Google Git
Sign in
chromium / chromium / src.git / 321371e933dbd68b63d4dfaae5963fed4b7dc19e^! / . / chrome / browser / ui / extensions / extension_action_test_helper.h
commit321371e933dbd68b63d4dfaae5963fed4b7dc19e[log] [tgz]
authorKeren Zhu <[email protected]>Wed May 15 19:49:52 2024
committerChromium LUCI CQ <[email protected]>Wed May 15 19:49:52 2024
tree1719e5722605edbfe76e0a1c9313d9eeae33781d
parent36395ab4bf58a9d8b85f69068228aa4a1a223491 [diff] [blame]
extension: block extension popups on visible security dialogs

Previously, extension popups were blocked only during the trigger
phase but not when they were about to be shown after loading. This
behavior leaves a spoofing risk, that a malicious extension may delay
its loading until a security dialog appeared. This patch ensures popups
are blocked upon completion of loading and just before they are
displayed, thereby closing the loophole.

To achieve this, a singleton class, extensions::SecurityDialogTracker,
is added. It removes the need for extensions to directly handle new
security dialogs. The implementation now includes tracking of the
WebAuthn dialog.

Bug: 326681253
Change-Id: If2a0208777c205e8e7ababa5f1db43c39144c191
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5525866
Commit-Queue: Keren Zhu <[email protected]>
Reviewed-by: Elly FJ <[email protected]>
Reviewed-by: Devlin Cronin <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1301514}

diff --git a/chrome/browser/ui/extensions/extension_action_test_helper.h b/chrome/browser/ui/extensions/extension_action_test_helper.h
index 5bcff455..434668d8 100644
--- a/chrome/browser/ui/extensions/extension_action_test_helper.h
+++ b/chrome/browser/ui/extensions/extension_action_test_helper.h

@@ -45,15 +45,18 @@
   // Returns true if there is an action for the given `id`.
   virtual bool HasAction(const extensions::ExtensionId& id) = 0;
 
+  // Simulates a user click on the action button for the given `id`.
+  virtual void Press(const extensions::ExtensionId& id) = 0;
+
   // Inspects the extension popup for the action with the given `id`.
   virtual void InspectPopup(const extensions::ExtensionId& id) = 0;
 
+  // Trigger an extension popup as a result of API.
+  virtual void TriggerPopupForAPI(const extensions::ExtensionId& id) = 0;
+
   // Returns icon for the action for the given `id`.
   virtual gfx::Image GetIcon(const extensions::ExtensionId& id) = 0;
 
-  // Simulates a user click on the action button for the given `id`.
-  virtual void Press(const extensions::ExtensionId& id) = 0;
-
   virtual gfx::NativeView GetPopupNativeView() = 0;
 
   // Spins a RunLoop until the NativeWindow hosting |GetPopupNativeView()| is