Make it so that allow_js_access: false can be used with background pages created by window.open.

chrome/browser/chrome_content_browser_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chrome_content_browser_client.h"
 
 #include <set>
 #include <utility>
 #include <vector>
 
@@ skipping 1241 matching lines @@
   Profile* profile = Profile::FromBrowserContext(process->GetBrowserContext());
   DesktopNotificationService* service =
       DesktopNotificationServiceFactory::GetForProfile(profile);
   service->CancelDesktopNotification(
       render_process_id, render_view_id, notification_id);
 #else
   NOTIMPLEMENTED();
 #endif
 }
 
-bool ChromeContentBrowserClient::CanCreateWindow(
+content::ContentBrowserClient::CanCreateWindowResult
+ChromeContentBrowserClient::CanCreateWindow(
     const GURL& opener_url,
     const GURL& source_origin,
     WindowContainerType container_type,
     content::ResourceContext* context,
     int render_process_id) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // If the opener is trying to create a background window but doesn't have
   // the appropriate permission, fail the attempt.
   if (container_type == WINDOW_CONTAINER_TYPE_BACKGROUND) {
     ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
     ExtensionInfoMap* map = io_data->GetExtensionInfoMap();
 
-    // If the opener is not allowed to script its background window, then return
-    // false so that the window.open call returns null.  In this case, only
-    // the manifest is permitted to create a background window.
+    if (!map->SecurityOriginHasAPIPermission(
+        source_origin, render_process_id, ExtensionAPIPermission::kBackground)) {

[Andrew T Wilson (Slow), 2012/03/26 15:28:10]

nit: 80 chars

[Mihai Parparita -not on Chrome, 2012/03/27 01:16:07]

Done.

+      return CANNOT_CREATE_WINDOW;
+    }
+
     // Note: this use of GetExtensionOrAppByURL is safe but imperfect.  It may
     // return a recently installed Extension even if this CanCreateWindow call
     // was made by an old copy of the page in a normal web process.  That's ok,
-    // because the permission check below will still fail.  We must use the
-    // full URL to find hosted apps, though, and not just the origin.
+    // because the permission check above would have caused an early return
+    // already. We must use the full URL to find hosted apps, though, and not
+    // just the origin.
     const Extension* extension = map->extensions().GetExtensionOrAppByURL(
         ExtensionURLInfo(opener_url));
     if (extension && !extension->allow_background_js_access())
-      return false;
-
-    return map->SecurityOriginHasAPIPermission(
-        source_origin, render_process_id, ExtensionAPIPermission::kBackground);
+      return CAN_CREATE_WINDOW_NO_JS_ACCESS;
   }
-  return true;
+  return CAN_CREATE_WINDOW;
 }
 
 std::string ChromeContentBrowserClient::GetWorkerProcessTitle(
     const GURL& url, content::ResourceContext* context) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   // Check if it's an extension-created worker, in which case we want to use
   // the name of the extension.
   ProfileIOData* io_data = ProfileIOData::FromResourceContext(context);
   const Extension* extension =
       io_data->GetExtensionInfoMap()->extensions().GetByID(url.host());
@@ skipping 330 matching lines @@
 #if defined(USE_NSS)
 crypto::CryptoModuleBlockingPasswordDelegate*
     ChromeContentBrowserClient::GetCryptoPasswordDelegate(
         const GURL& url) {
   return browser::NewCryptoModuleBlockingDialogDelegate(
       browser::kCryptoModulePasswordKeygen, url.host());
 }
 #endif
 
 }  // namespace chrome