chrome/renderer/extensions/user_script_slave.cc - Issue 226663003: Allow content script insertion on about:-URLs.

Side by Side Diff: chrome/renderer/extensions/user_script_slave.cc

Issue 226663003: Allow content script insertion on about:-URLs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: use matches_about_blank key instead of about:* permission. Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/common/extensions/docs/templates/articles/content_scripts.html ('K') | « chrome/renderer/extensions/user_script_slave.h ('k') | chrome/test/data/extensions/api_test/content_scripts/about_blank_iframes/content_script2.js » ('j') | extensions/common/manifest_constants.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/renderer/extensions/user_script_slave.h"	5 #include "chrome/renderer/extensions/user_script_slave.h"

6	6

7 #include <map>	7 #include <map>

8	8

9 #include "base/command_line.h"	9 #include "base/command_line.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

(...skipping 176 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
187 // the compose iframe's dataSource URL is about:blank, but the document URL	187 // the compose iframe's dataSource URL is about:blank, but the document URL

188 // changes to match the parent document after Gmail document.writes into	188 // changes to match the parent document after Gmail document.writes into

189 // it to create the editor.	189 // it to create the editor.

190 // http://code.google.com/p/chromium/issues/detail?id=86742	190 // http://code.google.com/p/chromium/issues/detail?id=86742

191 blink::WebDataSource* data_source = frame->provisionalDataSource() ?	191 blink::WebDataSource* data_source = frame->provisionalDataSource() ?

192 frame->provisionalDataSource() : frame->dataSource();	192 frame->provisionalDataSource() : frame->dataSource();

193 CHECK(data_source);	193 CHECK(data_source);

194 return GURL(data_source->request().url());	194 return GURL(data_source->request().url());

195 }	195 }

196	196

	197 GURL UserScriptSlave::GetOriginURLForFrame(const WebFrame* frame) {

	198 // All pages served with the about:-scheme inherit the security origin from

	199 // their parent document (i.e. either the page that contains the document or

	200 // the page that opened a new window containing this page).

	201 // If this parent document is accessible by the extension, then access to

	202 // the about:-frame is allowed if the extension has requested access to it.

