| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/renderer/programmatic_script_injector.h" | 5 #include "extensions/renderer/programmatic_script_injector.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/values.h" | 10 #include "base/values.h" |
| 11 #include "content/public/common/url_constants.h" | 11 #include "content/public/common/url_constants.h" |
| 12 #include "content/public/renderer/render_frame.h" | 12 #include "content/public/renderer/render_frame.h" |
| 13 #include "extensions/common/error_utils.h" | 13 #include "extensions/common/error_utils.h" |
| 14 #include "extensions/common/extension_messages.h" | 14 #include "extensions/common/extension_messages.h" |
| 15 #include "extensions/common/manifest_constants.h" | 15 #include "extensions/common/manifest_constants.h" |
| 16 #include "extensions/common/permissions/permissions_data.h" | 16 #include "extensions/common/permissions/permissions_data.h" |
| 17 #include "extensions/renderer/injection_host.h" | 17 #include "extensions/renderer/injection_host.h" |
| 18 #include "extensions/renderer/script_context.h" | 18 #include "extensions/renderer/script_context.h" |
| 19 #include "third_party/WebKit/public/platform/WebString.h" | 19 #include "third_party/WebKit/public/platform/WebString.h" |
| 20 #include "third_party/WebKit/public/web/WebDocument.h" | 20 #include "third_party/WebKit/public/web/WebDocument.h" |
| 21 #include "third_party/WebKit/public/web/WebLocalFrame.h" | 21 #include "third_party/WebKit/public/web/WebLocalFrame.h" |
| 22 #include "third_party/WebKit/public/web/WebScriptSource.h" | 22 #include "third_party/WebKit/public/web/WebScriptSource.h" |
| 23 #include "url/origin.h" |
| 23 | 24 |
| 24 namespace extensions { | 25 namespace extensions { |
| 25 | 26 |
| 26 ProgrammaticScriptInjector::ProgrammaticScriptInjector( | 27 ProgrammaticScriptInjector::ProgrammaticScriptInjector( |
| 27 const ExtensionMsg_ExecuteCode_Params& params, | 28 const ExtensionMsg_ExecuteCode_Params& params, |
| 28 content::RenderFrame* render_frame) | 29 content::RenderFrame* render_frame) |
| 29 : params_(new ExtensionMsg_ExecuteCode_Params(params)), | 30 : params_(new ExtensionMsg_ExecuteCode_Params(params)), |
| 30 url_( | 31 url_( |
| 31 ScriptContext::GetDataSourceURLForFrame(render_frame->GetWebFrame())), | 32 ScriptContext::GetDataSourceURLForFrame(render_frame->GetWebFrame())), |
| 32 finished_(false) { | 33 finished_(false) { |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 125 | 126 |
| 126 void ProgrammaticScriptInjector::OnWillNotInject( | 127 void ProgrammaticScriptInjector::OnWillNotInject( |
| 127 InjectFailureReason reason, | 128 InjectFailureReason reason, |
| 128 content::RenderFrame* render_frame) { | 129 content::RenderFrame* render_frame) { |
| 129 std::string error; | 130 std::string error; |
| 130 switch (reason) { | 131 switch (reason) { |
| 131 case NOT_ALLOWED: | 132 case NOT_ALLOWED: |
| 132 if (url_.SchemeIs(url::kAboutScheme)) { | 133 if (url_.SchemeIs(url::kAboutScheme)) { |
| 133 error = ErrorUtils::FormatErrorMessage( | 134 error = ErrorUtils::FormatErrorMessage( |
| 134 manifest_errors::kCannotAccessAboutUrl, url_.spec(), | 135 manifest_errors::kCannotAccessAboutUrl, url_.spec(), |
| 135 effective_url_.GetOrigin().spec()); | 136 url::Origin(effective_url_).Serialize()); |
| 136 } else { | 137 } else { |
| 137 // TODO(?) It would be nice to show kCannotAccessPageWithUrl here if | 138 // TODO(?) It would be nice to show kCannotAccessPageWithUrl here if |
| 138 // this is triggered by an extension with tabs permission. See | 139 // this is triggered by an extension with tabs permission. See |
| 139 // https://codereview.chromium.org/1414223005/diff/1/extensions/ | 140 // https://codereview.chromium.org/1414223005/diff/1/extensions/ |
| 140 // common/manifest_constants.cc#newcode269 | 141 // common/manifest_constants.cc#newcode269 |
| 141 error = manifest_errors::kCannotAccessPage; | 142 error = manifest_errors::kCannotAccessPage; |
| 142 } | 143 } |
| 143 break; | 144 break; |
| 144 case EXTENSION_REMOVED: // no special error here. | 145 case EXTENSION_REMOVED: // no special error here. |
| 145 case WONT_INJECT: | 146 case WONT_INJECT: |
| (...skipping 16 matching lines...) Expand all Loading... |
| 162 // frame deletions so nothing is left hanging). | 163 // frame deletions so nothing is left hanging). |
| 163 if (render_frame) { | 164 if (render_frame) { |
| 164 render_frame->Send( | 165 render_frame->Send( |
| 165 new ExtensionHostMsg_ExecuteCodeFinished( | 166 new ExtensionHostMsg_ExecuteCodeFinished( |
| 166 render_frame->GetRoutingID(), params_->request_id, | 167 render_frame->GetRoutingID(), params_->request_id, |
| 167 error, url_, results_)); | 168 error, url_, results_)); |
| 168 } | 169 } |
| 169 } | 170 } |
| 170 | 171 |
| 171 } // namespace extensions | 172 } // namespace extensions |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1658913002:
Make extensions use a correct same-origin check. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master