| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/extensions/chrome_v8_context_set.h" | 5 #include "chrome/renderer/extensions/chrome_v8_context_set.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/message_loop.h" | 8 #include "base/message_loop.h" |
| 9 #include "base/tracked_objects.h" | 9 #include "base/tracked_objects.h" |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "chrome/common/extensions/extension.h" | 11 #include "chrome/common/extensions/extension.h" |
| 12 #include "chrome/common/url_constants.h" | 12 #include "chrome/common/url_constants.h" |
| 13 #include "chrome/renderer/extensions/chrome_v8_context.h" | 13 #include "chrome/renderer/extensions/chrome_v8_context.h" |
| 14 #include "content/public/renderer/render_thread.h" | 14 #include "content/public/renderer/render_thread.h" |
| 15 #include "content/public/renderer/render_view.h" | 15 #include "content/public/renderer/render_view.h" |
| 16 #include "content/public/renderer/v8_value_converter.h" | 16 #include "content/public/renderer/v8_value_converter.h" |
| 17 #include "extensions/common/constants.h" | 17 #include "extensions/common/constants.h" |
| 18 #include "third_party/WebKit/Source/Platform/chromium/public/WebURL.h" | 18 #include "third_party/WebKit/Source/Platform/chromium/public/WebURL.h" |
| 19 #include "third_party/WebKit/Source/Platform/chromium/public/WebURLRequest.h" | 19 #include "third_party/WebKit/Source/Platform/chromium/public/WebURLRequest.h" |
| 20 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h" | 20 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h" |
| 21 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h" | 21 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h" |
| 22 #include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h" | 22 #include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h" |
| 23 #include "v8/include/v8.h" | 23 #include "v8/include/v8.h" |
| 24 | 24 |
| 25 using content::RenderThread; | 25 using content::RenderThread; |
| 26 using content::V8ValueConverter; | 26 using content::V8ValueConverter; |
| 27 | 27 |
| 28 namespace extensions { | 28 namespace extensions { |
| 29 | 29 |
| 30 namespace { | |
| 31 | |
| 32 // Returns true if the extension running in the given |render_view| has | |
| 33 // sufficient permissions to access the data. | |
| 34 // | |
| 35 // TODO(aa): This looks super suspicious. Is it correct? Can we use something | |
| 36 // else already in the system? Should it be moved elsewhere? | |
| 37 bool HasSufficientPermissions(content::RenderView* render_view, | |
| 38 const GURL& event_url) { | |
| 39 // During unit tests, we might be invoked without a v8 context. In these | |
| 40 // cases, we only allow empty event_urls and short-circuit before retrieving | |
| 41 // the render view from the current context. | |
| 42 if (!event_url.is_valid()) | |
| 43 return true; | |
| 44 | |
| 45 WebKit::WebDocument document = | |
| 46 render_view->GetWebView()->mainFrame()->document(); | |
| 47 return GURL(document.url()).SchemeIs(extensions::kExtensionScheme) && | |
| 48 document.securityOrigin().canRequest(event_url); | |
| 49 } | |
| 50 | |
| 51 } // namespace | |
| 52 | |
| 53 ChromeV8ContextSet::ChromeV8ContextSet() { | 30 ChromeV8ContextSet::ChromeV8ContextSet() { |
| 54 } | 31 } |
| 55 ChromeV8ContextSet::~ChromeV8ContextSet() { | 32 ChromeV8ContextSet::~ChromeV8ContextSet() { |
| 56 } | 33 } |
| 57 | 34 |
| 58 int ChromeV8ContextSet::size() const { | 35 int ChromeV8ContextSet::size() const { |
| 59 return static_cast<int>(contexts_.size()); | 36 return static_cast<int>(contexts_.size()); |
| 60 } | 37 } |
| 61 | 38 |
| 62 void ChromeV8ContextSet::Add(ChromeV8Context* context) { | 39 void ChromeV8ContextSet::Add(ChromeV8Context* context) { |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 99 return *iter; | 76 return *iter; |
