Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/extension_injection_host.cc

Issue 1288893005: [Script Injection] Allow whitelisted extensions to inject scripts everywhere (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Missing file Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/all_urls/bystander/page.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/extension_injection_host.h" 5 #include "extensions/renderer/extension_injection_host.h"
6 6
7 #include "content/public/renderer/render_frame.h" 7 #include "content/public/renderer/render_frame.h"
8 #include "extensions/common/constants.h" 8 #include "extensions/common/constants.h"
9 #include "extensions/common/extension_set.h" 9 #include "extensions/common/extension_set.h"
10 #include "extensions/common/manifest_handlers/csp_info.h" 10 #include "extensions/common/manifest_handlers/csp_info.h"
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
50 content::RenderFrame* render_frame, 50 content::RenderFrame* render_frame,
51 int tab_id, 51 int tab_id,
52 bool is_declarative) const { 52 bool is_declarative) const {
53 // If we don't have a tab id, we have no UI surface to ask for user consent. 53 // If we don't have a tab id, we have no UI surface to ask for user consent.
54 // For now, we treat this as an automatic allow. 54 // For now, we treat this as an automatic allow.
55 if (tab_id == -1) 55 if (tab_id == -1)
56 return PermissionsData::ACCESS_ALLOWED; 56 return PermissionsData::ACCESS_ALLOWED;
57 57
58 blink::WebSecurityOrigin top_frame_security_origin = 58 blink::WebSecurityOrigin top_frame_security_origin =
59 render_frame->GetWebFrame()->top()->securityOrigin(); 59 render_frame->GetWebFrame()->top()->securityOrigin();
60 // Only whitelisted extensions may run scripts on another extension's page.
60 if (top_frame_security_origin.protocol().utf8() == kExtensionScheme && 61 if (top_frame_security_origin.protocol().utf8() == kExtensionScheme &&
61 top_frame_security_origin.host().utf8() != extension_->id()) 62 top_frame_security_origin.host().utf8() != extension_->id() &&
63 !PermissionsData::CanExecuteScriptEverywhere(extension_))
62 return PermissionsData::ACCESS_DENIED; 64 return PermissionsData::ACCESS_DENIED;
63 65
64 // Declarative user scripts use "page access" (from "permissions" section in 66 // Declarative user scripts use "page access" (from "permissions" section in
65 // manifest) whereas non-declarative user scripts use custom 67 // manifest) whereas non-declarative user scripts use custom
66 // "content script access" logic. 68 // "content script access" logic.
67 if (is_declarative) { 69 if (is_declarative) {
68 return extension_->permissions_data()->GetPageAccess( 70 return extension_->permissions_data()->GetPageAccess(
69 extension_, 71 extension_,
70 document_url, 72 document_url,
71 tab_id, 73 tab_id,
(...skipping 13 matching lines...) Expand all
85 // We notify the browser of any injection if the extension has no withheld 87 // We notify the browser of any injection if the extension has no withheld
86 // permissions (i.e., the permissions weren't restricted), but would have 88 // permissions (i.e., the permissions weren't restricted), but would have
87 // otherwise been affected by the scripts-require-action feature. 89 // otherwise been affected by the scripts-require-action feature.
88 return extension_->permissions_data()->withheld_permissions()->IsEmpty() && 90 return extension_->permissions_data()->withheld_permissions()->IsEmpty() &&
89 PermissionsData::ScriptsMayRequireActionForExtension( 91 PermissionsData::ScriptsMayRequireActionForExtension(
90 extension_, 92 extension_,
91 extension_->permissions_data()->active_permissions().get()); 93 extension_->permissions_data()->active_permissions().get());
92 } 94 }
93 95
94 } // namespace extensions 96 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/api_test/all_urls/bystander/page.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698