angler-fishThe Vulnerability History Project

Do not pass URLs in onUpdated events to extensions unless they have the

      &quottabs&quot permission.

BUG=168442


Review URL: https://chromiumcodereview.appspot.com/11824004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@176406 0039d316-1c4b-4281-b951-d872f2087c98
by Roberta the Newfoundland 2013-01-11 19:19:26 UTC
commit f7ae1f7a918f1973dca241a7a23169906eaf4fe3
Chromium
chrome/browser/extensions/api/messaging/message_service.cc
+3 -3
chrome/browser/extensions/browser_event_router.cc
+17 -27
chrome/browser/extensions/browser_event_router.h
+1 -1
chrome/browser/extensions/extension_tab_util.cc
+18 -25
chrome/browser/extensions/extension_tab_util.h
+10 -16
chrome/browser/extensions/extension_tab_util_android.cc
+2 -1
chrome/browser/extensions/extension_tabs_apitest.cc
-4
chrome/browser/extensions/menu_manager.cc
+2 -1
chrome/test/data/extensions/api_test/tabs/no_permissions/manifest.json
-10
chrome/test/data/extensions/api_test/tabs/no_permissions/test.js
-45
expand_less