commit | 7a33a5423fd1e6beab05c08cae24a6fc9dee2999 | [log] [tgz] |
---|---|---|
author | Karan Bhatia <karandeepb@chromium.org> | Thu Apr 05 00:41:12 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Thu Apr 05 00:41:12 2018 |
tree | 3179eba34cc2412c65f07d971db74343801954e1 | |
parent | 8dbfcb6298b91627b3f545f7dc35f85376764250 [diff] |
Extensions: Gate activeTab with file urls on having explicit file access. When an extension is granted tab permission using activeTab (in response to say clicking on its browser action), the extension is granted permission to the tab's origin for the duration of the tab lifetime. When this happens for a tab with a file url loaded, the extension gets permission to the file scheme on the tab. This allows, for example, the extension to read the contents of the page using apis like chrome.tabs.executeScript. For file urls, this is not ideal since this does not respect the "Allow access to file URLs" extension setting. This CL changes this behavior, gating the access to the file scheme on the tab, on the extension having explicit file access. This CL also adds extensive test coverage for the behavior of tabs.executeScript on pages with file urls loaded into them. BUG=816685 Change-Id: I9175bb1883006fe594a93262c6825a962c285037 Reviewed-on: https://chromium-review.googlesource.com/994264 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#548269}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .