Home | History | Annotate | Download | only in manifest_handlers 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "extensions/common/manifest_handlers/sandboxed_page_info.h"
      6 
      7 #include "base/lazy_instance.h"
      8 #include "base/memory/scoped_ptr.h"
      9 #include "base/strings/string_number_conversions.h"
     10 #include "base/strings/utf_string_conversions.h"
     11 #include "base/values.h"
     12 #include "extensions/common/csp_validator.h"
     13 #include "extensions/common/error_utils.h"
     14 #include "extensions/common/manifest_constants.h"
     15 #include "extensions/common/url_pattern.h"
     16 
     17 namespace extensions {
     18 
     19 namespace {
     20 
     21 namespace keys = extensions::manifest_keys;
     22 namespace errors = manifest_errors;
     23 
     24 const char kDefaultSandboxedPageContentSecurityPolicy[] =
     25     "sandbox allow-scripts allow-forms allow-popups";
     26 
     27 static base::LazyInstance<SandboxedPageInfo> g_empty_sandboxed_info =
     28     LAZY_INSTANCE_INITIALIZER;
     29 
     30 const SandboxedPageInfo& GetSandboxedPageInfo(const Extension* extension) {
     31   SandboxedPageInfo* info = static_cast<SandboxedPageInfo*>(
     32       extension->GetManifestData(keys::kSandboxedPages));
     33   return info ? *info : g_empty_sandboxed_info.Get();
     34 }
     35 
     36 }  // namespace
     37 
     38 SandboxedPageInfo::SandboxedPageInfo() {
     39 }
     40 
     41 SandboxedPageInfo::~SandboxedPageInfo() {
     42 }
     43 
     44 const std::string& SandboxedPageInfo::GetContentSecurityPolicy(
     45     const Extension* extension) {
     46   return GetSandboxedPageInfo(extension).content_security_policy;
     47 }
     48 
     49 const URLPatternSet& SandboxedPageInfo::GetPages(const Extension* extension) {
     50   return GetSandboxedPageInfo(extension).pages;
     51 }
     52 
     53 bool SandboxedPageInfo::IsSandboxedPage(const Extension* extension,
     54                                     const std::string& relative_path) {
     55   return extension->ResourceMatches(GetPages(extension), relative_path);
     56 }
     57 
     58 SandboxedPageHandler::SandboxedPageHandler() {
     59 }
     60 
     61 SandboxedPageHandler::~SandboxedPageHandler() {
     62 }
     63 
     64 bool SandboxedPageHandler::Parse(Extension* extension, string16* error) {
     65   scoped_ptr<SandboxedPageInfo> sandboxed_info(new SandboxedPageInfo);
     66 
     67   const base::ListValue* list_value = NULL;
     68   if (!extension->manifest()->GetList(keys::kSandboxedPages, &list_value)) {
     69     *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesList);
     70     return false;
     71   }
     72 
     73   for (size_t i = 0; i < list_value->GetSize(); ++i) {
     74     std::string relative_path;
     75     if (!list_value->GetString(i, &relative_path)) {
     76       *error = ErrorUtils::FormatErrorMessageUTF16(
     77           errors::kInvalidSandboxedPage, base::IntToString(i));
     78       return false;
     79     }
     80     URLPattern pattern(URLPattern::SCHEME_EXTENSION);
     81     if (pattern.Parse(extension->url().spec()) != URLPattern::PARSE_SUCCESS) {
     82       *error = ErrorUtils::FormatErrorMessageUTF16(
     83           errors::kInvalidURLPatternError, extension->url().spec());
     84       return false;
     85     }
     86     while (relative_path[0] == '/')
     87       relative_path = relative_path.substr(1, relative_path.length() - 1);
     88     pattern.SetPath(pattern.path() + relative_path);
     89     sandboxed_info->pages.AddPattern(pattern);
     90   }
     91 
     92   if (extension->manifest()->HasPath(keys::kSandboxedPagesCSP)) {
     93     if (!extension->manifest()->GetString(
     94             keys::kSandboxedPagesCSP,
     95             &sandboxed_info->content_security_policy)) {
     96       *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
     97       return false;
     98     }
     99 
    100     if (!csp_validator::ContentSecurityPolicyIsLegal(
    101             sandboxed_info->content_security_policy) ||
    102         !csp_validator::ContentSecurityPolicyIsSandboxed(
    103             sandboxed_info->content_security_policy, extension->GetType())) {
    104       *error = ASCIIToUTF16(errors::kInvalidSandboxedPagesCSP);
    105       return false;
    106     }
    107   } else {
    108     sandboxed_info->content_security_policy =
    109         kDefaultSandboxedPageContentSecurityPolicy;
    110     CHECK(csp_validator::ContentSecurityPolicyIsSandboxed(
    111         sandboxed_info->content_security_policy, extension->GetType()));
    112   }
    113 
    114   extension->SetManifestData(keys::kSandboxedPages, sandboxed_info.release());
    115   return true;
    116 }
    117 
    118 const std::vector<std::string> SandboxedPageHandler::Keys() const {
    119   return SingleKey(keys::kSandboxedPages);
    120 }
    121 
    122 }  // namespace extensions
    123