Adding `content_security_policy` to the "Mappy" sample.
This involved pretty much rewriting the popup code to avoid a script injected
via `document.write` in the Maps API code.
BUG=92644
TEST=
Review URL: http://codereview.chromium.org/8311007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106043 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy.zip b/chrome/common/extensions/docs/examples/extensions/mappy.zip
index 097306a..92a8b6fb 100644
--- a/chrome/common/extensions/docs/examples/extensions/mappy.zip
+++ b/chrome/common/extensions/docs/examples/extensions/mappy.zip
Binary files differ
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/background.html b/chrome/common/extensions/docs/examples/extensions/mappy/background.html
index ff6f7c9c..6de2158 100644
--- a/chrome/common/extensions/docs/examples/extensions/mappy/background.html
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/background.html
@@ -1,42 +1,9 @@
-<script>
-// Global accessor that the popup uses.
-var addresses = {};
-var selectedAddress = null;
-var selectedId = null;
-
-function updateAddress(tabId) {
- chrome.tabs.sendRequest(tabId, {}, function(address) {
- addresses[tabId] = address;
- if (!address) {
- chrome.pageAction.hide(tabId);
- } else {
- chrome.pageAction.show(tabId);
- if (selectedId == tabId) {
- updateSelected(tabId);
- }
- }
- });
-}
-
-function updateSelected(tabId) {
- selectedAddress = addresses[tabId];
- if (selectedAddress)
- chrome.pageAction.setTitle({tabId:tabId, title:selectedAddress});
-}
-
-chrome.tabs.onUpdated.addListener(function(tabId, change, tab) {
- if (change.status == "complete") {
- updateAddress(tabId);
- }
-});
-
-chrome.tabs.onSelectionChanged.addListener(function(tabId, info) {
- selectedId = tabId;
- updateSelected(tabId);
-});
-
-// Ensure the current selected tab is set up.
-chrome.tabs.getSelected(null, function(tab) {
- updateAddress(tab.id);
-});
-</script>
+<!doctype html>
+<html>
+ <head>
+ <title>Background Page</title>
+ <script src="background.js"></script>
+ </head>
+ <body>
+ </body>
+</html>
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/background.js b/chrome/common/extensions/docs/examples/extensions/mappy/background.js
new file mode 100644
index 0000000..7fbed30
--- /dev/null
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/background.js
@@ -0,0 +1,44 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Global accessor that the popup uses.
+var addresses = {};
+var selectedAddress = null;
+var selectedId = null;
+
+function updateAddress(tabId) {
+ chrome.tabs.sendRequest(tabId, {}, function(address) {
+ addresses[tabId] = address;
+ if (!address) {
+ chrome.pageAction.hide(tabId);
+ } else {
+ chrome.pageAction.show(tabId);
+ if (selectedId == tabId) {
+ updateSelected(tabId);
+ }
+ }
+ });
+}
+
+function updateSelected(tabId) {
+ selectedAddress = addresses[tabId];
+ if (selectedAddress)
+ chrome.pageAction.setTitle({tabId:tabId, title:selectedAddress});
+}
+
+chrome.tabs.onUpdated.addListener(function(tabId, change, tab) {
+ if (change.status == "complete") {
+ updateAddress(tabId);
+ }
+});
+
+chrome.tabs.onSelectionChanged.addListener(function(tabId, info) {
+ selectedId = tabId;
+ updateSelected(tabId);
+});
+
+// Ensure the current selected tab is set up.
+chrome.tabs.getSelected(null, function(tab) {
+ updateAddress(tab.id);
+});
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json b/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json
index 9c3858e04..849aeb1 100644
--- a/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json
@@ -9,11 +9,13 @@
],
"permissions": [
"tabs",
- "http://maps.google.com/*"
+ "https://maps.google.com/*",
+ "https://maps.googleapis.com/*"
],
"page_action": {
"default_name": "Display Map",
"default_icon": "marker.png",
"popup": "popup.html"
- }
+ },
+ "content_security_policy": "default-src 'none'; style-src 'self'; script-src 'self'; connect-src https://maps.googleapis.com; img-src https://maps.google.com"
}
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/mappy_content_script.js b/chrome/common/extensions/docs/examples/extensions/mappy/mappy_content_script.js
index c4c5fba3..2393a0f 100644
--- a/chrome/common/extensions/docs/examples/extensions/mappy/mappy_content_script.js
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/mappy_content_script.js
@@ -1,3 +1,7 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
// The background page is asking us to find an address on the page.
