GURL::EmptyGURL());
}
+// Checks that urls are properly restricted for the given extension.
+void CheckRestrictedUrls(const Extension* extension,
+ bool block_chrome_urls) {
+ // We log the name so we know _which_ extension failed here.
+ const std::string& name = extension->name();
+ const GURL chrome_settings_url("chrome://settings/");
+ const GURL chrome_extension_url("chrome-extension://foo/bar.html");
+ const GURL google_url("https://www.google.com/");
+ const GURL self_url("chrome-extension://" + extension->id() + "/foo.html");
+ const GURL invalid_url("chrome-debugger://foo/bar.html");
+
+ std::string error;
+ EXPECT_EQ(block_chrome_urls,
+ PermissionsData::IsRestrictedUrl(
+ chrome_settings_url,
+ chrome_settings_url,
+ extension,
+ &error)) << name;
+ if (block_chrome_urls)
+ EXPECT_EQ(manifest_errors::kCannotAccessChromeUrl, error) << name;
+ else
+ EXPECT_TRUE(error.empty()) << name;
+
+ error.clear();
+ EXPECT_EQ(block_chrome_urls,
+ PermissionsData::IsRestrictedUrl(
+ chrome_extension_url,
+ chrome_extension_url,
+ extension,
+ &error)) << name;
+ if (block_chrome_urls)
+ EXPECT_EQ(manifest_errors::kCannotAccessExtensionUrl, error) << name;
+ else
+ EXPECT_TRUE(error.empty()) << name;
+
+ // Google should never be a restricted url.
+ error.clear();
+ EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
+ google_url, google_url, extension, &error)) << name;
+ EXPECT_TRUE(error.empty()) << name;
+
+ // We should always be able to access our own extension pages.
+ error.clear();
+ EXPECT_FALSE(PermissionsData::IsRestrictedUrl(
+ self_url, self_url, extension, &error)) << name;
+ EXPECT_TRUE(error.empty()) << name;
+
+ // We should only allow other schemes for extensions when it's a whitelisted
+ // extension.
+ error.clear();
+ bool allow_on_other_schemes =
+ PermissionsData::CanExecuteScriptEverywhere(extension);
+ EXPECT_EQ(!allow_on_other_schemes,
+ PermissionsData::IsRestrictedUrl(
+ invalid_url, invalid_url, extension, &error)) << name;
+ if (!allow_on_other_schemes) {
+ EXPECT_EQ(ErrorUtils::FormatErrorMessage(
+ manifest_errors::kCannotAccessPage,
+ invalid_url.spec()),
+ error) << name;
+ } else {
+ EXPECT_TRUE(error.empty());
+ }
+}
+
} // namespace
TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
extension, 0, GURL("https://www.google.com/")));
}
+TEST(ExtensionPermissionsTest, IsRestrictedUrl) {
+ scoped_refptr<const Extension> extension =
+ GetExtensionWithHostPermission("normal_extension",
+ kAllHostsPermission,
+ Manifest::INTERNAL);
+ // Chrome urls should be blocked for normal extensions.
+ CheckRestrictedUrls(extension, true);
+
+ scoped_refptr<const Extension> component =
+ GetExtensionWithHostPermission("component",
+ kAllHostsPermission,
+ Manifest::COMPONENT);
+ // Chrome urls should be accessible by component extensions.
+ CheckRestrictedUrls(component, false);
+
+ base::CommandLine::ForCurrentProcess()->AppendSwitch(
+ switches::kExtensionsOnChromeURLs);
+ // Enabling the switch should allow all extensions to access chrome urls.
+ CheckRestrictedUrls(extension, false);
+
+}
+
TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
scoped_refptr<Extension> extension;
extension = LoadManifest("permissions", "many-apis.json");
EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
- EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
- EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
+ EXPECT_TRUE(AllowedScript(extension.get(), http_url, extension_url));
+ EXPECT_TRUE(AllowedScript(extension.get(), https_url, extension_url));
const PermissionsData* permissions_data = extension->permissions_data();
EXPECT_FALSE(permissions_data->HasHostPermission(settings_url));