chrome/renderer/extensions/custom_bindings_util.cc - Issue 9403006: Extensions: run "custom bindings" v8-extensions in content scripts.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/renderer/extensions/custom_bindings_util.cc

Issue 9403006: Extensions: run "custom bindings" v8-extensions in content scripts. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: . Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: chrome/renderer/extensions/custom_bindings_util.cc

diff --git a/chrome/renderer/extensions/custom_bindings_util.cc b/chrome/renderer/extensions/custom_bindings_util.cc

index 5d9277f431fe8f174d0b214b52323c374c58e97f..a1cf1f0edd53cd0a733b2f3faaa9121a56d57bcb 100644

--- a/chrome/renderer/extensions/custom_bindings_util.cc

+++ b/chrome/renderer/extensions/custom_bindings_util.cc

@@ -8,6 +8,7 @@

#include "base/logging.h"

#include "base/string_util.h"

+#include "chrome/common/extensions/api/extension_api.h"

#include "chrome/common/extensions/extension.h"

#include "chrome/renderer/extensions/chrome_v8_extension.h"

#include "chrome/renderer/extensions/chrome_private_custom_bindings.h"

@@ -144,13 +145,20 @@ std::string GetAPIName(const std::string& v8_extension_name) {

}

bool AllowAPIInjection(const std::string& api_name,

- const Extension& extension) {

+ const Extension& extension,

+ bool is_content_script) {

CHECK(api_name != "");

// As in ExtensionAPI::GetSchemasForExtension, we need to allow any bindings

// for an API that the extension *might* have permission to use.

- return extension.required_permission_set()->HasAnyAccessToAPI(api_name) ||

- extension.optional_permission_set()->HasAnyAccessToAPI(api_name);

+ bool allowed =

+ extension.required_permission_set()->HasAnyAccessToAPI(api_name) ||

+ extension.optional_permission_set()->HasAnyAccessToAPI(api_name);

+ if (allowed && is_content_script)

+ allowed = !ExtensionAPI::GetInstance()->IsWholeAPIPrivileged(api_name);

+ return allowed;

}

} // namespace custom_bindings_util