Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 12457042: Non-web-accessible extension URLs should not load in non-extension processes (Closed)

Created:
7 years, 9 months ago by nasko
Modified:
7 years, 8 months ago
CC:
chromium-reviews, Aaron Boodman, chromium-apps-reviews_chromium.org
Visibility:
Public.

Description

Non-web-accessible extension URLs should not load in non-extension processes This is a slightly modified version of my previous CL: https://codereview.chromium.org/12218064/. The only difference is that we allow any resource request to succeed, if the extension has any web_acessible_resources. The reason for that we have been lax and allowed subresource loads, even if they are not explicitly added to the manifest (see crbug.com/179127 for details). This should be tightened up with a v3 manifest requirement to explicitly list all subresources. BUG=173688 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=192121

Patch Set 1 #

Total comments: 10

Patch Set 2 : Fixing issues found in code review. #

Total comments: 12

Patch Set 3 : Fixing nits. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+180 lines, -5 lines) Patch
A chrome/browser/chrome_security_exploit_browsertest.cc View 1 1 chunk +72 lines, -0 lines 0 comments Download
M chrome/browser/extensions/extension_protocols.cc View 1 2 4 chunks +65 lines, -5 lines 0 comments Download
M chrome/chrome_tests.gypi View 1 1 chunk +1 line, -0 lines 0 comments Download
M chrome/common/extensions/extension.h View 1 1 chunk +3 lines, -0 lines 0 comments Download
M chrome/renderer/extensions/resource_request_policy.cc View 1 2 1 chunk +6 lines, -0 lines 0 comments Download
A chrome/test/data/chrome_extension_resource.html View 1 chunk +33 lines, -0 lines 0 comments Download

Messages

Total messages: 10 (0 generated)
nasko
Hey guys, This is another attempt to restrict extension resource loads. It is almost identical ...
7 years, 9 months ago (2013-03-26 17:50:22 UTC) #1
Matt Perry
https://codereview.chromium.org/12457042/diff/1/chrome/browser/extensions/extension_protocols.cc File chrome/browser/extensions/extension_protocols.cc (right): https://codereview.chromium.org/12457042/diff/1/chrome/browser/extensions/extension_protocols.cc#newcode334 chrome/browser/extensions/extension_protocols.cc:334: if (extensions::WebAccessibleResourcesInfo::HasWebAccessibleResources( This will break extensions written before web_accessible_resources. ...
7 years, 9 months ago (2013-03-27 23:53:00 UTC) #2
jochen (gone - plz use gerrit)
https://codereview.chromium.org/12457042/diff/1/chrome/browser/chrome_security_exploit_browsertest.cc File chrome/browser/chrome_security_exploit_browsertest.cc (right): https://codereview.chromium.org/12457042/diff/1/chrome/browser/chrome_security_exploit_browsertest.cc#newcode21 chrome/browser/chrome_security_exploit_browsertest.cc:21: #include "webkit/glue/glue_serialize.h" not needed? https://codereview.chromium.org/12457042/diff/1/chrome/browser/chrome_security_exploit_browsertest.cc#newcode23 chrome/browser/chrome_security_exploit_browsertest.cc:23: namespace content { ...
7 years, 8 months ago (2013-04-02 15:14:25 UTC) #3
nasko
Fixed all the issues pointed out in review. https://codereview.chromium.org/12457042/diff/1/chrome/browser/chrome_security_exploit_browsertest.cc File chrome/browser/chrome_security_exploit_browsertest.cc (right): https://codereview.chromium.org/12457042/diff/1/chrome/browser/chrome_security_exploit_browsertest.cc#newcode21 chrome/browser/chrome_security_exploit_browsertest.cc:21: #include ...
7 years, 8 months ago (2013-04-02 18:25:16 UTC) #4
Matt Perry
lgtm
7 years, 8 months ago (2013-04-02 18:31:32 UTC) #5
Charlie Reis
Great. LGTM with nits. https://codereview.chromium.org/12457042/diff/7001/chrome/browser/extensions/extension_protocols.cc File chrome/browser/extensions/extension_protocols.cc (right): https://codereview.chromium.org/12457042/diff/7001/chrome/browser/extensions/extension_protocols.cc#newcode301 chrome/browser/extensions/extension_protocols.cc:301: // process to request each ...
7 years, 8 months ago (2013-04-02 22:17:38 UTC) #6
jochen (gone - plz use gerrit)
lgtm
7 years, 8 months ago (2013-04-03 07:19:39 UTC) #7
nasko
https://codereview.chromium.org/12457042/diff/7001/chrome/browser/extensions/extension_protocols.cc File chrome/browser/extensions/extension_protocols.cc (right): https://codereview.chromium.org/12457042/diff/7001/chrome/browser/extensions/extension_protocols.cc#newcode301 chrome/browser/extensions/extension_protocols.cc:301: // process to request each other's resources. We can't ...
7 years, 8 months ago (2013-04-03 15:51:50 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/nasko@chromium.org/12457042/18001
7 years, 8 months ago (2013-04-03 15:52:02 UTC) #9
commit-bot: I haz the power
7 years, 8 months ago (2013-04-03 19:50:50 UTC) #10
Message was sent while issue was closed. 
Change committed as 192121

Powered by Google App Engine
This is Rietveld 408576698