Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3438)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/renderer/programmatic_script_injector.cc

Issue 1030323003: [Extensions] Don't inject scripts into remote frames, null documents. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | extensions/renderer/user_script_set.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/programmatic_script_injector.cc
diff --git a/extensions/renderer/programmatic_script_injector.cc b/extensions/renderer/programmatic_script_injector.cc
index 6e28bef510a3b53c1648f1dc96af66181df9c2d0..5e668ac49c38c05544827618680731d1c92abd5a 100644
--- a/extensions/renderer/programmatic_script_injector.cc
+++ b/extensions/renderer/programmatic_script_injector.cc
@@ -70,6 +70,10 @@ PermissionsData::AccessType ProgrammaticScriptInjector::CanExecuteOnFrame(
blink::WebFrame* frame,
int tab_id,
const GURL& top_url) const {
+ // It doesn't make sense to inject a script into a remote frame or a frame
+ // with a null document.
+ if (frame->isWebRemoteFrame() || frame->document().isNull())
+ return PermissionsData::ACCESS_DENIED;
GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
frame, frame->document().url(), params_->match_about_blank);
if (params_->is_web_view) {
« no previous file with comments | « no previous file | extensions/renderer/user_script_set.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698