Index: chrome/renderer/extensions/user_script_slave.cc |
diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc |
index bdaff10bb86692bbe69c3f3e69cadc438f90067c..c868de377517108e434bca797b51a20b495e5b73 100644 |
--- a/chrome/renderer/extensions/user_script_slave.cc |
+++ b/chrome/renderer/extensions/user_script_slave.cc |
@@ -38,6 +38,7 @@ |
#include "url/gurl.h" |
using blink::WebFrame; |
+using blink::WebDocument; |
using blink::WebSecurityOrigin; |
using blink::WebSecurityPolicy; |
using blink::WebString; |
@@ -194,6 +195,31 @@ GURL UserScriptSlave::GetDataSourceURLForFrame(const WebFrame* frame) { |
return GURL(data_source->request().url()); |
} |
+GURL UserScriptSlave::GetEffectiveDocumentURL(const WebFrame* frame, |
+ const GURL& document_url, |
+ bool match_about_blank) { |
+ if (!match_about_blank || !document_url.SchemeIs(content::kAboutScheme)) |
+ return document_url; |
+ |
+ // Non-sandboxed about:blank and about:srcdoc pages inherit their security |
+ // origin from their parent frame/window. So, traverse the frame/window |
+ // hierarchy to find the closest non-about:-page and return its URL. |
+ const WebFrame* parent = frame; |
+ do { |
+ parent = parent->parent() ? parent->parent() : parent->opener(); |
+ } while (parent != NULL && |
+ GURL(parent->document().url()).SchemeIs(content::kAboutScheme)); |
+ |
not at google - send to devlin
2014/05/02 16:01:48
not quite sure about this. if we're in an non-abou
robwu
2014/05/02 17:03:40
If we're on a non-about:blank frame, then the code
|
+ if (parent) { |
+ // Only return the parent URL if the frame can access it. |
+ const WebDocument& parentDocument = parent->document(); |
not at google - send to devlin
2014/05/02 16:01:48
as you pointed out, parent_document not parentDocu
robwu
2014/05/02 17:03:40
Done.
|
+ if (frame->document().securityOrigin().canAccess( |
+ parentDocument.securityOrigin())) |
+ return GURL(parentDocument.url()); |
not at google - send to devlin
2014/05/02 16:01:48
WebURL has a GURL operator so you don't need the e
robwu
2014/05/02 17:03:40
Done.
|
+ } |
+ return document_url; |
+} |
+ |
void UserScriptSlave::InjectScripts(WebFrame* frame, |
UserScript::RunLocation location) { |
GURL data_source_url = GetDataSourceURLForFrame(frame); |
@@ -224,12 +250,15 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, |
if (!extension) |
continue; |
+ const GURL& document_url = GetEffectiveDocumentURL( |
+ frame, data_source_url, script->match_about_blank()); |
+ |
// Content scripts are not tab-specific. |
const int kNoTabId = -1; |
// We don't have a process id in this context. |
const int kNoProcessId = -1; |
if (!PermissionsData::CanExecuteScriptOnPage(extension, |
- data_source_url, |
+ document_url, |
frame->top()->document().url(), |
kNoTabId, |
script, |