Allow content script insertion on about:-URLs.

chrome/renderer/extensions/user_script_slave.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/extensions/user_script_slave.h"
 
 #include <map>
 
 #include "base/command_line.h"
 #include "base/logging.h"
@@ skipping 176 matching lines @@
   // the compose iframe's dataSource URL is about:blank, but the document URL
   // changes to match the parent document after Gmail document.writes into
   // it to create the editor.
   // http://code.google.com/p/chromium/issues/detail?id=86742
   blink::WebDataSource* data_source = frame->provisionalDataSource() ?
       frame->provisionalDataSource() : frame->dataSource();
   CHECK(data_source);
   return GURL(data_source->request().url());
 }
 
+GURL UserScriptSlave::GetOriginURLForFrame(const WebFrame* frame) {
+  // All pages served with the about:-scheme inherit the security origin from
+  // their parent document (i.e. either the page that contains the document or
+  // the page that opened a new window containing this page).
+  // If this parent document is accessible by the extension, then access to
+  // the about:-frame is allowed if the extension has requested access to it.
+  GURL document_origin_url(frame->document().securityOrigin().toString());
+  if (document_origin_url.is_valid())
+    return document_origin_url;
+  return frame->document().url().GetOrigin();
+}
+
 void UserScriptSlave::InjectScripts(WebFrame* frame,
                                     UserScript::RunLocation location) {
   GURL data_source_url = GetDataSourceURLForFrame(frame);
   if (data_source_url.is_empty())
     return;
 
   if (frame->isViewSourceModeEnabled())
     data_source_url = GURL(content::kViewSourceScheme + std::string(":") +
                            data_source_url.spec());
 
@@ skipping 10 matching lines @@
     if (frame->parent() && !script->match_all_frames())
       continue;  // Only match subframes if the script declared it wanted to.
 
     const Extension* extension = extensions_->GetByID(script->extension_id());
 
     // Since extension info is sent separately from user script info, they can
     // be out of sync. We just ignore this situation.
     if (!extension)
       continue;
 
+    const bool is_about_scheme =
+        data_source_url.SchemeIs(content::kAboutScheme);
+    if (is_about_scheme) {
+      if (!script->match_about_blank())
+        continue;
+      data_source_url = GetOriginURLForFrame(frame);
+    }
+
     // Content scripts are not tab-specific.
     const int kNoTabId = -1;
     // We don't have a process id in this context.
     const int kNoProcessId = -1;
+    // If the page is about:blank, pass NULL instead of a UserScript. This
+    // ensures that the URL is checked against the extension's host permissions
+    // instead of the script's URL patterns.
+    const UserScript* script_or_null = is_about_scheme ? NULL : script;

[not at google - send to devlin, 2014/04/21 22:34:41]

I see. a bit of a hack to assume that's what the implementation of
CanExecuteScriptOnPage does.

it will end up querying GetActivePermissions:
https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/...
has that added the content script permissions at that point? I'm not sure, but
if not, this code won't work for manifest-declared content scripts.

I don't really understand why this needs to have a special case.

[robwu, 2014/04/21 23:21:46]

I disliked the alternative (adding yet another (boolean) parameter to
CanExecuteScriptOnPage).
See my reply to your other comment.
The intention is to always match as many about:blank pages as possible, based on
the origin and host permissions. The initial implementation (inserting on about
blank depending on the matches pattern did not work (because "about:"

[not at google - send to devlin, 2014/04/21 23:37:39]

We're in this code because we're running a declared content script, so we should
be using the content script's permission checking not the host permissions.

[robwu, 2014/04/22 13:29:52]

Submitted patch to Blink so I can get rid of this hack by using inheritedURL()
instead of securityOrigin() - https://codereview.chromium.org/246433004/.

     if (!PermissionsData::CanExecuteScriptOnPage(extension,
                                                  data_source_url,
                                                  frame->top()->document().url(),
                                                  kNoTabId,
-                                                 script,
+                                                 script_or_null,
                                                  kNoProcessId,
                                                  NULL)) {
       continue;
     }
 
     if (location == UserScript::DOCUMENT_START) {
       num_css += script->css_scripts().size();
       for (UserScript::FileList::const_iterator iter =
                script->css_scripts().begin();
            iter != script->css_scripts().end();
@@ skipping 72 matching lines @@
   } else if (location == UserScript::DOCUMENT_IDLE) {
     UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts);
     if (num_scripts)
       UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed());
   } else {
     NOTREACHED();
   }
 }
 
 }  // namespace extensions