[Extensions] Use document url (not top url) for tab-specific permissions

extensions/renderer/user_script_injector.cc

Index: extensions/renderer/user_script_injector.cc
diff --git a/extensions/renderer/user_script_injector.cc b/extensions/renderer/user_script_injector.cc
index 53e1263297dd410572ff9aa6808521b28d6864f3..b90e90675cf12d3ca10518f436ca4de103cc9795 100644
--- a/extensions/renderer/user_script_injector.cc
+++ b/extensions/renderer/user_script_injector.cc
@@ -9,6 +9,7 @@
 #include "base/lazy_instance.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/renderer/render_thread.h"
+#include "content/public/renderer/render_frame.h"
 #include "content/public/renderer/render_view.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/guest_view/extensions_guest_view_messages.h"
@@ -152,12 +153,14 @@ bool UserScriptInjector::ShouldInjectCss(
 PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
     const InjectionHost* injection_host,
     blink::WebFrame* web_frame,
-    int tab_id,
-    const GURL& top_url) const {
+    int tab_id) const {
   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
       web_frame, web_frame->document().url(), script_->match_about_blank());
   PermissionsData::AccessType can_execute = injection_host->CanExecuteOnFrame(
-      effective_document_url, top_url, tab_id, is_declarative_);
+      effective_document_url,
+      content::RenderFrame::FromWebFrame(web_frame),
+      tab_id,
+      is_declarative_);
   if (script_->consumer_instance_type() !=
           UserScript::ConsumerInstanceType::WEBVIEW ||
       can_execute == PermissionsData::ACCESS_DENIED)