OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/extensions/user_script_slave.h" | 5 #include "chrome/renderer/extensions/user_script_slave.h" |
6 | 6 |
7 #include <map> | 7 #include <map> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 20 matching lines...) Expand all Loading... | |
31 #include "third_party/WebKit/public/web/WebDataSource.h" | 31 #include "third_party/WebKit/public/web/WebDataSource.h" |
32 #include "third_party/WebKit/public/web/WebDocument.h" | 32 #include "third_party/WebKit/public/web/WebDocument.h" |
33 #include "third_party/WebKit/public/web/WebFrame.h" | 33 #include "third_party/WebKit/public/web/WebFrame.h" |
34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" | 34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" |
35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h" | 35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h" |
36 #include "third_party/WebKit/public/web/WebView.h" | 36 #include "third_party/WebKit/public/web/WebView.h" |
37 #include "ui/base/resource/resource_bundle.h" | 37 #include "ui/base/resource/resource_bundle.h" |
38 #include "url/gurl.h" | 38 #include "url/gurl.h" |
39 | 39 |
40 using blink::WebFrame; | 40 using blink::WebFrame; |
41 using blink::WebDocument; | |
41 using blink::WebSecurityOrigin; | 42 using blink::WebSecurityOrigin; |
42 using blink::WebSecurityPolicy; | 43 using blink::WebSecurityPolicy; |
43 using blink::WebString; | 44 using blink::WebString; |
44 using blink::WebVector; | 45 using blink::WebVector; |
45 using blink::WebView; | 46 using blink::WebView; |
46 using content::RenderThread; | 47 using content::RenderThread; |
47 | 48 |
48 namespace extensions { | 49 namespace extensions { |
49 | 50 |
50 // These two strings are injected before and after the Greasemonkey API and | 51 // These two strings are injected before and after the Greasemonkey API and |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
187 // the compose iframe's dataSource URL is about:blank, but the document URL | 188 // the compose iframe's dataSource URL is about:blank, but the document URL |
188 // changes to match the parent document after Gmail document.writes into | 189 // changes to match the parent document after Gmail document.writes into |
189 // it to create the editor. | 190 // it to create the editor. |
190 // http://code.google.com/p/chromium/issues/detail?id=86742 | 191 // http://code.google.com/p/chromium/issues/detail?id=86742 |
191 blink::WebDataSource* data_source = frame->provisionalDataSource() ? | 192 blink::WebDataSource* data_source = frame->provisionalDataSource() ? |
192 frame->provisionalDataSource() : frame->dataSource(); | 193 frame->provisionalDataSource() : frame->dataSource(); |
193 CHECK(data_source); | 194 CHECK(data_source); |
194 return GURL(data_source->request().url()); | 195 return GURL(data_source->request().url()); |
195 } | 196 } |
196 | 197 |
198 GURL UserScriptSlave::GetEffectiveDocumentURL(const WebFrame* frame, | |
199 const GURL& document_url, | |
200 bool match_about_blank) { | |
201 if (!match_about_blank || !document_url.SchemeIs(content::kAboutScheme)) | |
202 return document_url; | |
203 | |
204 // Scripts on about:blank and about:srcdoc can access their parent document, | |
205 // so traverse the document tree until a non-about:blank frame is found. | |
206 WebDocument originDocument = frame->document(); | |
207 const WebSecurityOrigin securityOrigin = originDocument.securityOrigin(); | |
not at google - send to devlin
2014/05/01 20:32:19
security_origin
robwu
2014/05/01 21:30:38
Done. Should I also use underscores for |parentDoc
not at google - send to devlin
2014/05/02 16:01:48
yep, thanks. always underscore style in Chromium (
| |
208 WebFrame* parent = frame->parent() ? frame->parent() : frame->opener(); | |
not at google - send to devlin
2014/05/01 20:32:19
nit: this big block is hard to read, perhaps a bla
| |
209 // Note: The next loop body is usually run at most once. It is only repeated | |
210 // when an about:-frame is embedded in another about:-frame. | |
211 while (parent != NULL) { | |
not at google - send to devlin
2014/05/01 20:32:19
i think this loop, whole function really, could be
| |
