Add schema chrome-extension-resource:// for extension resources

chrome/renderer/extensions/extension_resource_request_policy.cc

Index: chrome/renderer/extensions/extension_resource_request_policy.cc
diff --git a/chrome/renderer/extensions/extension_resource_request_policy.cc b/chrome/renderer/extensions/extension_resource_request_policy.cc
index 4bee495a511e706bca009a2133a6132850dcdf74..93e8fe7f63f3844281b8deee2693cb6c18dac809 100644
--- a/chrome/renderer/extensions/extension_resource_request_policy.cc
+++ b/chrome/renderer/extensions/extension_resource_request_policy.cc
@@ -22,55 +22,75 @@ bool ExtensionResourceRequestPolicy::CanRequestResource(
     const GURL& resource_url,
     WebKit::WebFrame* frame,
     const ExtensionSet* loaded_extensions) {
-  CHECK(resource_url.SchemeIs(chrome::kExtensionScheme));
+  if (resource_url.SchemeIs(chrome::kExtensionScheme)) {
+    const Extension* extension =
+        loaded_extensions->GetExtensionOrAppByURL(
+            ExtensionURLInfo(resource_url));
+    if (!extension) {
+      // Allow the load in the case of a non-existent extension. We'll just get
+      // a 404 from the browser process.
+      return true;
+    }
 
-  const Extension* extension =
-      loaded_extensions->GetExtensionOrAppByURL(ExtensionURLInfo(resource_url));
-  if (!extension) {
-    // Allow the load in the case of a non-existent extension. We'll just get a
-    // 404 from the browser process.
-    return true;
-  }
+    // Disallow loading of packaged resources for hosted apps. We don't allow
+    // hybrid hosted/packaged apps. The one exception is access to icons, since
+    // some extensions want to be able to do things like create their own
+    // launchers.
+    std::string resource_root_relative_path =
+        resource_url.path().empty() ? "" : resource_url.path().substr(1);
+    if (extension->is_hosted_app() &&
+        !extension->icons().ContainsPath(resource_root_relative_path)) {
+      LOG(ERROR) << "Denying load of " << resource_url.spec() << " from "
+        "hosted app.";
+      return false;
+    }
 
-  // Disallow loading of packaged resources for hosted apps. We don't allow
-  // hybrid hosted/packaged apps. The one exception is access to icons, since
-  // some extensions want to be able to do things like create their own
-  // launchers.
-  std::string resource_root_relative_path =
-      resource_url.path().empty() ? "" : resource_url.path().substr(1);
-  if (extension->is_hosted_app() &&
-      !extension->icons().ContainsPath(resource_root_relative_path)) {
-    LOG(ERROR) << "Denying load of " << resource_url.spec() << " from "
-               << "hosted app.";
-    return false;
-  }
+    // Disallow loading of extension resources that are not explicitely listed
+    // as web accessible if the manifest version is 2 or greater.
 
-  // Disallow loading of extension resources which are not explicitely listed
-  // as web accessible if the manifest version is 2 or greater.
+    GURL frame_url = frame->document().url();
+    GURL page_url = frame->top()->document().url();
+    // Exceptions are:
+    // - empty origin (needed for some edge cases when we have empty origins)
+    // - chrome-extension:// (for legacy reasons - some extensions interoperate)
+    // - devtools (chrome-extension:// URLs are loaded into frames of devtools
+    //     to support the devtools extension APIs)
+    if (!CommandLine::ForCurrentProcess()->HasSwitch(
+            switches::kDisableExtensionsResourceWhitelist) &&
+        !frame_url.is_empty() &&
+        !frame_url.SchemeIs(chrome::kExtensionScheme) &&
+        !(page_url.SchemeIs(chrome::kChromeDevToolsScheme) &&
+            !extension->devtools_url().is_empty()) &&
+        !extension->IsResourceWebAccessible(resource_url.path())) {
+      std::string message = base::StringPrintf(
+          "Denying load of %s. Resources must be listed in the "
+          "web_accessible_resources manifest key in order to be loaded by web "
+          "pages.",
+          resource_url.spec().c_str());
+      frame->addMessageToConsole(
+          WebKit::WebConsoleMessage(WebKit::WebConsoleMessage::LevelError,
+                                    WebKit::WebString::fromUTF8(message)));
+      return false;
+    }
 
-  GURL frame_url = frame->document().url();
-  GURL page_url = frame->top()->document().url();
-  // Exceptions are:
-  // - empty origin (needed for some edge cases when we have empty origins)
-  // - chrome-extension:// (for legacy reasons -- some extensions interop)
-  // - devtools (chrome-extension:// URLs are loaded into frames of devtools
-  //     to support the devtools extension APIs)
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kDisableExtensionsResourceWhitelist) &&
-      !frame_url.is_empty() &&
-      !frame_url.SchemeIs(chrome::kExtensionScheme) &&
-      !(page_url.SchemeIs(chrome::kChromeDevToolsScheme) &&
-          !extension->devtools_url().is_empty()) &&
-      !extension->IsResourceWebAccessible(resource_url.path())) {
-    std::string message = base::StringPrintf(
-        "Denying load of %s. Resources must be listed in the "
-        "web_accessible_resources manifest key in order to be loaded by web "
-        "pages.",
+    return true;
+  }
+
+  if (resource_url.SchemeIs(chrome::kExtensionResourceScheme)) {

[Aaron Boodman, 2012/04/16 18:54:36]

Split these two cases into two separate helper functions.

[Peng, 2012/04/17 13:52:05]

Done.

+    GURL frame_url = frame->document().url();
+    if (!frame_url.is_empty() &&
+        !frame_url.SchemeIs(chrome::kExtensionScheme) &&
+        !frame_url.SchemeIs(chrome::kExtensionResourceScheme)) {

[Aaron Boodman, 2012/04/16 18:54:36]

Currently I don't think there are any cases where a resource embeds another
resource, so maybe remove this bit.

[Peng, 2012/04/17 13:52:05]

Done.

+      std::string message = base::StringPrintf(
+          "Denying load of %s. chrome-extension-resources:// can only be "
+          "loaded from extensions.",
         resource_url.spec().c_str());
-    frame->addMessageToConsole(
-        WebKit::WebConsoleMessage(WebKit::WebConsoleMessage::LevelError,
-                                  WebKit::WebString::fromUTF8(message)));
-    return false;
+      frame->addMessageToConsole(
+          WebKit::WebConsoleMessage(WebKit::WebConsoleMessage::LevelError,
+                                    WebKit::WebString::fromUTF8(message)));
+      return false;
+    }
+    return true;
   }
 
   return true;