| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/renderer/script_injection.h" | 5 #include "extensions/renderer/script_injection.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 | 8 |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| 11 #include "base/timer/elapsed_timer.h" | 11 #include "base/timer/elapsed_timer.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "content/public/child/v8_value_converter.h" | 13 #include "content/public/child/v8_value_converter.h" |
| 14 #include "content/public/renderer/render_frame.h" | 14 #include "content/public/renderer/render_frame.h" |
| 15 #include "extensions/common/extension_messages.h" | 15 #include "extensions/common/extension_messages.h" |
| 16 #include "extensions/common/host_id.h" | 16 #include "extensions/common/host_id.h" |
| 17 #include "extensions/renderer/dom_activity_logger.h" | 17 #include "extensions/renderer/dom_activity_logger.h" |
| 18 #include "extensions/renderer/extension_frame_helper.h" |
| 18 #include "extensions/renderer/extension_groups.h" | 19 #include "extensions/renderer/extension_groups.h" |
| 19 #include "extensions/renderer/extensions_renderer_client.h" | 20 #include "extensions/renderer/extensions_renderer_client.h" |
| 20 #include "extensions/renderer/script_injection_callback.h" | 21 #include "extensions/renderer/script_injection_callback.h" |
| 21 #include "extensions/renderer/scripts_run_info.h" | 22 #include "extensions/renderer/scripts_run_info.h" |
| 22 #include "third_party/WebKit/public/platform/WebString.h" | 23 #include "third_party/WebKit/public/platform/WebString.h" |
| 23 #include "third_party/WebKit/public/web/WebDocument.h" | 24 #include "third_party/WebKit/public/web/WebDocument.h" |
| 24 #include "third_party/WebKit/public/web/WebLocalFrame.h" | 25 #include "third_party/WebKit/public/web/WebLocalFrame.h" |
| 25 #include "third_party/WebKit/public/web/WebScriptSource.h" | 26 #include "third_party/WebKit/public/web/WebScriptSource.h" |
| 26 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" | 27 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" |
| 27 #include "url/gurl.h" | 28 #include "url/gurl.h" |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 | 91 |
| 91 // static | 92 // static |
| 92 void ScriptInjection::RemoveIsolatedWorld(const std::string& host_id) { | 93 void ScriptInjection::RemoveIsolatedWorld(const std::string& host_id) { |
| 93 g_isolated_worlds.Get().erase(host_id); | 94 g_isolated_worlds.Get().erase(host_id); |
| 94 } | 95 } |
| 95 | 96 |
| 96 ScriptInjection::ScriptInjection( | 97 ScriptInjection::ScriptInjection( |
| 97 scoped_ptr<ScriptInjector> injector, | 98 scoped_ptr<ScriptInjector> injector, |
| 98 content::RenderFrame* render_frame, | 99 content::RenderFrame* render_frame, |
| 99 scoped_ptr<const InjectionHost> injection_host, | 100 scoped_ptr<const InjectionHost> injection_host, |
| 100 UserScript::RunLocation run_location, | 101 UserScript::RunLocation run_location) |
| 101 int tab_id) | |
| 102 : injector_(injector.Pass()), | 102 : injector_(injector.Pass()), |
| 103 render_frame_(render_frame), | 103 render_frame_(render_frame), |
| 104 injection_host_(injection_host.Pass()), | 104 injection_host_(injection_host.Pass()), |
| 105 run_location_(run_location), | 105 run_location_(run_location), |
| 106 tab_id_(tab_id), | |
| 107 request_id_(kInvalidRequestId), | 106 request_id_(kInvalidRequestId), |
| 108 complete_(false), | 107 complete_(false), |
| 109 did_inject_js_(false), | 108 did_inject_js_(false), |
| 110 weak_ptr_factory_(this) { | 109 weak_ptr_factory_(this) { |
| 111 CHECK(injection_host_.get()); | 110 CHECK(injection_host_.get()); |
| 112 } | 111 } |
| 113 | 112 |
| 114 ScriptInjection::~ScriptInjection() { | 113 ScriptInjection::~ScriptInjection() { |
