-
Karan Bhatia authored
When an extension is granted tab permission using activeTab (in response to say clicking on its browser action), the extension is granted permission to the tab's origin for the duration of the tab lifetime. When this happens for a tab with a file url loaded, the extension gets permission to the file scheme on the tab. This allows, for example, the extension to read the contents of the page using apis like chrome.tabs.executeScript. For file urls, this is not ideal since this does not respect the "Allow access to file URLs" extension setting. This CL changes this behavior, gating the access to the file scheme on the tab, on the extension having explicit file access. This CL also adds extensive test coverage for the behavior of tabs.executeScript on pages with file urls loaded into them. BUG=816685 Change-Id: I9175bb1883006fe594a93262c6825a962c285037 Reviewed-on: https://chromium-review.googlesource.com/994264 Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Reviewed-by:
Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#548269}
7a33a542
