1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/chrome_extensions_client.h"
7 #include "chrome/common/extensions/chrome_manifest_handlers.h"
8 #include "chrome/common/extensions/extension.h"
9 #include "chrome/common/extensions/extension_constants.h"
10 #include "chrome/common/extensions/features/base_feature_provider.h"
11 #include "chrome/common/url_constants.h"
12 #include "content/public/common/url_constants.h"
13 #include "extensions/common/permissions/api_permission_set.h"
14 #include "extensions/common/permissions/permission_message.h"
15 #include "extensions/common/url_pattern.h"
16 #include "extensions/common/url_pattern_set.h"
17 #include "grit/generated_resources.h"
18 #include "ui/base/l10n/l10n_util.h"
22 const char kThumbsWhiteListedExtension[] = "khopmbdjffemhegeeobelklnbglcdgfh";
25 namespace extensions {
27 static base::LazyInstance<ChromeExtensionsClient> g_client =
28 LAZY_INSTANCE_INITIALIZER;
30 ChromeExtensionsClient::ChromeExtensionsClient()
31 : chrome_api_permissions_(ChromeAPIPermissions()) {
34 ChromeExtensionsClient::~ChromeExtensionsClient() {
37 void ChromeExtensionsClient::Initialize() {
38 RegisterChromeManifestHandlers();
40 // Set up the scripting whitelist.
41 // Whitelist ChromeVox, an accessibility extension from Google that needs
42 // the ability to script webui pages. This is temporary and is not
43 // meant to be a general solution.
44 // TODO(dmazzoni): remove this once we have an extension API that
45 // allows any extension to request read-only access to webui pages.
46 scripting_whitelist_.push_back(extension_misc::kChromeVoxExtensionId);
48 // Whitelist "Discover DevTools Companion" extension from Google that
49 // needs the ability to script DevTools pages. Companion will assist
50 // online courses and will be needed while the online educational programs
52 scripting_whitelist_.push_back("angkfkebojeancgemegoedelbnjgcgme");
55 const PermissionsProvider&
56 ChromeExtensionsClient::GetPermissionsProvider() const {
57 return chrome_api_permissions_;
60 const PermissionMessageProvider&
61 ChromeExtensionsClient::GetPermissionMessageProvider() const {
62 return permission_message_provider_;
65 FeatureProvider* ChromeExtensionsClient::GetFeatureProviderByName(
66 const std::string& name) const {
67 return BaseFeatureProvider::GetByName(name);
70 void ChromeExtensionsClient::FilterHostPermissions(
71 const URLPatternSet& hosts,
72 URLPatternSet* new_hosts,
73 std::set<PermissionMessage>* messages) const {
74 for (URLPatternSet::const_iterator i = hosts.begin();
75 i != hosts.end(); ++i) {
76 // Filters out every URL pattern that matches chrome:// scheme.
77 if (i->scheme() == chrome::kChromeUIScheme) {
78 // chrome://favicon is the only URL for chrome:// scheme that we
79 // want to support. We want to deprecate the "chrome" scheme.
80 // We should not add any additional "host" here.
81 if (GURL(chrome::kChromeUIFaviconURL).host() != i->host())
83 messages->insert(PermissionMessage(
84 PermissionMessage::kFavicon,
85 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_FAVICON)));
87 new_hosts->AddPattern(*i);
92 void ChromeExtensionsClient::SetScriptingWhitelist(
93 const ExtensionsClient::ScriptingWhitelist& whitelist) {
94 scripting_whitelist_ = whitelist;
97 const ExtensionsClient::ScriptingWhitelist&
98 ChromeExtensionsClient::GetScriptingWhitelist() const {
99 return scripting_whitelist_;
102 URLPatternSet ChromeExtensionsClient::GetPermittedChromeSchemeHosts(
103 const Extension* extension,
104 const APIPermissionSet& api_permissions) const {
106 // Regular extensions are only allowed access to chrome://favicon.
107 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
108 chrome::kChromeUIFaviconURL));
110 // Experimental extensions are also allowed chrome://thumb.
112 // TODO: A public API should be created for retrieving thumbnails.
113 // See http://crbug.com/222856. A temporary hack is implemented here to
114 // make chrome://thumbs available to NTP Russia extension as
116 if ((api_permissions.find(APIPermission::kExperimental) !=
117 api_permissions.end()) ||
118 (extension->id() == kThumbsWhiteListedExtension &&
119 extension->from_webstore())) {
120 hosts.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI,
121 chrome::kChromeUIThumbnailURL));
127 ChromeExtensionsClient* ChromeExtensionsClient::GetInstance() {
128 return g_client.Pointer();
131 } // namespace extensions