Only inject content scripts into HTML documents

chrome/renderer/user_script_slave.cc

Index: chrome/renderer/user_script_slave.cc
diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc
index 4015484db0cfa1054e15136776245309e1f32782..25a272b8fd0125e932a6ab1ea6952981c4932bc8 100644
--- a/chrome/renderer/user_script_slave.cc
+++ b/chrome/renderer/user_script_slave.cc
@@ -18,6 +18,8 @@
 #include "chrome/renderer/extension_groups.h"
 #include "chrome/renderer/render_thread.h"
 #include "googleurl/src/gurl.h"
+#include "third_party/WebKit/WebKit/chromium/public/WebDocument.h"
+#include "third_party/WebKit/WebKit/chromium/public/WebElement.h"
 #include "third_party/WebKit/WebKit/chromium/public/WebFrame.h"
 
 #include "grit/renderer_resources.h"
@@ -149,6 +151,19 @@ bool UserScriptSlave::InjectScripts(WebFrame* frame,
   if (!URLPattern::IsValidScheme(frame_url.scheme()))
     return true;
 
+  // Only inject user scripts into documents with an <html> tag as the root
+  // element. Note that WebCore fixes up html pages that lack a root HTML
+  // element so that they include one. Also, documents like text/plain and
+  // image/* are wrapped in a simple HTML document.
+  //
+  // Basically, this check filters out SVG documents and other types of XML
+  // documents.
+  if (frame->document().isNull() ||
+      frame->document().documentElement().isNull() ||
+      !frame->document().documentElement().hasTagName("html")) {
+      return true;
+  }
+
   // Don't inject user scripts into the gallery itself.  This prevents
   // a user script from removing the "report abuse" link, for example.
   if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host())