Do not allow non web accessible resources to be linked. BUG=141462 TEST=ExtensionResourceRequestPolicyTest.LinkToWebAccessibleResources Review URL: https://chromiumcodereview.appspot.com/22935006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@222464 0039d316-1c4b-4281-b951-d872f2087c98

commit: 9a60d160b6dfb2351ae0dad28341c3ca80f1ca59 [log] [tgz]
author: [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> Wed Sep 11 04:09:12 2013
committer: [email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98> Wed Sep 11 04:09:12 2013
tree: 9c4afc7a8a202b20282363f4da3c0c7ffdc73cd0
parent: 5517630b2125e1042553a18a536d243ce674c4d0 [diff] [blame]
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 60c6942..bcc1967 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc

@@ -100,6 +100,7 @@
 #include "chrome/common/extensions/manifest_handlers/shared_module_info.h"
 #include "chrome/common/extensions/permissions/permissions_data.h"
 #include "chrome/common/extensions/permissions/socket_permission.h"
+#include "chrome/common/extensions/web_accessible_resources_handler.h"
 #include "chrome/common/logging_chrome.h"
 #include "chrome/common/pepper_permission_util.h"
 #include "chrome/common/pref_names.h"
@@ -1048,6 +1049,37 @@
   return true;
 }
 
+bool ChromeContentBrowserClient::ShouldAllowOpenURL(
+    content::SiteInstance* site_instance, const GURL& url) {
+  GURL from_url = site_instance->GetSiteURL();
+  // Do not allow pages from the web or other extensions navigate to
+  // non-web-accessible extension resources.
+  if (url.SchemeIs(extensions::kExtensionScheme) &&
+      (from_url.SchemeIsHTTPOrHTTPS() ||
+          from_url.SchemeIs(extensions::kExtensionScheme))) {
+    Profile* profile = Profile::FromBrowserContext(
+        site_instance->GetProcess()->GetBrowserContext());
+    ExtensionService* service =
+        extensions::ExtensionSystem::Get(profile)->extension_service();
+    if (!service)
+      return true;
+    const Extension* extension =
+        service->extensions()->GetExtensionOrAppByURL(url);
+    if (!extension)
+      return true;
+    const Extension* from_extension =
+        service->extensions()->GetExtensionOrAppByURL(
+            site_instance->GetSiteURL());
+    if (from_extension && from_extension->id() == extension->id())
+      return true;
+
+    if (!extensions::WebAccessibleResourcesInfo::IsResourceWebAccessible(
+            extension, url.path()))
+      return false;
+  }
+  return true;
+}
+
 bool ChromeContentBrowserClient::IsSuitableHost(
     content::RenderProcessHost* process_host,
     const GURL& site_url) {
commit	9a60d160b6dfb2351ae0dad28341c3ca80f1ca59	[log] [tgz]
author	[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>	Wed Sep 11 04:09:12 2013
committer	[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>	Wed Sep 11 04:09:12 2013
tree	9c4afc7a8a202b20282363f4da3c0c7ffdc73cd0
parent	5517630b2125e1042553a18a536d243ce674c4d0 [diff] [blame]