| 115 if (!complete_) | 114 if (!complete_) |
| 116 injector_->OnWillNotInject(ScriptInjector::WONT_INJECT); | 115 injector_->OnWillNotInject(ScriptInjector::WONT_INJECT); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 128 return INJECTION_WAITING; | 127 return INJECTION_WAITING; |
| 129 } | 128 } |
| 130 | 129 |
| 131 if (!injection_host_) { | 130 if (!injection_host_) { |
| 132 NotifyWillNotInject(ScriptInjector::EXTENSION_REMOVED); | 131 NotifyWillNotInject(ScriptInjector::EXTENSION_REMOVED); |
| 133 return INJECTION_FINISHED; // We're done. | 132 return INJECTION_FINISHED; // We're done. |
| 134 } | 133 } |
| 135 | 134 |
| 136 blink::WebLocalFrame* web_frame = render_frame_->GetWebFrame(); | 135 blink::WebLocalFrame* web_frame = render_frame_->GetWebFrame(); |
| 137 switch (injector_->CanExecuteOnFrame( | 136 switch (injector_->CanExecuteOnFrame( |
| 138 injection_host_.get(), web_frame, tab_id_)) { | 137 injection_host_.get(), web_frame, |
| 138 ExtensionFrameHelper::Get(render_frame_)->tab_id())) { |
| 139 case PermissionsData::ACCESS_DENIED: | 139 case PermissionsData::ACCESS_DENIED: |
| 140 NotifyWillNotInject(ScriptInjector::NOT_ALLOWED); | 140 NotifyWillNotInject(ScriptInjector::NOT_ALLOWED); |
| 141 return INJECTION_FINISHED; // We're done. | 141 return INJECTION_FINISHED; // We're done. |
| 142 case PermissionsData::ACCESS_WITHHELD: | 142 case PermissionsData::ACCESS_WITHHELD: |
| 143 // Note: we don't consider ACCESS_WITHHELD for child frames because there | |
| 144 // is nowhere to surface a request for a child frame. | |
| 145 // TODO(devlin): We should ask for permission somehow. crbug.com/491402. | |
| 146 if (web_frame->parent()) { | |
| 147 NotifyWillNotInject(ScriptInjector::NOT_ALLOWED); | |
| 148 return INJECTION_FINISHED; | |
| 149 } | |
| 150 | |
| 151 SendInjectionMessage(true /* request permission */); | 143 SendInjectionMessage(true /* request permission */); |
| 152 return INJECTION_WAITING; // Wait around for permission. | 144 return INJECTION_WAITING; // Wait around for permission. |
| 153 case PermissionsData::ACCESS_ALLOWED: | 145 case PermissionsData::ACCESS_ALLOWED: |
| 154 InjectionResult result = Inject(scripts_run_info); | 146 InjectionResult result = Inject(scripts_run_info); |
| 155 // If the injection is blocked, we need to set the manager so we can | 147 // If the injection is blocked, we need to set the manager so we can |
| 156 // notify it upon completion. | 148 // notify it upon completion. |
| 157 if (result == INJECTION_BLOCKED) | 149 if (result == INJECTION_BLOCKED) |
| 158 async_completion_callback_ = async_completion_callback; | 150 async_completion_callback_ = async_completion_callback; |
| 159 return result; | 151 return result; |
| 160 } | 152 } |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 299 | 291 |
| 300 void ScriptInjection::InjectCss() { | 292 void ScriptInjection::InjectCss() { |
| 301 std::vector<std::string> css_sources = | 293 std::vector<std::string> css_sources = |
| 302 injector_->GetCssSources(run_location_); | 294 injector_->GetCssSources(run_location_); |
| 303 blink::WebLocalFrame* web_frame = render_frame_->GetWebFrame(); | 295 blink::WebLocalFrame* web_frame = render_frame_->GetWebFrame(); |
| 304 for (const std::string& css : css_sources) | 296 for (const std::string& css : css_sources) |
| 305 web_frame->document().insertStyleSheet(blink::WebString::fromUTF8(css)); | 297 web_frame->document().insertStyleSheet(blink::WebString::fromUTF8(css)); |
| 306 } | 298 } |
| 307 | 299 |
| 308 } // namespace extensions | 300 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1335083004:
[Extensions] Don't allow extensions to inject scripts into extension pages (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master