OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "extensions/renderer/script_context_set.h" | 5 #include "extensions/renderer/script_context_set.h" |
6 | 6 |
7 #include "base/location.h" | 7 #include "base/location.h" |
8 #include "base/single_thread_task_runner.h" | 8 #include "base/single_thread_task_runner.h" |
9 #include "base/threading/thread_task_runner_handle.h" | 9 #include "base/threading/thread_task_runner_handle.h" |
10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
133 | 133 |
134 const Extension* ScriptContextSet::GetExtensionFromFrameAndWorld( | 134 const Extension* ScriptContextSet::GetExtensionFromFrameAndWorld( |
135 const blink::WebLocalFrame* frame, | 135 const blink::WebLocalFrame* frame, |
136 int world_id, | 136 int world_id, |
137 bool use_effective_url) { | 137 bool use_effective_url) { |
138 std::string extension_id; | 138 std::string extension_id; |
139 if (world_id != 0) { | 139 if (world_id != 0) { |
140 // Isolated worlds (content script). | 140 // Isolated worlds (content script). |
141 extension_id = ScriptInjection::GetHostIdForIsolatedWorld(world_id); | 141 extension_id = ScriptInjection::GetHostIdForIsolatedWorld(world_id); |
142 } else { | 142 } else { |
143 // Extension pages (chrome-extension:// URLs). | 143 // Top-level frames pointing at chrome-extension:// urls start out with an |
144 GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame); | 144 // url of about:blank, so we want to use the data source url they are |
145 // loading for determining the associated Extension object. On the other | |
146 // hand, iframes also start out with an url of about:blank, but during | |
147 // resource fetching they have an javascript context which is scriptable by | |
148 // their parent, which then gets replaced with a new one once resource | |
149 // loading is finished, so we *don't* want to use their data source url | |
150 // for determining the associated Extension. | |
151 GURL frame_url = frame->parent() | |
Devlin
2016/07/13 23:19:09
Hmm... so what happens if the web page opens a pop
asargent_no_longer_on_chrome
2016/07/14 16:38:30
I just double-checked that using a new window does
Devlin
2016/07/14 16:46:35
As long as we can test and assert that it's the ca
asargent_no_longer_on_chrome
2016/07/14 21:38:07
Ok, so the web page is allowed to run script in th
asargent_no_longer_on_chrome
2016/07/20 21:36:47
It turned I was able to use the WebSecurityOrigin
| |
152 ? GURL(frame->document().url()) | |
153 : ScriptContext::GetDataSourceURLForFrame(frame); | |
154 | |
145 frame_url = ScriptContext::GetEffectiveDocumentURL(frame, frame_url, | 155 frame_url = ScriptContext::GetEffectiveDocumentURL(frame, frame_url, |
146 use_effective_url); | 156 use_effective_url); |
147 extension_id = | 157 extension_id = |
148 RendererExtensionRegistry::Get()->GetExtensionOrAppIDByURL(frame_url); | 158 RendererExtensionRegistry::Get()->GetExtensionOrAppIDByURL(frame_url); |
149 } | 159 } |
150 | 160 |
151 // There are conditions where despite a context being associated with an | 161 // There are conditions where despite a context being associated with an |
152 // extension, no extension actually gets found. Ignore "invalid" because CSP | 162 // extension, no extension actually gets found. Ignore "invalid" because CSP |
153 // blocks extension page loading by switching the extension ID to "invalid". | 163 // blocks extension page loading by switching the extension ID to "invalid". |
154 const Extension* extension = | 164 const Extension* extension = |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
216 return Feature::WEB_PAGE_CONTEXT; | 226 return Feature::WEB_PAGE_CONTEXT; |
217 } | 227 } |
218 | 228 |
219 void ScriptContextSet::RecordAndRemove(std::set<ScriptContext*>* removed, | 229 void ScriptContextSet::RecordAndRemove(std::set<ScriptContext*>* removed, |
220 ScriptContext* context) { | 230 ScriptContext* context) { |
221 removed->insert(context); | 231 removed->insert(context); |
222 Remove(context); // Note: context deletion is deferred to the message loop. | 232 Remove(context); // Note: context deletion is deferred to the message loop. |
223 } | 233 } |
224 | 234 |
225 } // namespace extensions | 235 } // namespace extensions |
OLD | NEW |