-
isandrk authored
In Public Sessions, apps and extensions are force-installed by admin policy so the user does not get a chance to review the permissions for these apps. This is not acceptable from a security standpoint, so we: - scrub the URL available to chrome.tabs.executeScript context (through activeTab permission) down to the origin. This change also causes the tab object passed to the [page|browser]Action.onClicked to be scrubbed for the given extension. TEST= unit_tests --gtest_filter=DeviceLocalAccountManagementPolicyProviderTest.IsWhitelisted unit_tests --gtest_filter=ExtensionTabUtilDelegateChromeOSTest.* unit_tests --gtest_filter=ExtensionTabUtilTest.Delegate BUG=717945 Review-Url: https://codereview.chromium.org/2858643002 Cr-Commit-Position: refs/heads/master@{#469342}
12962027