212 WebDocument parentDocument = parent->document(); | |
213 // Immediately stop traversing the document hierarchy when the page does | |
214 // not have the permission to access its parent document. | |
215 if (!securityOrigin.canAccess(parentDocument.securityOrigin())) | |
216 return document_url; | |
217 | |
218 // Return the first accessible non-about: URL if found. | |
219 GURL parentDocumentUrl(parentDocument.url()); | |
220 if (!parentDocumentUrl.SchemeIs(content::kAboutScheme)) | |
221 return parentDocumentUrl; | |
222 | |
223 originDocument = parentDocument; | |
not at google - send to devlin
2014/05/01 20:32:19
you don't use this variable inside nor after the l
| |
224 parent = parent->parent() ? parent->parent() : parent->opener(); | |
225 } | |
226 // A standalone top-level document, just return the original URL. | |
227 return document_url; | |
228 } | |
229 | |
197 void UserScriptSlave::InjectScripts(WebFrame* frame, | 230 void UserScriptSlave::InjectScripts(WebFrame* frame, |
198 UserScript::RunLocation location) { | 231 UserScript::RunLocation location) { |
199 GURL data_source_url = GetDataSourceURLForFrame(frame); | 232 GURL data_source_url = GetDataSourceURLForFrame(frame); |
200 if (data_source_url.is_empty()) | 233 if (data_source_url.is_empty()) |
201 return; | 234 return; |
202 | 235 |
203 if (frame->isViewSourceModeEnabled()) | 236 if (frame->isViewSourceModeEnabled()) |
204 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + | 237 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + |
205 data_source_url.spec()); | 238 data_source_url.spec()); |
206 | 239 |
(...skipping 10 matching lines...) Expand all Loading... | |
217 if (frame->parent() && !script->match_all_frames()) | 250 if (frame->parent() && !script->match_all_frames()) |
218 continue; // Only match subframes if the script declared it wanted to. | 251 continue; // Only match subframes if the script declared it wanted to. |
219 | 252 |
220 const Extension* extension = extensions_->GetByID(script->extension_id()); | 253 const Extension* extension = extensions_->GetByID(script->extension_id()); |
221 | 254 |
222 // Since extension info is sent separately from user script info, they can | 255 // Since extension info is sent separately from user script info, they can |
223 // be out of sync. We just ignore this situation. | 256 // be out of sync. We just ignore this situation. |
224 if (!extension) | 257 if (!extension) |
225 continue; | 258 continue; |
226 | 259 |
260 const GURL& document_url = GetEffectiveDocumentURL( | |
261 frame, data_source_url, script->match_about_blank()); | |
262 | |
227 // Content scripts are not tab-specific. | 263 // Content scripts are not tab-specific. |
228 const int kNoTabId = -1; | 264 const int kNoTabId = -1; |
229 // We don't have a process id in this context. | 265 // We don't have a process id in this context. |
230 const int kNoProcessId = -1; | 266 const int kNoProcessId = -1; |
231 if (!PermissionsData::CanExecuteScriptOnPage(extension, | 267 if (!PermissionsData::CanExecuteScriptOnPage(extension, |
232 data_source_url, | 268 document_url, |
233 frame->top()->document().url(), | 269 frame->top()->document().url(), |
234 kNoTabId, | 270 kNoTabId, |
235 script, | 271 script, |
236 kNoProcessId, | 272 kNoProcessId, |
237 NULL)) { | 273 NULL)) { |
238 continue; | 274 continue; |
239 } | 275 } |
240 | 276 |
241 if (location == UserScript::DOCUMENT_START) { | 277 if (location == UserScript::DOCUMENT_START) { |
242 num_css += script->css_scripts().size(); | 278 num_css += script->css_scripts().size(); |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
318 } else if (location == UserScript::DOCUMENT_IDLE) { | 354 } else if (location == UserScript::DOCUMENT_IDLE) { |
319 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); | 355 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); |
320 if (num_scripts) | 356 if (num_scripts) |
321 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); | 357 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); |
322 } else { | 358 } else { |
323 NOTREACHED(); | 359 NOTREACHED(); |
324 } | 360 } |
325 } | 361 } |
326 | 362 |
327 } // namespace extensions | 363 } // namespace extensions |
OLD | NEW |