Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/extensions/user_script_slave.cc

Issue 226663003: Allow content script insertion on about:-URLs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: use url of parent(s) instead of origin, more tests Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/renderer/extensions/user_script_slave.h ('K') | « chrome/renderer/extensions/user_script_slave.h ('k') | chrome/test/data/extensions/api_test/content_scripts/about_blank_iframes/content_script2.js » ('j') | extensions/common/permissions/permissions_data.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/extensions/user_script_slave.h" 5 #include "chrome/renderer/extensions/user_script_slave.h"
6 6
7 #include <map> 7 #include <map>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 20 matching lines...) Expand all
31 #include "third_party/WebKit/public/web/WebDataSource.h" 31 #include "third_party/WebKit/public/web/WebDataSource.h"
32 #include "third_party/WebKit/public/web/WebDocument.h" 32 #include "third_party/WebKit/public/web/WebDocument.h"
33 #include "third_party/WebKit/public/web/WebFrame.h" 33 #include "third_party/WebKit/public/web/WebFrame.h"
34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h" 34 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h" 35 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
36 #include "third_party/WebKit/public/web/WebView.h" 36 #include "third_party/WebKit/public/web/WebView.h"
37 #include "ui/base/resource/resource_bundle.h" 37 #include "ui/base/resource/resource_bundle.h"
38 #include "url/gurl.h" 38 #include "url/gurl.h"
39 39
40 using blink::WebFrame; 40 using blink::WebFrame;
41 using blink::WebDocument;
41 using blink::WebSecurityOrigin; 42 using blink::WebSecurityOrigin;
42 using blink::WebSecurityPolicy; 43 using blink::WebSecurityPolicy;
43 using blink::WebString; 44 using blink::WebString;
44 using blink::WebVector; 45 using blink::WebVector;
45 using blink::WebView; 46 using blink::WebView;
46 using content::RenderThread; 47 using content::RenderThread;
47 48
48 namespace extensions { 49 namespace extensions {
49 50
50 // These two strings are injected before and after the Greasemonkey API and 51 // These two strings are injected before and after the Greasemonkey API and
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 // the compose iframe's dataSource URL is about:blank, but the document URL 188 // the compose iframe's dataSource URL is about:blank, but the document URL
188 // changes to match the parent document after Gmail document.writes into 189 // changes to match the parent document after Gmail document.writes into
189 // it to create the editor. 190 // it to create the editor.
190 // http://code.google.com/p/chromium/issues/detail?id=86742 191 // http://code.google.com/p/chromium/issues/detail?id=86742
191 blink::WebDataSource* data_source = frame->provisionalDataSource() ? 192 blink::WebDataSource* data_source = frame->provisionalDataSource() ?
192 frame->provisionalDataSource() : frame->dataSource(); 193 frame->provisionalDataSource() : frame->dataSource();
193 CHECK(data_source); 194 CHECK(data_source);
194 return GURL(data_source->request().url()); 195 return GURL(data_source->request().url());
195 } 196 }
196 197
198 GURL UserScriptSlave::GetEffectiveDocumentURL(const WebFrame* frame,
199 const GURL& document_url,
200 bool match_about_blank) {
201 if (!match_about_blank || !document_url.SchemeIs(content::kAboutScheme))
202 return document_url;
203
204 // Scripts on about:blank and about:srcdoc can access their parent document,
205 // so traverse the document tree until a non-about:blank frame is found.
206 WebDocument originDocument = frame->document();
207 const WebSecurityOrigin securityOrigin = originDocument.securityOrigin();
not at google - send to devlin 2014/05/01 20:32:19 security_origin
robwu 2014/05/01 21:30:38 Done. Should I also use underscores for |parentDoc
not at google - send to devlin 2014/05/02 16:01:48 yep, thanks. always underscore style in Chromium (
208 WebFrame* parent = frame->parent() ? frame->parent() : frame->opener();
not at google - send to devlin 2014/05/01 20:32:19 nit: this big block is hard to read, perhaps a bla
209 // Note: The next loop body is usually run at most once. It is only repeated
210 // when an about:-frame is embedded in another about:-frame.
211 while (parent != NULL) {
not at google - send to devlin 2014/05/01 20:32:19 i think this loop, whole function really, could be
212 WebDocument parentDocument = parent->document();
213 // Immediately stop traversing the document hierarchy when the page does
214 // not have the permission to access its parent document.
