commit | 8247b125c7b6888dc1c3932e19d6d8fe5a74a460 | [log] [tgz] |
---|---|---|
author | Karan Bhatia <karandeepb@chromium.org> | Wed May 30 22:29:17 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Wed May 30 22:29:17 2018 |
tree | c0bcc4947b27c16f3a8489a20e108afcb699b26d | |
parent | 3d1cba08168abe3a7c51639e49659b8381dfb66f [diff] |
Extensions: Prevent content script injection in the New tab Page. r487664 disallowed content script injection in the New Tab Page. However, the check in RendererPermissionsPolicyDelegate::IsRestrictedUrl for the same, might not work due to the following reasons: - There might be a race between checking if the extension can inject the script and setting the new tab url in the renderer (SearchBouncer). - The New Tab page url in the SearchBouncer might be set incorrectly due to incorrect handling of multiple profiles by InstantService. Fix this by checking if the current renderer process is an Instant (NTP) renderer. This should work since the NTP renderer process should not be shared with other sites. BUG=844428, 662610 Change-Id: I45f6b27fb2680d3b8df6e1da223452ffee09b0d8 Reviewed-on: https://chromium-review.googlesource.com/1068607 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#563031}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .