Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(100)

Unified Diff: extensions/renderer/user_script_injector.cc

Issue 1335083004: [Extensions] Don't allow extensions to inject scripts into extension pages (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/renderer/script_injection_manager.cc ('k') | extensions/renderer/user_script_set.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/user_script_injector.cc
diff --git a/extensions/renderer/user_script_injector.cc b/extensions/renderer/user_script_injector.cc
index 341890e2f90cdfcde525da78613479eed401595c..511fac34a329f743bcd4a2cc4b89592952faf90b 100644
--- a/extensions/renderer/user_script_injector.cc
+++ b/extensions/renderer/user_script_injector.cc
@@ -154,42 +154,42 @@ PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
const InjectionHost* injection_host,
blink::WebLocalFrame* web_frame,
int tab_id) const {
+ if (script_->consumer_instance_type() ==
+ UserScript::ConsumerInstanceType::WEBVIEW) {
+ int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
+ ->GetRoutingID();
+
+ RoutingInfoKey key(routing_id, script_->id());
+
+ RoutingInfoMap& map = g_routing_info_map.Get();
+ auto iter = map.find(key);
+
+ bool allowed = false;
+ if (iter != map.end()) {
+ allowed = iter->second;
+ } else {
+ // Send a SYNC IPC message to the browser to check if this is allowed.
+ // This is not ideal, but is mitigated by the fact that this is only done
+ // for webviews, and then only once per host.
+ // TODO(hanxi): Find a more efficient way to do this.
+ content::RenderThread::Get()->Send(
+ new ExtensionsGuestViewHostMsg_CanExecuteContentScriptSync(
+ routing_id, script_->id(), &allowed));
+ map.insert(std::pair<RoutingInfoKey, bool>(key, allowed));
+ }
+
+ return allowed ? PermissionsData::ACCESS_ALLOWED
+ : PermissionsData::ACCESS_DENIED;
+ }
+
GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
web_frame, web_frame->document().url(), script_->match_about_blank());
- PermissionsData::AccessType can_execute = injection_host->CanExecuteOnFrame(
+
+ return injection_host->CanExecuteOnFrame(
effective_document_url,
content::RenderFrame::FromWebFrame(web_frame),
tab_id,
is_declarative_);
- if (script_->consumer_instance_type() !=
- UserScript::ConsumerInstanceType::WEBVIEW ||
- can_execute == PermissionsData::ACCESS_DENIED)
- return can_execute;
-
- int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
- ->GetRoutingID();
-
- RoutingInfoKey key(routing_id, script_->id());
-
- RoutingInfoMap& map = g_routing_info_map.Get();
- auto iter = map.find(key);
-
- bool allowed = false;
- if (iter != map.end()) {
- allowed = iter->second;
- } else {
- // Send a SYNC IPC message to the browser to check if this is allowed. This
- // is not ideal, but is mitigated by the fact that this is only done for
- // webviews, and then only once per host.
- // TODO(hanxi): Find a more efficient way to do this.
- content::RenderThread::Get()->Send(
- new ExtensionsGuestViewHostMsg_CanExecuteContentScriptSync(
- routing_id, script_->id(), &allowed));
- map.insert(std::pair<RoutingInfoKey, bool>(key, allowed));
- }
-
- return allowed ? PermissionsData::ACCESS_ALLOWED
- : PermissionsData::ACCESS_DENIED;
}
std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
« no previous file with comments | « extensions/renderer/script_injection_manager.cc ('k') | extensions/renderer/user_script_set.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698