215 if (!securityOrigin.canAccess(parentDocument.securityOrigin()))
216 return document_url;
217
218 // Return the first accessible non-about: URL if found.
219 GURL parentDocumentUrl(parentDocument.url());
220 if (!parentDocumentUrl.SchemeIs(content::kAboutScheme))
221 return parentDocumentUrl;
222
223 originDocument = parentDocument;
not at google - send to devlin 2014/05/01 20:32:19 you don't use this variable inside nor after the l
224 parent = parent->parent() ? parent->parent() : parent->opener();
225 }
226 // A standalone top-level document, just return the original URL.
227 return document_url;
228 }
229
197 void UserScriptSlave::InjectScripts(WebFrame* frame, 230 void UserScriptSlave::InjectScripts(WebFrame* frame,
198 UserScript::RunLocation location) { 231 UserScript::RunLocation location) {
199 GURL data_source_url = GetDataSourceURLForFrame(frame); 232 GURL data_source_url = GetDataSourceURLForFrame(frame);
200 if (data_source_url.is_empty()) 233 if (data_source_url.is_empty())
201 return; 234 return;
202 235
203 if (frame->isViewSourceModeEnabled()) 236 if (frame->isViewSourceModeEnabled())
204 data_source_url = GURL(content::kViewSourceScheme + std::string(":") + 237 data_source_url = GURL(content::kViewSourceScheme + std::string(":") +
205 data_source_url.spec()); 238 data_source_url.spec());
206 239
(...skipping 10 matching lines...) Expand all
217 if (frame->parent() && !script->match_all_frames()) 250 if (frame->parent() && !script->match_all_frames())
218 continue; // Only match subframes if the script declared it wanted to. 251 continue; // Only match subframes if the script declared it wanted to.
219 252
220 const Extension* extension = extensions_->GetByID(script->extension_id()); 253 const Extension* extension = extensions_->GetByID(script->extension_id());
221 254
222 // Since extension info is sent separately from user script info, they can 255 // Since extension info is sent separately from user script info, they can
223 // be out of sync. We just ignore this situation. 256 // be out of sync. We just ignore this situation.
224 if (!extension) 257 if (!extension)
225 continue; 258 continue;
226 259
260 const GURL& document_url = GetEffectiveDocumentURL(
261 frame, data_source_url, script->match_about_blank());
262
227 // Content scripts are not tab-specific. 263 // Content scripts are not tab-specific.
228 const int kNoTabId = -1; 264 const int kNoTabId = -1;
229 // We don't have a process id in this context. 265 // We don't have a process id in this context.
230 const int kNoProcessId = -1; 266 const int kNoProcessId = -1;
231 if (!PermissionsData::CanExecuteScriptOnPage(extension, 267 if (!PermissionsData::CanExecuteScriptOnPage(extension,
232 data_source_url, 268 document_url,
233 frame->top()->document().url(), 269 frame->top()->document().url(),
234 kNoTabId, 270 kNoTabId,
235 script, 271 script,
236 kNoProcessId, 272 kNoProcessId,
237 NULL)) { 273 NULL)) {
238 continue; 274 continue;
239 } 275 }
240 276
241 if (location == UserScript::DOCUMENT_START) { 277 if (location == UserScript::DOCUMENT_START) {
242 num_css += script->css_scripts().size(); 278 num_css += script->css_scripts().size();
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after
318 } else if (location == UserScript::DOCUMENT_IDLE) { 354 } else if (location == UserScript::DOCUMENT_IDLE) {
319 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts); 355 UMA_HISTOGRAM_COUNTS_100("Extensions.InjectIdle_ScriptCount", num_scripts);
320 if (num_scripts) 356 if (num_scripts)
321 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed()); 357 UMA_HISTOGRAM_TIMES("Extensions.InjectIdle_Time", timer.Elapsed());
322 } else { 358 } else {
323 NOTREACHED(); 359 NOTREACHED();
324 } 360 }
325 } 361 }
326 362
327 } // namespace extensions 363 } // namespace extensions
OLDNEW
« chrome/renderer/extensions/user_script_slave.h ('K') | « chrome/renderer/extensions/user_script_slave.h ('k') | chrome/test/data/extensions/api_test/content_scripts/about_blank_iframes/content_script2.js » ('j') | extensions/common/permissions/permissions_data.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698