Chromium Code Reviews| Index: chrome/common/extensions/extension.cc |
| diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc |
| index c890a2b0b8e0f28095f966107631a23fd9779d1a..b4188c3b318b1bd06338cba8124bcd3b3247bab4 100644 |
| --- a/chrome/common/extensions/extension.cc |
| +++ b/chrome/common/extensions/extension.cc |
| @@ -3575,7 +3575,8 @@ bool Extension::HasMultipleUISurfaces() const { |
| return num_surfaces > 1; |
| } |
| -bool Extension::CanExecuteScriptOnPage(const GURL& page_url, |
| +bool Extension::CanExecuteScriptOnPage(const GURL& document_url, |
| + const GURL& top_frame_url, |
| int tab_id, |
| const UserScript* script, |
| std::string* error) const { |
| @@ -3586,7 +3587,7 @@ bool Extension::CanExecuteScriptOnPage(const GURL& page_url, |
| // TODO(erikkay): This seems like the wrong test. Shouldn't we we testing |
| // against the store app extent? |
| GURL store_url(extension_urls::GetWebstoreLaunchURL()); |
| - if ((page_url.host() == store_url.host()) && |
| + if ((document_url.host() == store_url.host()) && |
| !CanExecuteScriptEverywhere() && |
| !CommandLine::ForCurrentProcess()->HasSwitch( |
| switches::kAllowScriptingGallery)) { |
| @@ -3595,7 +3596,13 @@ bool Extension::CanExecuteScriptOnPage(const GURL& page_url, |
| return false; |
| } |
| - if (page_url.SchemeIs(chrome::kChromeUIScheme) && |
| + if (document_url.SchemeIs(chrome::kChromeUIScheme) && |
| + !CanExecuteScriptEverywhere()) |
| + return false; |
| + |
| + if (top_frame_url.SchemeIs(chrome::kExtensionScheme) && |
| + top_frame_url.GetOrigin() != |
| + GetBaseURLFromExtensionId(id()).GetOrigin() && |
| !CanExecuteScriptEverywhere()) |
|
Aaron Boodman
2012/08/23 00:45:59
Braces required here.
zel
2012/08/23 01:28:29
Done.
|
| return false; |
| @@ -3604,24 +3611,24 @@ bool Extension::CanExecuteScriptOnPage(const GURL& page_url, |
| scoped_refptr<const PermissionSet> tab_permissions = |
| runtime_data_.GetTabSpecificPermissions(tab_id); |
| if (tab_permissions.get() && |
| - tab_permissions->explicit_hosts().MatchesSecurityOrigin(page_url)) { |
| + tab_permissions->explicit_hosts().MatchesSecurityOrigin(document_url)) { |
| return true; |
| } |
| } |
| // If a script is specified, use its matches. |
| if (script) |
| - return script->MatchesURL(page_url); |
| + return script->MatchesURL(document_url); |
| // Otherwise, see if this extension has permission to execute script |
| // programmatically on pages. |
| if (runtime_data_.GetActivePermissions()->HasExplicitAccessToOrigin( |
| - page_url)) |
| + document_url)) |
| return true; |
| if (error) { |
| *error = ExtensionErrorUtils::FormatErrorMessage(errors::kCannotAccessPage, |
| - page_url.spec()); |
| + document_url.spec()); |
| } |
| return false; |