Index: chrome/browser/ui/browser.cc |
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc |
index 082514c47f0d35f55679930b8fa452823557aa08..f49d96a998ef082653010e0bda27780e59fa71b2 100644 |
--- a/chrome/browser/ui/browser.cc |
+++ b/chrome/browser/ui/browser.cc |
@@ -1653,9 +1653,29 @@ void Browser::WebIntentDispatch( |
content::WebIntentsDispatcher* intents_dispatcher) { |
if (!web_intents::IsWebIntentsEnabledForProfile(profile_)) { |
web_intents::RecordIntentsDispatchDisabled(); |
+ delete intents_dispatcher; |
return; |
} |
+ // Make sure the requester is coming from an extension/app page. |
+ // Internal dispatches set |web_contents| to NULL. |
+#if !defined(OS_CHROMEOS) |
+ if (web_contents && |
+ !CommandLine::ForCurrentProcess()->HasSwitch( |
+ switches::kWebIntentsInvocationEnabled)) { |
+ ExtensionService* extensions_service = profile_->GetExtensionService(); |
+ if (!extensions_service || |
+ extensions_service->extensions()->GetExtensionOrAppByURL( |
+ ExtensionURLInfo(web_contents->GetURL())) == NULL) { |
+ web_intents::RecordIntentsDispatchDisabled(); |
+ intents_dispatcher->SendReplyMessage( |
+ webkit_glue::WEB_INTENT_REPLY_FAILURE, |
+ ASCIIToUTF16("Intents may only be invoked from extensions/apps.")); |
+ return; |
+ } |
+ } |
+#endif |
+ |
web_intents::RecordIntentDispatchRequested(); |
if (!web_contents) { |