Add flag to enable web content to invoke web intents.

chrome/browser/ui/browser.cc

Index: chrome/browser/ui/browser.cc
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index 082514c47f0d35f55679930b8fa452823557aa08..f49d96a998ef082653010e0bda27780e59fa71b2 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -1653,9 +1653,29 @@ void Browser::WebIntentDispatch(
     content::WebIntentsDispatcher* intents_dispatcher) {
   if (!web_intents::IsWebIntentsEnabledForProfile(profile_)) {
     web_intents::RecordIntentsDispatchDisabled();
+    delete intents_dispatcher;
     return;
   }
 
+  // Make sure the requester is coming from an extension/app page.
+  // Internal dispatches set |web_contents| to NULL.
+#if !defined(OS_CHROMEOS)
+  if (web_contents &&
+      !CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kWebIntentsInvocationEnabled)) {
+    ExtensionService* extensions_service = profile_->GetExtensionService();
+    if (!extensions_service ||
+        extensions_service->extensions()->GetExtensionOrAppByURL(
+            ExtensionURLInfo(web_contents->GetURL())) == NULL) {
+      web_intents::RecordIntentsDispatchDisabled();
+      intents_dispatcher->SendReplyMessage(
+          webkit_glue::WEB_INTENT_REPLY_FAILURE,
+          ASCIIToUTF16("Intents may only be invoked from extensions/apps."));
+      return;
+    }
+  }
+#endif
+
   web_intents::RecordIntentDispatchRequested();
 
   if (!web_contents) {