Bug 1375485 - Validate permission types in permissions.request. r?aswan
MozReview-Commit-ID: 2K1vLyiNFMY
--- a/toolkit/components/extensions/ext-permissions.js
+++ b/toolkit/components/extensions/ext-permissions.js
@@ -16,23 +16,30 @@ this.permissions = class extends Extensi
getAPI(context) {
return {
permissions: {
async request(perms) {
let {permissions, origins} = perms;
let manifestPermissions = context.extension.manifest.optional_permissions;
for (let perm of permissions) {
+ if (!context.extension.classifyPermission(perm).permission &&
+ !context.extension.classifyPermission(perm).api) {
+ throw new ExtensionError(`The requested permission ${perm} is not valid`);
+ }
if (!manifestPermissions.includes(perm)) {
throw new ExtensionError(`Cannot request permission ${perm} since it was not declared in optional_permissions`);
}
}
let optionalOrigins = context.extension.optionalOrigins;
for (let origin of origins) {
+ if (!context.extension.classifyPermission(origin).origin) {
+ throw new ExtensionError(`The requested origin ${origin} is not valid`);
+ }
if (!optionalOrigins.subsumes(new MatchPattern(origin))) {
throw new ExtensionError(`Cannot request origin permission for ${origin} since it was not declared in optional_permissions`);
}
}
if (promptsEnabled) {
permissions = permissions.filter(perm => !context.extension.hasPermission(perm));
origins = origins.filter(origin => !context.extension.whiteListedHosts.subsumes(new MatchPattern(origin)));