Deal with frame removal by content scripts

extensions/renderer/script_injection_manager.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/script_injection_manager.h"
 
 #include <utility>
 
 #include "base/auto_reset.h"
 #include "base/bind.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/weak_ptr.h"
 #include "base/values.h"
 #include "content/public/renderer/render_frame.h"
 #include "content/public/renderer/render_frame_observer.h"
 #include "content/public/renderer/render_thread.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extension_messages.h"
 #include "extensions/common/extension_set.h"
 #include "extensions/renderer/extension_frame_helper.h"
 #include "extensions/renderer/extension_injection_host.h"
 #include "extensions/renderer/programmatic_script_injector.h"
 #include "extensions/renderer/renderer_extension_registry.h"
 #include "extensions/renderer/script_injection.h"
 #include "extensions/renderer/scripts_run_info.h"
 #include "extensions/renderer/web_ui_injection_host.h"
 #include "ipc/ipc_message_macros.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/web/WebKit.h"
 #include "third_party/WebKit/public/web/WebLocalFrame.h"
 #include "third_party/WebKit/public/web/WebView.h"
 #include "url/gurl.h"
 
 namespace extensions {
 
 namespace {
 
 // The length of time to wait after the DOM is complete to try and run user
 // scripts.
@@ skipping 20 matching lines @@
 
 }  // namespace
 
 class ScriptInjectionManager::RFOHelper : public content::RenderFrameObserver {
  public:
   RFOHelper(content::RenderFrame* render_frame,
             ScriptInjectionManager* manager);
   ~RFOHelper() override;
 
  private:
+  class ScheduledScriptInjection;
+
   // RenderFrameObserver implementation.
   bool OnMessageReceived(const IPC::Message& message) override;
   void DidCreateNewDocument() override;
   void DidCreateDocumentElement() override;
   void DidFailProvisionalLoad(const blink::WebURLError& error) override;
   void DidFinishDocumentLoad() override;
   void DidFinishLoad() override;
   void FrameDetached() override;
   void OnDestruct() override;
 
@@ skipping 24 matching lines @@
                                              ScriptInjectionManager* manager)
     : content::RenderFrameObserver(render_frame),
       manager_(manager),
       should_run_idle_(true),
       weak_factory_(this) {
 }
 
 ScriptInjectionManager::RFOHelper::~RFOHelper() {
 }
 
+// This class schedules a script injection at |run_location| in the frame.
+class ScriptInjectionManager::RFOHelper::ScheduledScriptInjection {
+ public:
+  ScheduledScriptInjection(base::WeakPtr<RFOHelper> rfo_helper_weak,
+                           UserScript::RunLocation run_location)
+      : rfo_helper_weak_(rfo_helper_weak), run_location_(run_location) {
+    v8::Isolate* isolate = blink::mainThreadIsolate();
+    isolate->EnqueueMicrotask(RunScheduledScriptInjection, this);
+  }
+
+ private:
+  // This is called once when V8 runs the microtask.
+  static void RunScheduledScriptInjection(void* data) {
+    ScheduledScriptInjection* scheduled_script_injection =
+        static_cast<ScheduledScriptInjection*>(data);
+    scheduled_script_injection->StartInjectScripts();
+    delete scheduled_script_injection;
+  }
+
+  void StartInjectScripts() {
+    RFOHelper* rfo_helper = rfo_helper_weak_.get();
+    if (!rfo_helper)
+      return;
+    rfo_helper->manager_->StartInjectScripts(rfo_helper->render_frame(),
+                                             run_location_);
+  }
+
+  base::WeakPtr<RFOHelper> rfo_helper_weak_;
+  UserScript::RunLocation run_location_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScheduledScriptInjection);
+};
+
 bool ScriptInjectionManager::RFOHelper::OnMessageReceived(
     const IPC::Message& message) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(ScriptInjectionManager::RFOHelper, message)
     IPC_MESSAGE_HANDLER(ExtensionMsg_ExecuteCode, OnExecuteCode)
     IPC_MESSAGE_HANDLER(ExtensionMsg_PermitScriptInjection,
                         OnPermitScriptInjection)
     IPC_MESSAGE_HANDLER(ExtensionMsg_ExecuteDeclarativeScript,
                         OnExecuteDeclarativeScript)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void ScriptInjectionManager::RFOHelper::DidCreateNewDocument() {
   // A new document is going to be shown, so invalidate the old document state.
   // Check that the frame's state is known before invalidating the frame,
   // because it is possible that a script injection was scheduled before the
   // page was loaded, e.g. by navigating to a javascript: URL before the page
   // has loaded.
   if (manager_->frame_statuses_.count(render_frame()) != 0)
     InvalidateAndResetFrame();
 }
 