	203 GURL document_origin_url(frame->document().securityOrigin().toString());

	204 // TODO(robwu): Iframes with the sandbox HTML attribute are mistakenly
	not at google - send to devlin 2014/04/21 19:56:22 I .. think it makes sense to return an invalid URL I .. think it makes sense to return an invalid URL if it's a sandbox. You can check frame->document()->securityOrigin()->isUnique() for that. robwu 2014/04/21 22:15:41 Oops, this comment should be removed. I checked, a Show quoted text On 2014/04/21 19:56:22, kalman wrote: > I .. think it makes sense to return an invalid URL if it's a sandbox. You can > check frame->document()->securityOrigin()->isUnique() for that. Oops, this comment should be removed. I checked, and about:blank/about:srcdoc can access its parent frame despite the sandbox attribute.
	205 // excluded by this method, because their origin is "null" (i.e. unique).
	dcheng 2014/04/21 21:02:05 I don't think this should match sandboxed iframes. I don't think this should match sandboxed iframes. 1) Can't extensions still inject by matching on a wildcard pattern? 2) If a sandboxed iframe wants to be treated as same origin, it can specify that option. If not specified, it really should be treated as a unique origin that can't match anything else. robwu 2014/04/21 22:15:41 The "sandbox" attribute somehow doesn't apply to a Show quoted text On 2014/04/21 21:02:05, dcheng wrote: > I don't think this should match sandboxed iframes. > > 1) Can't extensions still inject by matching on a wildcard pattern? > 2) If a sandboxed iframe wants to be treated as same origin, it can specify that > option. If not specified, it really should be treated as a unique origin that > can't match anything else. The "sandbox" attribute somehow doesn't apply to about:blank: 1. Visit http://jsfiddle.net/Q7tAw/show/ 2. Open F12 devtools. 3. Change JavaScript context to the about:blank frame. 4. Type "parent" in the JS console and press enter. 5. Observe that the frame can access its parent document without being blocked. Content scripts are declared for specific URLs, so the (non-)existence of the sandbox attribute should not matter. Otherwise, adblockers could be circumvented by sandboxing the iframe. dcheng 2014/04/21 22:35:18 Huh. I'm pretty sure that's a bug. I'll follow up Show quoted text On 2014/04/21 22:15:41, robwu wrote: > On 2014/04/21 21:02:05, dcheng wrote: > > I don't think this should match sandboxed iframes. > > > > 1) Can't extensions still inject by matching on a wildcard pattern? > > 2) If a sandboxed iframe wants to be treated as same origin, it can specify > that > > option. If not specified, it really should be treated as a unique origin that > > can't match anything else. > > The "sandbox" attribute somehow doesn't apply to about:blank: > 1. Visit http://jsfiddle.net/Q7tAw/show/ > 2. Open F12 devtools. > 3. Change JavaScript context to the about:blank frame. > 4. Type "parent" in the JS console and press enter. > 5. Observe that the frame can access its parent document without being blocked. Huh. I'm pretty sure that's a bug. I'll follow up in Blink on this. Show quoted text > > Content scripts are declared for specific URLs, so the (non-)existence of the > sandbox attribute should not matter. Otherwise, adblockers could be circumvented > by sandboxing the iframe. That's the thing. Now we're mixing up origins and URLs, picking whichever one happens to be convenient, and things start to get confusing. Wouldn't an adblocker use wildcard permissions anyway, making the whole issue moot to begin with? not at google - send to devlin 2014/04/21 22:36:47 Yes seems like this code should be explicitly chec Show quoted text On 2014/04/21 22:35:18, dcheng wrote: > On 2014/04/21 22:15:41, robwu wrote: > > On 2014/04/21 21:02:05, dcheng wrote: > > > I don't think this should match sandboxed iframes. > > > > > > 1) Can't extensions still inject by matching on a wildcard pattern? > > > 2) If a sandboxed iframe wants to be treated as same origin, it can specify > > that > > > option. If not specified, it really should be treated as a unique origin > that > > > can't match anything else. > > > > The "sandbox" attribute somehow doesn't apply to about:blank: > > 1. Visit http://jsfiddle.net/Q7tAw/show/ > > 2. Open F12 devtools. > > 3. Change JavaScript context to the about:blank frame. > > 4. Type "parent" in the JS console and press enter. > > 5. Observe that the frame can access its parent document without being > blocked. > > Huh. I'm pretty sure that's a bug. I'll follow up in Blink on this. > > > > > Content scripts are declared for specific URLs, so the (non-)existence of the > > sandbox attribute should not matter. Otherwise, adblockers could be > circumvented > > by sandboxing the iframe. > > That's the thing. Now we're mixing up origins and URLs, picking whichever one > happens to be convenient, and things start to get confusing. Wouldn't an > adblocker use wildcard permissions anyway, making the whole issue moot to begin > with? Yes seems like this code should be explicitly checking for an about: URL.
	206 if (document_origin_url.is_valid())

	207 return document_origin_url;

	208 return frame->document().url();
	not at google - send to devlin 2014/04/21 19:56:22 .GetOrigin()? .GetOrigin()? robwu 2014/04/21 22:15:41 Done. Show quoted text On 2014/04/21 19:56:22, kalman wrote: > .GetOrigin()? Done.
	209 }

	210

197 void UserScriptSlave::InjectScripts(WebFrame* frame,	211 void UserScriptSlave::InjectScripts(WebFrame* frame,

198 UserScript::RunLocation location) {	212 UserScript::RunLocation location) {

199 GURL data_source_url = GetDataSourceURLForFrame(frame);	213 GURL data_source_url = GetDataSourceURLForFrame(frame);

200 if (data_source_url.is_empty())	214 if (data_source_url.is_empty())

201 return;	215 return;

202	216

203 if (frame->isViewSourceModeEnabled())	217 if (frame->isViewSourceModeEnabled())

204 data_source_url = GURL(content::kViewSourceScheme + std::string(":") +	218 data_source_url = GURL(content::kViewSourceScheme + std::string(":") +

205 data_source_url.spec());	219 data_source_url.spec());

206	220

(...skipping 10 matching lines...) Expand all Loading...
217 if (frame->parent() && !script->match_all_frames())	231 if (frame->parent() && !script->match_all_frames())

218 continue; // Only match subframes if the script declared it wanted to.	232 continue; // Only match subframes if the script declared it wanted to.

