Changeset 90581 in webkit
- Timestamp:
- Jul 7, 2011 11:38:18 AM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r90575 r90581 1 2011-07-07 Andrey Kosyakov <caseq@chromium.org> 2 3 Web Inspector: secure access to extensions API 4 https://bugs.webkit.org/show_bug.cgi?id=64080 5 6 Reviewed by Pavel Feldman. 7 8 * inspector/front-end/ExtensionAPI.js: 9 (WebInspector.injectedExtensionAPI.Panels.prototype.create): 10 (WebInspector.injectedExtensionAPI.ExtensionSidebarPaneImpl.prototype.setPage): 11 * inspector/front-end/ExtensionPanel.js: 12 (WebInspector.ExtensionPanel): 13 * inspector/front-end/ExtensionServer.js: 14 (WebInspector.ExtensionServer): 15 (WebInspector.ExtensionServer.prototype._onCreatePanel): 16 (WebInspector.ExtensionServer.prototype._onSetSidebarPage): 17 (WebInspector.ExtensionServer.prototype._addExtensions): 18 (WebInspector.ExtensionServer.prototype._onWindowMessage): 19 (WebInspector.ExtensionServer.prototype._registerSubscriptionHandler): 20 (WebInspector.ExtensionServer.prototype._expandResourcePath): 21 1 22 2011-07-07 Kyusun Kim <maniagoon@company100.net> 2 23 -
trunk/Source/WebCore/inspector/front-end/ExtensionAPI.js
r90355 r90581 168 168 169 169 Panels.prototype = { 170 create: function(title, icon URL, pageURL, callback)170 create: function(title, icon, page, callback) 171 171 { 172 172 var id = "extension-panel-" + extensionServer.nextObjectId(); … … 175 175 id: id, 176 176 title: title, 177 icon: expandURL(iconURL),178 url: expandURL(pageURL)177 icon: icon, 178 page: page 179 179 }; 180 180 extensionServer.sendRequest(request, callback && bind(callback, this, new ExtensionPanel(id))); … … 249 249 }, 250 250 251 setPage: function( url)252 { 253 extensionServer.sendRequest({ command: "setSidebarPage", id: this._id, url: expandURL(url)});251 setPage: function(page) 252 { 253 extensionServer.sendRequest({ command: "setSidebarPage", id: this._id, page: page }); 254 254 } 255 255 } … … 441 441 } 442 442 443 function expandURL(url)444 {445 if (!url)446 return url;447 if (/^[^/]+:/.exec(url)) // See if url has schema.448 return url;449 var baseURL = location.protocol + "//" + location.hostname + location.port;450 if (/^\//.exec(url))451 return baseURL + url;452 return baseURL + location.pathname.replace(/\/[^/]*$/,"/") + url;453 }454 455 443 function bind(func, thisObject) 456 444 { -
trunk/Source/WebCore/inspector/front-end/ExtensionPanel.js
r85319 r90581 32 32 { 33 33 this.toolbarItemLabel = label; 34 this._addStyleRule(".toolbar-item." + id + " .toolbar-icon", "background-image: url(" + iconURL + ");"); 34 if (iconURL) 35 this._addStyleRule(".toolbar-item." + id + " .toolbar-icon", "background-image: url(" + iconURL + ");"); 35 36 WebInspector.Panel.call(this, id); 36 37 } -
trunk/Source/WebCore/inspector/front-end/ExtensionServer.js
r89659 r90581 39 39 this._resources = {}; 40 40 this._lastResourceId = 0; 41 this._allowedOrigins = {}; 41 42 this._status = new WebInspector.ExtensionStatus(); 42 43 … … 204 205 return this._status.E_EXISTS(id); 205 206 206 var panel = new WebInspector.ExtensionPanel(id, message.title, message.icon);207 var panel = new WebInspector.ExtensionPanel(id, message.title, this._expandResourcePath(port._extensionOrigin, message.icon)); 207 208 this._clientObjects[id] = panel; 208 209 WebInspector.panels[id] = panel; 209 210 WebInspector.addPanel(panel); 210 211 211 var iframe = this.createClientIframe(panel.element, message.url);212 var iframe = this.createClientIframe(panel.element, this._expandResourcePath(port._extensionOrigin, message.page)); 212 213 iframe.addStyleClass("panel"); 213 214 return this._status.OK(); … … 258 259 }, 259 260 260 _onSetSidebarPage: function(message )261 _onSetSidebarPage: function(message, port) 261 262 { 262 263 var sidebar = this._clientObjects[message.id]; 263 264 if (!sidebar) 264 265 return this._status.E_NOTFOUND(message.id); 265 sidebar.setPage( message.url);266 sidebar.setPage(this._expandResourcePath(port._extensionOrigin, message.page)); 266 267 }, 267 268 … … 409 410 if (!extension.startPage) 410 411 return; 412 var originMatch = /([^:]+:\/\/[^/]*)\//.exec(extension.startPage); 413 if (!originMatch) { 414 console.error("Skipping extension with invalid URL: " + extension.startPage); 415 continue; 416 } 417 this._allowedOrigins[originMatch[1]] = true; 411 418 var iframe = document.createElement("iframe"); 412 419 iframe.src = extension.startPage; … … 442 449 if (event.data !== "registerExtension") 443 450 return; 451 if (!this._allowedOrigins.hasOwnProperty(event.origin)) { 452 console.error("Ignoring unauthorized client request from " + event.origin); 453 return; 454 } 444 455 var port = event.ports[0]; 456 port._extensionOrigin = event.origin; 445 457 port.addEventListener("message", this._onmessage.bind(this), false); 446 458 port.start(); … … 470 482 this._subscriptionStartHandlers[eventTopic] = onSubscribeFirst; 471 483 this._subscriptionStopHandlers[eventTopic] = onUnsubscribeLast; 484 }, 485 486 _expandResourcePath: function(extensionPath, resourcePath) 487 { 488 if (!resourcePath) 489 return; 490 return extensionPath + escape(this._normalizePath(resourcePath)); 491 }, 492 493 _normalizePath: function(path) 494 { 495 var source = path.split("/"); 496 var result = []; 497 498 for (var i = 0; i < source.length; ++i) { 499 if (source[i] === ".") 500 continue; 501 // Ignore empty path components resulting from //, as well as a leading and traling slashes. 502 if (source[i] === "") 503 continue; 504 if (source[i] === "..") 505 result.pop(); 506 else 507 result.push(source[i]); 508 } 509 return "/" + result.join("/"); 472 510 } 473 511 }
Note: See TracChangeset
for help on using the changeset viewer.