 void ScriptInjectionManager::RFOHelper::DidCreateDocumentElement() {
-  manager_->StartInjectScripts(render_frame(), UserScript::DOCUMENT_START);
+  new ScheduledScriptInjection(
+      weak_factory_.GetWeakPtr(), UserScript::DOCUMENT_START);
 }
 
 void ScriptInjectionManager::RFOHelper::DidFailProvisionalLoad(
     const blink::WebURLError& error) {
   FrameStatusMap::iterator it = manager_->frame_statuses_.find(render_frame());
   if (it != manager_->frame_statuses_.end() &&
       it->second == UserScript::DOCUMENT_START) {
     // Since the provisional load failed, the frame stays at its previous loaded
     // state and origin (or the parent's origin for new/about:blank frames).
     // Reset the frame to DOCUMENT_IDLE in order to reflect that the frame is
     // done loading, and avoid any deadlock in the system.
     //
     // We skip injection of DOCUMENT_END and DOCUMENT_IDLE scripts, because the
     // injections closely follow the DOMContentLoaded (and onload) events, which
     // are not triggered after a failed provisional load.
     // This assumption is verified in the checkDOMContentLoadedEvent subtest of
     // ExecuteScriptApiTest.FrameWithHttp204 (browser_tests).
     InvalidateAndResetFrame();
     should_run_idle_ = false;
     manager_->frame_statuses_[render_frame()] = UserScript::DOCUMENT_IDLE;
   }
 }
 
 void ScriptInjectionManager::RFOHelper::DidFinishDocumentLoad() {
   DCHECK(content::RenderThread::Get());
-  manager_->StartInjectScripts(render_frame(), UserScript::DOCUMENT_END);
+  new ScheduledScriptInjection(
+      weak_factory_.GetWeakPtr(), UserScript::DOCUMENT_END);
+
   // We try to run idle in two places: here and DidFinishLoad.
   // DidFinishDocumentLoad() corresponds to completing the document's load,
   // whereas DidFinishLoad corresponds to completing the document and all
   // subresources' load. We don't want to hold up script injection for a
   // particularly slow subresource, so we set a delayed task from here - but if
   // we finish everything before that point (i.e., DidFinishLoad() is
   // triggered), then there's no reason to keep waiting.
   base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
       FROM_HERE,
       base::Bind(&ScriptInjectionManager::RFOHelper::RunIdle,
@@ skipping 44 matching lines @@
 void ScriptInjectionManager::RFOHelper::OnPermitScriptInjection(
     int64_t request_id) {
   manager_->HandlePermitScriptInjection(request_id);
 }
 
 void ScriptInjectionManager::RFOHelper::RunIdle() {
   // Only notify the manager if the frame hasn't either been removed or already
   // had idle run since the task to RunIdle() was posted.
   if (should_run_idle_) {
     should_run_idle_ = false;
-    manager_->StartInjectScripts(render_frame(), UserScript::DOCUMENT_IDLE);
+    new ScheduledScriptInjection(
+        weak_factory_.GetWeakPtr(), UserScript::DOCUMENT_IDLE);
   }
 }
 
 void ScriptInjectionManager::RFOHelper::InvalidateAndResetFrame() {
   // Invalidate any pending idle injections, and reset the frame inject on idle.
   weak_factory_.InvalidateWeakPtrs();
   // We reset to inject on idle, because the frame can be reused (in the case of
   // navigation).
   should_run_idle_ = true;
   manager_->InvalidateForFrame(render_frame());
@@ skipping 250 matching lines @@
   ScriptsRunInfo scripts_run_info(injection->render_frame(),
                                   UserScript::RUN_DEFERRED);
   ScriptInjection::InjectionResult res = injection->OnPermissionGranted(
       &scripts_run_info);
   if (res == ScriptInjection::INJECTION_BLOCKED)
     running_injections_.push_back(std::move(injection));
   scripts_run_info.LogRun();
 }
 
 }  // namespace extensions