true; 1095 return true;
1108 } 1096 }
1109 1097
1110 } // namespace extensions 1098 } // namespace extensions
OLDNEW
« chrome/browser/ui/panels/panel.cc ('K') | « chrome/common/extensions/permissions/permission_set_unittest.cc ('k') | chrome/test/data/extensions/api_test/active_tab/background.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698