[epiphany/pgriffis/web-extension/uri-unprivileged] WebExtensions: Relax definition of unprivileged uri

[Patrick Griffis <pgriffis src gnome org>]

commit 00404ff9e8f7a7cac9745958a8f9bb2b5240c35c
Author: Patrick Griffis <pgriffis igalia com>
Date:   Sat Jun 4 10:52:25 2022 -0500

    WebExtensions: Relax definition of unprivileged uri
    
    This more closely follows Firefox's behavior documented here:
    https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs/create

 src/webextension/api/tabs.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/src/webextension/api/tabs.c b/src/webextension/api/tabs.c
index 7d857e607..0cfda7b74 100644
--- a/src/webextension/api/tabs.c
+++ b/src/webextension/api/tabs.c
@@ -564,6 +564,14 @@ url_is_unprivileged (EphyWebExtension *web_extension,
                      const char       *url)
 {
   const char *scheme;
+  /* https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs/create */
+  const char * const forbidden_schemes[] = {
+    "data",
+    "javascript",
+    "chrome",
+    "file",
+    "about", /* ephy_embed_utils_url_is_empty() allows safe about URIs. */
+  };
 
   if (!url)
     return TRUE;
@@ -573,12 +581,12 @@ url_is_unprivileged (EphyWebExtension *web_extension,
 
   scheme = g_uri_peek_scheme (url);
 
-  if (g_strcmp0 (scheme, "ephy-webextension") == 0) {
-    g_autofree char *web_extension_prefix = g_strconcat ("ephy-webextension://", ephy_web_extension_get_guid 
(web_extension), "/", NULL);
-    return g_str_has_prefix (url, web_extension_prefix);
+  for (guint i = 0; i < G_N_ELEMENTS (forbidden_schemes); i++) {
+    if (strcmp (scheme, forbidden_schemes[i]) == 0)
+      return FALSE;
   }
 
-  return g_strcmp0 (scheme, "https") == 0 || g_strcmp0 (scheme, "http") == 0;
+  return TRUE;
 }
 
 static char *