219	233

220 const Extension* extension = extensions_->GetByID(script->extension_id());	234 const Extension* extension = extensions_->GetByID(script->extension_id());

221	235

222 // Since extension info is sent separately from user script info, they can	236 // Since extension info is sent separately from user script info, they can

223 // be out of sync. We just ignore this situation.	237 // be out of sync. We just ignore this situation.

224 if (!extension)	238 if (!extension)

225 continue;	239 continue;

226	240

	241 const bool isAboutScheme = data_source_url.SchemeIs(content::kAboutScheme);
	not at google - send to devlin 2014/04/21 19:56:22 is_about_scheme is_about_scheme robwu 2014/04/21 22:15:41 Done. Show quoted text On 2014/04/21 19:56:22, kalman wrote: > is_about_scheme Done.
	242 if (isAboutScheme) {

	243 if (!script->match_about_blank())

	244 continue;

	245 data_source_url = GetOriginURLForFrame(frame);

	246 }

	247

227 // Content scripts are not tab-specific.	248 // Content scripts are not tab-specific.

228 const int kNoTabId = -1;	249 const int kNoTabId = -1;

229 // We don't have a process id in this context.	250 // We don't have a process id in this context.

230 const int kNoProcessId = -1;	251 const int kNoProcessId = -1;

	252 // If the page is about:blank, check against the extension's origin

	253 // permissions instead of the user script's URL patterns.

231 if (!PermissionsData::CanExecuteScriptOnPage(extension,	254 if (!PermissionsData::CanExecuteScriptOnPage(extension,

232 data_source_url,	255 data_source_url,

233 frame->top()->document().url(),	256 frame->top()->document().url(),

234 kNoTabId,	257 kNoTabId,

235 script,	258 isAboutScheme ? NULL : script,
	not at google - send to devlin 2014/04/21 19:56:22 don't have time to trace this down, why NULL here? don't have time to trace this down, why NULL here? robwu 2014/04/21 22:15:41 Moved to separate variable, preceeded by a comment Show quoted text On 2014/04/21 19:56:22, kalman wrote: > don't have time to trace this down, why NULL here? Moved to separate variable, preceeded by a comment: // If the page is about:blank, pass NULL instead of a UserScript. This // ensures that the URL is checked against the extension's host permissions // instead of the script's URL patterns. const UserScript* script_or_null = is_about_scheme ? NULL : script;
236 kNoProcessId,	259 kNoProcessId,

237 NULL)) {	260 NULL)) {

238 continue;	261 continue;

239 }	262 }

240	263

241 if (location == UserScript::DOCUMENT_START) {	264 if (location == UserScript::DOCUMENT_START) {

242 num_css += script->css_scripts().size();	265 num_css += script->css_scripts().size();

243 for (UserScript::FileList::const_iterator iter =	266 for (UserScript::FileList::const_iterator iter =

244 script->css_scripts().begin();	267 script->css_scripts().begin();

245 iter != script->css_scripts().end();	268 iter != script->css_scripts().end();

(...skipping 72 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
318 } else if (location == UserScript::DOCUMENT_IDLE) {	341 } else if (location == UserScript::DOCUMENT_IDLE) {

319 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts);	342 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts);

320 if (num_scripts)	343 if (num_scripts)

321 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed());	344 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed());

322 } else {	345 } else {

323 NOTREACHED();	346 NOTREACHED();

324 }	347 }

325 }	348 }

326	349

327 } // namespace extensions	350 } // namespace extensions

OLD	NEW