New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 599900 link

Starred by 3 users
Status: Fixed
Owner:
rdevlin....@chromium.org
Closed: May 2016
Cc:
lazyboy@chromium.org
asargent@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

ContentCapabilities API doesn't allow permissions modification for about:blank iframes

Project Member Reported by rdevlin....@chromium.org, Apr 1 2016 
The ContentCapabilities API allows an extension to provide certain capabilities to websites (like cliboardRead and cliboardWrite) and accepts urls to match in the manifest.  However, if there's an about:blank iframe in the page, we don't match against the parent url.  We should allow (at least the option for) extensions to add content capabilities to an about:blank iframe.

My guess is that we'll probably want to have a "match_about_blank" option for content_capabilities, similar to what we do for content scripts (and may even default it to true since there's less reason not to).

Comment 1 by ralp...@google.com, Apr 11 2016 

Hi, any updates on this?
Project Member

Comment 2 by bugdroid1@chromium.org, May 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d0f2bad624766048836545ab34e13cd7a46c92e8

commit d0f2bad624766048836545ab34e13cd7a46c92e8
Author: rdevlin.cronin <rdevlin.cronin@chromium.org>
Date: Tue May 24 23:59:59 2016

[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG= 599900 

Review-Url: https://codereview.chromium.org/1985323002
Cr-Commit-Position: refs/heads/master@{#395744}

[modify] https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8/chrome/browser/extensions/content_capabilities_browsertest.cc
[modify] https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8/chrome/test/data/extensions/content_capabilities/bar.example.com.html
[modify] https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8/chrome/test/data/extensions/content_capabilities/capability_tests.js
[modify] https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8/chrome/test/data/extensions/content_capabilities/foo.example.com.html
[modify] https://crrev.com/d0f2bad624766048836545ab34e13cd7a46c92e8/extensions/renderer/dispatcher.cc

Comment 3 by rdevlin....@chromium.org, May 31 2016

Labels: Merge-Request-52 M-52

Comment 4 by rdevlin....@chromium.org, May 31 2016

Status: Fixed (was: Assigned)

Comment 5 by tin...@google.com, May 31 2016

Labels: -Merge-Request-52 Merge-Approved-52 Hotlist-Merge-Approved
Your change meets the bar and is auto-approved for M52 (branch: 2743)
Project Member

Comment 6 by bugdroid1@chromium.org, May 31 2016

Labels: -merge-approved-52 merge-merged-2743
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c696c1e934654abe2b5362396c6c996c3a9dffeb

commit c696c1e934654abe2b5362396c6c996c3a9dffeb
Author: Devlin Cronin <rdevlin.cronin@chromium.org>
Date: Tue May 31 20:48:21 2016

[Extensions] Expand capabilities to about:blank iframes within a page

Expand the content capabilies to grant the capabilities to about:blank
iframes within a page that matches the content capabilities entry for
an extension. This is consistent with most web permissions, where
about:blank frames take the permissions from the "parent".

In theory, we could also create a match_about_blank entry in the
manifest for this, but I'm not sure how many use cases there are for
*not* granting permissions to child frames like this.

BUG= 599900 

Review-Url: https://codereview.chromium.org/1985323002
Cr-Commit-Position: refs/heads/master@{#395744}
(cherry picked from commit d0f2bad624766048836545ab34e13cd7a46c92e8)

Review URL: https://codereview.chromium.org/2028833002 .

Cr-Commit-Position: refs/branch-heads/2743@{#147}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/c696c1e934654abe2b5362396c6c996c3a9dffeb/chrome/browser/extensions/content_capabilities_browsertest.cc
[modify] https://crrev.com/c696c1e934654abe2b5362396c6c996c3a9dffeb/chrome/test/data/extensions/content_capabilities/bar.example.com.html
[modify] https://crrev.com/c696c1e934654abe2b5362396c6c996c3a9dffeb/chrome/test/data/extensions/content_capabilities/capability_tests.js
[modify] https://crrev.com/c696c1e934654abe2b5362396c6c996c3a9dffeb/chrome/test/data/extensions/content_capabilities/foo.example.com.html
[modify] https://crrev.com/c696c1e934654abe2b5362396c6c996c3a9dffeb/extensions/renderer/dispatcher.cc

Sign in to add a comment