if (window == top) {
chrome.extension.onRequest.addListener(function(req, sender, sendResponse) {
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/popup.css b/chrome/common/extensions/docs/examples/extensions/mappy/popup.css
new file mode 100644
index 0000000..8091788
--- /dev/null
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/popup.css
@@ -0,0 +1,15 @@
+/**
+ * Copyright (c) 2011 The Chromium Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+body {
+ margin: 0px;
+ padding: 0px;
+}
+
+#map {
+ width: 512px;
+ height: 512px;
+}
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/popup.html b/chrome/common/extensions/docs/examples/extensions/mappy/popup.html
index 29d838d..c5d27fb 100644
--- a/chrome/common/extensions/docs/examples/extensions/mappy/popup.html
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/popup.html
@@ -1,42 +1,11 @@
-<head>
-<style>
-body {
- margin: 0px;
- padding: 0px;
-}
-#map {
- width: 512px;
- height: 512px;
-}
-</style>
-<script src="http://maps.google.com/maps?file=api&v=2&key=ABQIAAAATfHumDbW3OmRByfquHd3SRTRERdeAiwZ9EeJWta3L_JZVS0bOBRQeZgr4K0xyVKzUdnnuFl8X9PX0w&sensor=false"
- type="text/javascript"></script>
-<script>
-var maps_key = "ABQIAAAATfHumDbW3OmRByfquHd3SRTRERdeAiwZ9EeJWta3L_JZVS0bOBRQeZgr4K0xyVKzUdnnuFl8X9PX0w";
-
-function gclient_geocode(address) {
- var geocoder = new GClientGeocoder();
- geocoder.getLatLng(address, function(point) {
- if (!point) {
- console.log(address + " not found");
- } else {
- var latlng = point.toUrlValue();
- var url = "http://maps.google.com/staticmap?center=" + latlng +
- "&markers=" + latlng + "&zoom=14" +
- "&size=512x512&sensor=false&key=" + maps_key;
- var map = document.getElementById("map");
- map.src = url;
- }
- });
-}
-
-function map() {
- var address = chrome.extension.getBackgroundPage().selectedAddress;
- if (address)
- gclient_geocode(address);
-};
-</script>
-</head>
-<body onload="map()">
-<img id="map" onclick="window.close()">
-</body>
+<!doctype html>
+<html>
+ <head>
+ <title>Popup</title>
+ <link href="popup.css" rel="stylesheet" type="text/css">
+ </head>
+ <body>
+ <img id="map">
+ <script src="popup.js"></script>
+ </body>
+</html>
diff --git a/chrome/common/extensions/docs/examples/extensions/mappy/popup.js b/chrome/common/extensions/docs/examples/extensions/mappy/popup.js
new file mode 100644
index 0000000..45663c3
--- /dev/null
+++ b/chrome/common/extensions/docs/examples/extensions/mappy/popup.js
@@ -0,0 +1,45 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+var maps_key = "ABQIAAAATfHumDbW3OmRByfquHd3SRTRERdeAiwZ9EeJWta3L_JZVS0bOBRQeZgr4K0xyVKzUdnnuFl8X9PX0w";
+
+function gclient_geocode(address) {
+ var url = 'https://maps.googleapis.com/maps/api/geocode/json?address=' +
+ encodeURIComponent(address) + '&sensor=false';
+ var request = new XMLHttpRequest();
+
+ request.open('GET', url, true);
+ console.log(url);
+ request.onreadystatechange = function (e) {
+ console.log(request, e);
+ if (request.readyState == 4) {
+ if (request.status == 200) {
+ var json = JSON.parse(request.responseText);
+ var latlng = json.results[0].geometry.location;
+ latlng = latlng.lat + ',' + latlng.lng;
+
+ var src = "https://maps.google.com/staticmap?center=" + latlng +
+ "&markers=" + latlng + "&zoom=14" +
+ "&size=512x512&sensor=false&key=" + maps_key;
+ var map = document.getElementById("map");
+
+ map.src = src;
+ map.addEventListener('click', function () {
+ window.close();
+ });
+ } else {
+ console.log('Unable to resolve address into lat/lng');
+ }
+ }
+ };
+ request.send(null);
+}
+
+function map() {
+ var address = chrome.extension.getBackgroundPage().selectedAddress;
+ if (address)
+ gclient_geocode(address);
+}
+
+window.onload = map;
diff --git a/chrome/common/extensions/docs/samples.html b/chrome/common/extensions/docs/samples.html
index a259805e..0ccc5fa 100644
--- a/chrome/common/extensions/docs/samples.html
+++ b/chrome/common/extensions/docs/samples.html
@@ -2598,11 +2598,17 @@
<li>
<code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/background.html?content-type=text/plain">background.html</a></code>
</li><li>
+ <code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/background.js?content-type=text/plain">background.js</a></code>
+ </li><li>
<code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/manifest.json?content-type=text/plain">manifest.json</a></code>
</li><li>
<code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/mappy_content_script.js?content-type=text/plain">mappy_content_script.js</a></code>
</li><li>
+ <code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/popup.css?content-type=text/plain">popup.css</a></code>
+ </li><li>
<code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/popup.html?content-type=text/plain">popup.html</a></code>
+ </li><li>
+ <code><a target="_blank" href="http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/extensions/mappy/popup.js?content-type=text/plain">popup.js</a></code>
</li>
</ul>
</div>
diff --git a/chrome/common/extensions/docs/samples.json b/chrome/common/extensions/docs/samples.json
index dd2b4cb..e6d1a9a 100644
--- a/chrome/common/extensions/docs/samples.json
+++ b/chrome/common/extensions/docs/samples.json
@@ -1426,16 +1426,20 @@
"packaged_app": false,
"path": "examples\/extensions\/mappy\/",
"protocols": [
- "http:\/\/"
+ "https:\/\/",
+ "https:\/\/"
],
"search_string": "MAPPY FINDS ADDRESSES IN THE WEB PAGE YOURE ON AND POPS UP A MAP WINDOW. BACKGROUND_PAGE PAGE_ACTION POPUP TABS CHROME.EXTENSION.GETBACKGROUNDPAGE CHROME.EXTENSION.ONREQUEST CHROME.PAGEACTION.HIDE CHROME.PAGEACTION.SETTITLE CHROME.PAGEACTION.SHOW CHROME.TABS.GET CHROME.TABS.GETSELECTED CHROME.TABS.ONSELECTIONCHANGED CHROME.TABS.ONUPDATED CHROME.TABS.SENDREQUEST",
"source_files": [
"background.html",
+ "background.js",
"manifest.json",
"mappy_content_script.js",
- "popup.html"
+ "popup.css",
+ "popup.html",
+ "popup.js"
],
- "source_hash": "81cf2d3975d7df8b58e5226c5b2b6df026446511",
+ "source_hash": "175f010b7eacb72207b7018732d3e6dca4e8d164",
"zip_path": "examples\/extensions\/mappy.zip"
},
{