| 100 } | 77 } |
| 101 | 78 |
| 102 return NULL; | 79 return NULL; |
| 103 } | 80 } |
| 104 | 81 |
| 105 void ChromeV8ContextSet::DispatchChromeHiddenMethod( | 82 void ChromeV8ContextSet::DispatchChromeHiddenMethod( |
| 106 const std::string& extension_id, | 83 const std::string& extension_id, |
| 107 const std::string& method_name, | 84 const std::string& method_name, |
| 108 const base::ListValue& arguments, | 85 const base::ListValue& arguments, |
| 109 content::RenderView* render_view, | 86 content::RenderView* render_view) const { |
| 110 const GURL& event_url) const { | |
| 111 v8::HandleScope handle_scope; | 87 v8::HandleScope handle_scope; |
| 112 | 88 |
| 113 // We copy the context list, because calling into javascript may modify it | 89 // We copy the context list, because calling into javascript may modify it |
| 114 // out from under us. | 90 // out from under us. |
| 115 ContextSet contexts = GetAll(); | 91 ContextSet contexts = GetAll(); |
| 116 | 92 |
| 117 scoped_ptr<V8ValueConverter> converter(V8ValueConverter::create()); | 93 scoped_ptr<V8ValueConverter> converter(V8ValueConverter::create()); |
| 118 for (ContextSet::iterator it = contexts.begin(); it != contexts.end(); | 94 for (ContextSet::iterator it = contexts.begin(); it != contexts.end(); |
| 119 ++it) { | 95 ++it) { |
| 120 if ((*it)->v8_context().IsEmpty()) | 96 if ((*it)->v8_context().IsEmpty()) |
| 121 continue; | 97 continue; |
| 122 | 98 |
| 123 if (!extension_id.empty()) { | 99 if (!extension_id.empty()) { |
| 124 const Extension* extension = (*it)->extension(); | 100 const Extension* extension = (*it)->extension(); |
| 125 if (!extension || (extension_id != extension->id())) | 101 if (!extension || (extension_id != extension->id())) |
| 126 continue; | 102 continue; |
| 127 } | 103 } |
| 128 | 104 |
| 129 content::RenderView* context_render_view = (*it)->GetRenderView(); | 105 content::RenderView* context_render_view = (*it)->GetRenderView(); |
| 130 if (!context_render_view) | 106 if (!context_render_view) |
| 131 continue; | 107 continue; |
| 132 | 108 |
| 133 if (render_view && render_view != context_render_view) | 109 if (render_view && render_view != context_render_view) |
| 134 continue; | 110 continue; |
| 135 | 111 |
| 136 if (!HasSufficientPermissions(context_render_view, event_url)) | |
| 137 continue; | |
| 138 | |
| 139 v8::Local<v8::Context> context(*((*it)->v8_context())); | 112 v8::Local<v8::Context> context(*((*it)->v8_context())); |
| 140 std::vector<v8::Handle<v8::Value> > v8_arguments; | 113 std::vector<v8::Handle<v8::Value> > v8_arguments; |
| 141 for (size_t i = 0; i < arguments.GetSize(); ++i) { | 114 for (size_t i = 0; i < arguments.GetSize(); ++i) { |
| 142 const base::Value* item = NULL; | 115 const base::Value* item = NULL; |
| 143 CHECK(arguments.Get(i, &item)); | 116 CHECK(arguments.Get(i, &item)); |
| 144 v8_arguments.push_back(converter->ToV8Value(item, context)); | 117 v8_arguments.push_back(converter->ToV8Value(item, context)); |
| 145 } | 118 } |
| 146 | 119 |
| 147 v8::Handle<v8::Value> retval; | 120 v8::Handle<v8::Value> retval; |
| 148 (*it)->CallChromeHiddenMethod( | 121 (*it)->CallChromeHiddenMethod( |
| (...skipping 15 matching lines...) Expand all Loading... |
| 164 (*it)->DispatchOnUnloadEvent(); | 137 (*it)->DispatchOnUnloadEvent(); |
| 165 removed.insert(*it); | 138 removed.insert(*it); |
| 166 Remove(*it); | 139 Remove(*it); |
| 167 } | 140 } |
| 168 } | 141 } |
| 169 | 142 |
| 170 return removed; | 143 return removed; |
| 171 } | 144 } |
| 172 | 145 |
| 173 } // namespace extensions | 146 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 15825008:
Remove the event URL security check out of the renderer and into the browser. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src