1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/common/extensions/chrome_extensions_client.h"
7 #include "base/command_line.h"
8 #include "chrome/common/extensions/chrome_manifest_handlers.h"
9 #include "chrome/common/extensions/extension_constants.h"
10 #include "chrome/common/extensions/features/base_feature_provider.h"
11 #include "chrome/common/url_constants.h"
12 #include "content/public/common/url_constants.h"
13 #include "extensions/common/common_manifest_handlers.h"
14 #include "extensions/common/extension.h"
15 #include "extensions/common/manifest_constants.h"
16 #include "extensions/common/manifest_handler.h"
17 #include "extensions/common/permissions/api_permission_set.h"
18 #include "extensions/common/permissions/permission_message.h"
19 #include "extensions/common/switches.h"
20 #include "extensions/common/url_pattern.h"
21 #include "extensions/common/url_pattern_set.h"
22 #include "grit/generated_resources.h"
23 #include "ui/base/l10n/l10n_util.h"
27 const char kThumbsWhiteListedExtension
[] = "khopmbdjffemhegeeobelklnbglcdgfh";
30 namespace extensions
{
32 static base::LazyInstance
<ChromeExtensionsClient
> g_client
=
33 LAZY_INSTANCE_INITIALIZER
;
35 ChromeExtensionsClient::ChromeExtensionsClient()
36 : chrome_api_permissions_(ChromeAPIPermissions()) {
39 ChromeExtensionsClient::~ChromeExtensionsClient() {
42 void ChromeExtensionsClient::Initialize() {
43 // Registration could already be finalized in unit tests, where the utility
44 // thread runs in-process.
45 if (!ManifestHandler::IsRegistrationFinalized()) {
46 RegisterCommonManifestHandlers();
47 RegisterChromeManifestHandlers();
48 ManifestHandler::FinalizeRegistration();
51 // Set up the scripting whitelist.
52 // Whitelist ChromeVox, an accessibility extension from Google that needs
53 // the ability to script webui pages. This is temporary and is not
54 // meant to be a general solution.
55 // TODO(dmazzoni): remove this once we have an extension API that
56 // allows any extension to request read-only access to webui pages.
57 scripting_whitelist_
.push_back(extension_misc::kChromeVoxExtensionId
);
59 // Whitelist "Discover DevTools Companion" extension from Google that
60 // needs the ability to script DevTools pages. Companion will assist
61 // online courses and will be needed while the online educational programs
63 scripting_whitelist_
.push_back("angkfkebojeancgemegoedelbnjgcgme");
66 const PermissionsProvider
&
67 ChromeExtensionsClient::GetPermissionsProvider() const {
68 return chrome_api_permissions_
;
71 const PermissionMessageProvider
&
72 ChromeExtensionsClient::GetPermissionMessageProvider() const {
73 return permission_message_provider_
;
76 FeatureProvider
* ChromeExtensionsClient::GetFeatureProviderByName(
77 const std::string
& name
) const {
78 return BaseFeatureProvider::GetByName(name
);
81 void ChromeExtensionsClient::FilterHostPermissions(
82 const URLPatternSet
& hosts
,
83 URLPatternSet
* new_hosts
,
84 std::set
<PermissionMessage
>* messages
) const {
85 for (URLPatternSet::const_iterator i
= hosts
.begin();
86 i
!= hosts
.end(); ++i
) {
87 // Filters out every URL pattern that matches chrome:// scheme.
88 if (i
->scheme() == chrome::kChromeUIScheme
) {
89 // chrome://favicon is the only URL for chrome:// scheme that we
90 // want to support. We want to deprecate the "chrome" scheme.
91 // We should not add any additional "host" here.
92 if (GURL(chrome::kChromeUIFaviconURL
).host() != i
->host())
94 messages
->insert(PermissionMessage(
95 PermissionMessage::kFavicon
,
96 l10n_util::GetStringUTF16(IDS_EXTENSION_PROMPT_WARNING_FAVICON
)));
98 new_hosts
->AddPattern(*i
);
103 void ChromeExtensionsClient::SetScriptingWhitelist(
104 const ExtensionsClient::ScriptingWhitelist
& whitelist
) {
105 scripting_whitelist_
= whitelist
;
108 const ExtensionsClient::ScriptingWhitelist
&
109 ChromeExtensionsClient::GetScriptingWhitelist() const {
110 return scripting_whitelist_
;
113 URLPatternSet
ChromeExtensionsClient::GetPermittedChromeSchemeHosts(
114 const Extension
* extension
,
115 const APIPermissionSet
& api_permissions
) const {
117 // Regular extensions are only allowed access to chrome://favicon.
118 hosts
.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI
,
119 chrome::kChromeUIFaviconURL
));
121 // Experimental extensions are also allowed chrome://thumb.
123 // TODO: A public API should be created for retrieving thumbnails.
124 // See http://crbug.com/222856. A temporary hack is implemented here to
125 // make chrome://thumbs available to NTP Russia extension as
127 if ((api_permissions
.find(APIPermission::kExperimental
) !=
128 api_permissions
.end()) ||
129 (extension
->id() == kThumbsWhiteListedExtension
&&
130 extension
->from_webstore())) {
131 hosts
.AddPattern(URLPattern(URLPattern::SCHEME_CHROMEUI
,
132 chrome::kChromeUIThumbnailURL
));
137 bool ChromeExtensionsClient::IsScriptableURL(
138 const GURL
& url
, std::string
* error
) const {
139 // The gallery is special-cased as a restricted URL for scripting to prevent
140 // access to special JS bindings we expose to the gallery (and avoid things
141 // like extensions removing the "report abuse" link).
142 // TODO(erikkay): This seems like the wrong test. Shouldn't we we testing
143 // against the store app extent?
144 GURL
store_url(extension_urls::GetWebstoreLaunchURL());
145 if (CommandLine::ForCurrentProcess()->HasSwitch(
146 switches::kAllowScriptingGallery
)) {
149 if (url
.host() == store_url
.host()) {
151 *error
= manifest_errors::kCannotScriptGallery
;
158 ChromeExtensionsClient
* ChromeExtensionsClient::GetInstance() {
159 return g_client
.Pointer();
162 } // namespace extensions
