commit 05c82189519642144323493e1d0cd65c41ce81ce
author mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Thu Jun 24 17:49:08 2010
committer mpcomplete@chromium.org <mpcomplete@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Thu Jun 24 17:49:08 2010
tree abb760e7c2d610ab059eec1222fc3d15b6b30db5
parent eb40bc39aafb7933251450019e5b4bcb805982f5

Require user opt-in before allowing content script injection on file URLs.

BUG=47180

Review URL: http://codereview.chromium.org/2809034

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@50737 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/extensions_service.cc

diff --git a/chrome/browser/extensions/extensions_service.cc b/chrome/browser/extensions/extensions_service.cc
index 99dcd9c..02a7366 100644
--- a/chrome/browser/extensions/extensions_service.cc
+++ b/chrome/browser/extensions/extensions_service.cc
@@ -38,6 +38,7 @@
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/extensions/extension_constants.h"
+#include "chrome/common/extensions/extension_error_utils.h"
 #include "chrome/common/extensions/extension_file_util.h"
 #include "chrome/common/extensions/extension_l10n_util.h"
 #include "chrome/common/notification_service.h"
@@ -675,6 +676,42 @@
   NotifyExtensionLoaded(extension);
 }
 
+bool ExtensionsService::AllowFileAccess(const Extension* extension) {
+  return (CommandLine::ForCurrentProcess()->HasSwitch(
+              switches::kDisableExtensionsFileAccessCheck) || 
+          extension_prefs_->AllowFileAccess(extension->id()));
+}
+
+void ExtensionsService::SetAllowFileAccess(Extension* extension, bool allow) {
+  extension_prefs_->SetAllowFileAccess(extension->id(), allow);
+  NotificationService::current()->Notify(
+      NotificationType::EXTENSION_USER_SCRIPTS_UPDATED,
+      Source<Profile>(profile_),
+      Details<Extension>(extension));
+}
+
+bool ExtensionsService::CanExecuteScriptOnHost(Extension* extension,
+                                               const GURL& url,
+                                               std::string* error) const {
+  // No extensions are allowed to execute script on the gallery because that
+  // would allow extensions to manipulate their own install pages.
+  if (url.host() == GURL(Extension::ChromeStoreURL()).host()) {
+    if (error)
+      *error = errors::kCannotScriptGallery;
+    return false;
+  }
+
+  if (extension->HasHostPermission(url))
+      return true;
+
+  if (error) {
+    *error = ExtensionErrorUtils::FormatErrorMessage(errors::kCannotAccessPage,
+                                                     url.spec());
+  }
+
+  return false;
+}
+
 void ExtensionsService::CheckForExternalUpdates() {
   // This installs or updates externally provided extensions.
   // TODO(aa): Why pass this list into the provider, why not just filter it