Index: chrome/renderer/extensions/user_script_slave.cc |
diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc |
index bdaff10bb86692bbe69c3f3e69cadc438f90067c..0a1f2ebe57b660a52deb9d08ef6e992d641b2d40 100644 |
--- a/chrome/renderer/extensions/user_script_slave.cc |
+++ b/chrome/renderer/extensions/user_script_slave.cc |
@@ -224,6 +224,17 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, |
if (!extension) |
continue; |
+ if (data_source_url.SchemeIs(content::kAboutScheme)) { |
+ if (!script->MatchesURL(data_source_url)) |
+ continue; |
+ |
+ // about:-documents can access their creator's document, so (dis)allow |
+ // access to the frame based on the creator's URL. |
+ GURL document_origin_url(frame->document().securityOrigin().toString()); |
+ if (document_origin_url.is_valid()) |
+ data_source_url = document_origin_url; |
not at google - send to devlin
2014/04/18 16:04:55
pull this logic out into a helper function and use
|
+ } |
+ |
// Content scripts are not tab-specific. |
const int kNoTabId = -1; |
// We don't have a process id in this context. |