OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/extensions/user_script_slave.h" | 5 #include "chrome/renderer/extensions/user_script_slave.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
187 // the compose iframe's dataSource URL is about:blank, but the document URL | 187 // the compose iframe's dataSource URL is about:blank, but the document URL |
188 // changes to match the parent document after Gmail document.writes into | 188 // changes to match the parent document after Gmail document.writes into |
189 // it to create the editor. | 189 // it to create the editor. |
190 // http://code.google.com/p/chromium/issues/detail?id=86742 | 190 // http://code.google.com/p/chromium/issues/detail?id=86742 |
191 blink::WebDataSource* data_source = frame->provisionalDataSource() ? | 191 blink::WebDataSource* data_source = frame->provisionalDataSource() ? |
192 frame->provisionalDataSource() : frame->dataSource(); | 192 frame->provisionalDataSource() : frame->dataSource(); |
193 CHECK(data_source); | 193 CHECK(data_source); |
194 return GURL(data_source->request().url()); | 194 return GURL(data_source->request().url()); |
195 } | 195 } |
196 | 196 |
197 GURL UserScriptSlave::GetOriginURLForFrame(const WebFrame* frame) { | |
198 // All pages served with the about:-scheme inherit the security origin from | |
199 // their parent document (i.e. either the page that contains the document or | |
200 // the page that opened a new window containing this page). | |
201 // If this parent document is accessible by the extension, then access to | |
202 // the about:-frame is allowed if the extension has requested access to it. | |
203 GURL document_origin_url(frame->document().securityOrigin().toString()); | |
204 // TODO(robwu): Iframes with the sandbox HTML attribute are mistakenly | |
not at google - send to devlin
2014/04/21 19:56:22
I .. think it makes sense to return an invalid URL
robwu
2014/04/21 22:15:41
Oops, this comment should be removed. I checked, a
| |
205 // excluded by this method, because their origin is "null" (i.e. unique). | |
dcheng
2014/04/21 21:02:05
I don't think this should match sandboxed iframes.
robwu
2014/04/21 22:15:41
The "sandbox" attribute somehow doesn't apply to a
dcheng
2014/04/21 22:35:18
Huh. I'm pretty sure that's a bug. I'll follow up
not at google - send to devlin
2014/04/21 22:36:47
Yes seems like this code should be explicitly chec
| |
206 if (document_origin_url.is_valid()) | |
207 return document_origin_url; | |
208 return frame->document().url(); | |
not at google - send to devlin
2014/04/21 19:56:22
.GetOrigin()?
robwu
2014/04/21 22:15:41
Done.
| |
209 } | |
210 | |
197 void UserScriptSlave::InjectScripts(WebFrame* frame, | 211 void UserScriptSlave::InjectScripts(WebFrame* frame, |
198 UserScript::RunLocation location) { | 212 UserScript::RunLocation location) { |
199 GURL data_source_url = GetDataSourceURLForFrame(frame); | 213 GURL data_source_url = GetDataSourceURLForFrame(frame); |
200 if (data_source_url.is_empty()) | 214 if (data_source_url.is_empty()) |
201 return; | 215 return; |
202 | 216 |
203 if (frame->isViewSourceModeEnabled()) | 217 if (frame->isViewSourceModeEnabled()) |
204 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + | 218 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + |
205 data_source_url.spec()); | 219 data_source_url.spec()); |
206 | 220 |
(...skipping 10 matching lines...) Expand all Loading... | |
217 if (frame->parent() && !script->match_all_frames()) | 231 if (frame->parent() && !script->match_all_frames()) |
218 continue; // Only match subframes if the script declared it wanted to. | 232 continue; // Only match subframes if the script declared it wanted to. |
219 | 233 |
220 const Extension* extension = extensions_->GetByID(script->extension_id()); | 234 const Extension* extension = extensions_->GetByID(script->extension_id()); |
221 | 235 |
222 // Since extension info is sent separately from user script info, they can | 236 // Since extension info is sent separately from user script info, they can |
223 // be out of sync. We just ignore this situation. | 237 // be out of sync. We just ignore this situation. |
224 if (!extension) | 238 if (!extension) |
225 continue; | 239 continue; |
226 | 240 |
241 const bool isAboutScheme = data_source_url.SchemeIs(content::kAboutScheme); | |
not at google - send to devlin
2014/04/21 19:56:22
is_about_scheme
robwu
2014/04/21 22:15:41
Done.
| |
242 if (isAboutScheme) { | |
243 if (!script->match_about_blank()) | |
244 continue; | |
245 data_source_url = GetOriginURLForFrame(frame); | |
246 } | |
247 | |
227 // Content scripts are not tab-specific. | 248 // Content scripts are not tab-specific. |
228 const int kNoTabId = -1; | 249 const int kNoTabId = -1; |
229 // We don't have a process id in this context. | 250 // We don't have a process id in this context. |
230 const int kNoProcessId = -1; | 251 const int kNoProcessId = -1; |
252 // If the page is about:blank, check against the extension's origin | |
253 // permissions instead of the user script's URL patterns. | |
231 if (!PermissionsData::CanExecuteScriptOnPage(extension, | 254 if (!PermissionsData::CanExecuteScriptOnPage(extension, |
232 data_source_url, | 255 data_source_url, |
233 frame->top()->document().url(), | 256 frame->top()->document().url(), |
234 kNoTabId, | 257 kNoTabId, |
235 script, | 258 isAboutScheme ? NULL : script, |
not at google - send to devlin
2014/04/21 19:56:22
don't have time to trace this down, why NULL here?
robwu
2014/04/21 22:15:41
Moved to separate variable, preceeded by a comment
| |
236 kNoProcessId, | 259 kNoProcessId, |
237 NULL)) { | 260 NULL)) { |
238 continue; | 261 continue; |
239 } | 262 } |
240 | 263 |
241 if (location == UserScript::DOCUMENT_START) { | 264 if (location == UserScript::DOCUMENT_START) { |
242 num_css += script->css_scripts().size(); | 265 num_css += script->css_scripts().size(); |
243 for (UserScript::FileList::const_iterator iter = | 266 for (UserScript::FileList::const_iterator iter = |
244 script->css_scripts().begin(); | 267 script->css_scripts().begin(); |
245 iter != script->css_scripts().end(); | 268 iter != script->css_scripts().end(); |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
318 } else if (location == UserScript::DOCUMENT_IDLE) { | 341 } else if (location == UserScript::DOCUMENT_IDLE) { |
319 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); | 342 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); |
320 if (num_scripts) | 343 if (num_scripts) |
321 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); | 344 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); |
322 } else { | 345 } else { |
323 NOTREACHED(); | 346 NOTREACHED(); |
324 } | 347 } |
325 } | 348 } |
326 | 349 |
327 } // namespace extensions | 350 } // namespace extensions |
OLD | NEW |