Index: extensions/renderer/script_context_set.cc |
diff --git a/extensions/renderer/script_context_set.cc b/extensions/renderer/script_context_set.cc |
index adefb3838becf53f84c3e4b2443eaf9dc34a45e5..6607e50d3b9af86a00f5bca1f937374ff5178bfe 100644 |
--- a/extensions/renderer/script_context_set.cc |
+++ b/extensions/renderer/script_context_set.cc |
@@ -140,8 +140,18 @@ const Extension* ScriptContextSet::GetExtensionFromFrameAndWorld( |
// Isolated worlds (content script). |
extension_id = ScriptInjection::GetHostIdForIsolatedWorld(world_id); |
} else { |
- // Extension pages (chrome-extension:// URLs). |
- GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame); |
+ // Top-level frames pointing at chrome-extension:// urls start out with an |
+ // url of about:blank, so we want to use the data source url they are |
+ // loading for determining the associated Extension object. On the other |
+ // hand, iframes also start out with an url of about:blank, but during |
+ // resource fetching they have an javascript context which is scriptable by |
+ // their parent, which then gets replaced with a new one once resource |
+ // loading is finished, so we *don't* want to use their data source url |
+ // for determining the associated Extension. |
+ GURL frame_url = frame->parent() |
Devlin
2016/07/13 23:19:09
Hmm... so what happens if the web page opens a pop
asargent_no_longer_on_chrome
2016/07/14 16:38:30
I just double-checked that using a new window does
Devlin
2016/07/14 16:46:35
As long as we can test and assert that it's the ca
asargent_no_longer_on_chrome
2016/07/14 21:38:07
Ok, so the web page is allowed to run script in th
asargent_no_longer_on_chrome
2016/07/20 21:36:47
It turned I was able to use the WebSecurityOrigin
|
+ ? GURL(frame->document().url()) |
+ : ScriptContext::GetDataSourceURLForFrame(frame); |
+ |
frame_url = ScriptContext::GetEffectiveDocumentURL(frame, frame_url, |
use_effective_url); |
extension_id = |