Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Side by Side Diff: chrome/renderer/extensions/user_script_slave.cc

Issue 226663003: Allow content script insertion on about:-URLs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Refactor GetEffectiveDocumentURL + fix nits Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/user_script_slave.h" 5 #include "chrome/renderer/extensions/user_script_slave.h"
6 6
7 #include <map> 7 #include <map>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 20 matching lines...) Expand all
31 #include "third_party/WebKit/public/web/WebDataSource.h" 31 #include "third_party/WebKit/public/web/WebDataSource.h"
32 #include "third_party/WebKit/public/web/WebDocument.h" 32 #include "third_party/WebKit/public/web/WebDocument.h"
33 #include "third_party/WebKit/public/web/WebFrame.h" 33 #include "third_party/WebKit/public/web/WebFrame.h"
34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" 34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h" 35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
36 #include "third_party/WebKit/public/web/WebView.h" 36 #include "third_party/WebKit/public/web/WebView.h"
37 #include "ui/base/resource/resource_bundle.h" 37 #include "ui/base/resource/resource_bundle.h"
38 #include "url/gurl.h" 38 #include "url/gurl.h"
39 39
40 using blink::WebFrame; 40 using blink::WebFrame;
41 using blink::WebDocument;
41 using blink::WebSecurityOrigin; 42 using blink::WebSecurityOrigin;
42 using blink::WebSecurityPolicy; 43 using blink::WebSecurityPolicy;
43 using blink::WebString; 44 using blink::WebString;
44 using blink::WebVector; 45 using blink::WebVector;
45 using blink::WebView; 46 using blink::WebView;
46 using content::RenderThread; 47 using content::RenderThread;
47 48
48 namespace extensions { 49 namespace extensions {
49 50
50 // These two strings are injected before and after the Greasemonkey API and 51 // These two strings are injected before and after the Greasemonkey API and
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 // the compose iframe's dataSource URL is about:blank, but the document URL 188 // the compose iframe's dataSource URL is about:blank, but the document URL
188 // changes to match the parent document after Gmail document.writes into 189 // changes to match the parent document after Gmail document.writes into
189 // it to create the editor. 190 // it to create the editor.
190 // http://code.google.com/p/chromium/issues/detail?id=86742 191 // http://code.google.com/p/chromium/issues/detail?id=86742
191 blink::WebDataSource* data_source = frame->provisionalDataSource() ? 192 blink::WebDataSource* data_source = frame->provisionalDataSource() ?
192 frame->provisionalDataSource() : frame->dataSource(); 193 frame->provisionalDataSource() : frame->dataSource();
193 CHECK(data_source); 194 CHECK(data_source);
194 return GURL(data_source->request().url()); 195 return GURL(data_source->request().url());
195 } 196 }
196 197
198 GURL UserScriptSlave::GetEffectiveDocumentURL(const WebFrame* frame,
199 const GURL& document_url,
200 bool match_about_blank) {
201 if (!match_about_blank || !document_url.SchemeIs(content::kAboutScheme))
202 return document_url;
203
204 // Non-sandboxed about:blank and about:srcdoc pages inherit their security
205 // origin from their parent frame/window. So, traverse the frame/window
206 // hierarchy to find the closest non-about:-page and return its URL.
207 const WebFrame* parent = frame;
208 do {
209 parent = parent->parent() ? parent->parent() : parent->opener();
210 } while (parent != NULL &&
211 GURL(parent->document().url()).SchemeIs(content::kAboutScheme));
212
not at google - send to devlin 2014/05/02 16:01:48 not quite sure about this. if we're in an non-abou
robwu 2014/05/02 17:03:40 If we're on a non-about:blank frame, then the code
213 if (parent) {
214 // Only return the parent URL if the frame can access it.
215 const WebDocument& parentDocument = parent->document();
not at google - send to devlin 2014/05/02 16:01:48 as you pointed out, parent_document not parentDocu
robwu 2014/05/02 17:03:40 Done.
216 if (frame->document().securityOrigin().canAccess(
217 parentDocument.securityOrigin()))
218 return GURL(parentDocument.url());
not at google - send to devlin 2014/05/02 16:01:48 WebURL has a GURL operator so you don't need the e
robwu 2014/05/02 17:03:40 Done.
219 }
220 return document_url;
221 }
222
197 void UserScriptSlave::InjectScripts(WebFrame* frame, 223 void UserScriptSlave::InjectScripts(WebFrame* frame,
198 UserScript::RunLocation location) { 224 UserScript::RunLocation location) {
199 GURL data_source_url = GetDataSourceURLForFrame(frame); 225 GURL data_source_url = GetDataSourceURLForFrame(frame);
200 if (data_source_url.is_empty()) 226 if (data_source_url.is_empty())
201 return; 227 return;
202 228
203 if (frame->isViewSourceModeEnabled()) 229 if (frame->isViewSourceModeEnabled())
204 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + 230 data_source_url = GURL(content::kViewSourceScheme + std::string(":") +
205 data_source_url.spec()); 231 data_source_url.spec());
206 232
(...skipping 10 matching lines...) Expand all
217 if (frame->parent() && !script->match_all_frames()) 243 if (frame->parent() && !script->match_all_frames())
218 continue; // Only match subframes if the script declared it wanted to. 244 continue; // Only match subframes if the script declared it wanted to.
219 245
220 const Extension* extension = extensions_->GetByID(script->extension_id()); 246 const Extension* extension = extensions_->GetByID(script->extension_id());
221 247
222 // Since extension info is sent separately from user script info, they can 248 // Since extension info is sent separately from user script info, they can
223 // be out of sync. We just ignore this situation. 249 // be out of sync. We just ignore this situation.
224 if (!extension) 250 if (!extension)
225 continue; 251 continue;
226 252
253 const GURL& document_url = GetEffectiveDocumentURL(
254 frame, data_source_url, script->match_about_blank());
255
227 // Content scripts are not tab-specific. 256 // Content scripts are not tab-specific.
228 const int kNoTabId = -1; 257 const int kNoTabId = -1;
229 // We don't have a process id in this context. 258 // We don't have a process id in this context.
230 const int kNoProcessId = -1; 259 const int kNoProcessId = -1;
231 if (!PermissionsData::CanExecuteScriptOnPage(extension, 260 if (!PermissionsData::CanExecuteScriptOnPage(extension,
232 data_source_url, 261 document_url,
233 frame->top()->document().url(), 262 frame->top()->document().url(),
234 kNoTabId, 263 kNoTabId,
235 script, 264 script,
236 kNoProcessId, 265 kNoProcessId,
237 NULL)) { 266 NULL)) {
238 continue; 267 continue;
239 } 268 }
240 269
241 if (location == UserScript::DOCUMENT_START) { 270 if (location == UserScript::DOCUMENT_START) {
242 num_css += script->css_scripts().size(); 271 num_css += script->css_scripts().size();
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
318 } else if (location == UserScript::DOCUMENT_IDLE) { 347 } else if (location == UserScript::DOCUMENT_IDLE) {
319 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); 348 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts);
320 if (num_scripts) 349 if (num_scripts)
321 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); 350 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed());
322 } else { 351 } else {
323 NOTREACHED(); 352 NOTREACHED();
324 } 353 }
325 } 354 }
326 355
327 } // namespace extensions 356 } // namespace extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698