Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(922)

Unified Diff: extensions/renderer/script_context_set.cc

Issue 2151693002: Fix extension bindings injection for iframes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: use security origin, augmented tests, fix nits Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: extensions/renderer/script_context_set.cc
diff --git a/extensions/renderer/script_context_set.cc b/extensions/renderer/script_context_set.cc
index adefb3838becf53f84c3e4b2443eaf9dc34a45e5..33b068c73b9afb3327f44f8d3a01092a374b0cc4 100644
--- a/extensions/renderer/script_context_set.cc
+++ b/extensions/renderer/script_context_set.cc
@@ -140,8 +140,21 @@ const Extension* ScriptContextSet::GetExtensionFromFrameAndWorld(
// Isolated worlds (content script).
extension_id = ScriptInjection::GetHostIdForIsolatedWorld(world_id);
} else {
- // Extension pages (chrome-extension:// URLs).
- GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame);
+ // For looking up the extension associated with this frame, we either want
+ // to use the current url or possibly the data source url (which this frame
+ // may be navigating to shortly), depending on the security origin of the
+ // frame. We don't always want to use the data source url because some
+ // frames (eg iframes and windows created via window.open) briefly contain
+ // an about:blank script context that is scriptable by their parent/opener
+ // before they finish navigating.
+ GURL frame_url = GURL(frame->document().url());
Devlin 2016/07/21 00:44:54 nit: prefer construction over assignment in a case
asargent_no_longer_on_chrome 2016/07/21 18:12:22 Done.
+ GURL data_src_url = ScriptContext::GetDataSourceURLForFrame(frame);
+ if (frame_url.is_empty() && data_src_url.is_valid() &&
+ frame->getSecurityOrigin().canAccess(
+ blink::WebSecurityOrigin::create(data_src_url))) {
+ frame_url = data_src_url;
+ }
+
frame_url = ScriptContext::GetEffectiveDocumentURL(frame, frame_url,
use_effective_url);
extension_id =

Powered by Google App Engine
This is Rietveld 408576698