chrome/renderer/extensions/chrome_v8_context_set.cc - Issue 15825008: Remove the event URL security check out of the renderer and into the browser.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/renderer/extensions/chrome_v8_context_set.cc

Issue 15825008: Remove the event URL security check out of the renderer and into the browser. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: add self check Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/renderer/extensions/chrome_v8_context_set.cc

diff --git a/chrome/renderer/extensions/chrome_v8_context_set.cc b/chrome/renderer/extensions/chrome_v8_context_set.cc

index 9fe6b8d96bf6c45d79834c86b7b1ec1a08b56c1e..86b3b81398180e502fe55af0cd971f7b109cc175 100644

--- a/chrome/renderer/extensions/chrome_v8_context_set.cc

+++ b/chrome/renderer/extensions/chrome_v8_context_set.cc

@@ -27,29 +27,6 @@ using content::V8ValueConverter;

namespace extensions {

-namespace {

-// Returns true if the extension running in the given |render_view| has

-// sufficient permissions to access the data.

-//

-// TODO(aa): This looks super suspicious. Is it correct? Can we use something

-// else already in the system? Should it be moved elsewhere?

- bool HasSufficientPermissions(content::RenderView* render_view,

- const GURL& event_url) {

- // During unit tests, we might be invoked without a v8 context. In these

- // cases, we only allow empty event_urls and short-circuit before retrieving

- // the render view from the current context.

- if (!event_url.is_valid())

- return true;

- WebKit::WebDocument document =

- render_view->GetWebView()->mainFrame()->document();

- return GURL(document.url()).SchemeIs(extensions::kExtensionScheme) &&

- document.securityOrigin().canRequest(event_url);

-} // namespace

ChromeV8ContextSet::ChromeV8ContextSet() {

}

ChromeV8ContextSet::~ChromeV8ContextSet() {

@@ -106,8 +83,7 @@ void ChromeV8ContextSet::DispatchChromeHiddenMethod(

const std::string& extension_id,

const std::string& method_name,

const base::ListValue& arguments,

- content::RenderView* render_view,

- const GURL& event_url) const {

+ content::RenderView* render_view) const {

v8::HandleScope handle_scope;

// We copy the context list, because calling into javascript may modify it

@@ -133,9 +109,6 @@ void ChromeV8ContextSet::DispatchChromeHiddenMethod(

if (render_view && render_view != context_render_view)

continue;

- if (!HasSufficientPermissions(context_render_view, event_url))

- continue;

v8::Local<v8::Context> context(*((*it)->v8_context()));

std::vector<v8::Handle<v8::Value> > v8_arguments;

for (size_t i = 0; i < arguments.GetSize(); ++i) {

« no previous file with comments | « chrome/renderer/extensions/chrome_v8_context_set.h ('k') | chrome/renderer/extensions/dispatcher.h » ('j') | no next file with comments »