Index: chrome/renderer/extensions/user_script_slave.cc |
diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc |
index bdaff10bb86692bbe69c3f3e69cadc438f90067c..24a0f0562ccec7957c9b8034ff5e084ff558877c 100644 |
--- a/chrome/renderer/extensions/user_script_slave.cc |
+++ b/chrome/renderer/extensions/user_script_slave.cc |
@@ -194,6 +194,20 @@ GURL UserScriptSlave::GetDataSourceURLForFrame(const WebFrame* frame) { |
return GURL(data_source->request().url()); |
} |
+GURL UserScriptSlave::GetOriginURLForFrame(const WebFrame* frame) { |
+ // All pages served with the about:-scheme inherit the security origin from |
+ // their parent document (i.e. either the page that contains the document or |
+ // the page that opened a new window containing this page). |
+ // If this parent document is accessible by the extension, then access to |
+ // the about:-frame is allowed if the extension has requested access to it. |
+ GURL document_origin_url(frame->document().securityOrigin().toString()); |
+ // TODO(robwu): Iframes with the sandbox HTML attribute are mistakenly |
not at google - send to devlin
2014/04/21 19:56:22
I .. think it makes sense to return an invalid URL
robwu
2014/04/21 22:15:41
Oops, this comment should be removed. I checked, a
|
+ // excluded by this method, because their origin is "null" (i.e. unique). |
dcheng
2014/04/21 21:02:05
I don't think this should match sandboxed iframes.
robwu
2014/04/21 22:15:41
The "sandbox" attribute somehow doesn't apply to a
dcheng
2014/04/21 22:35:18
Huh. I'm pretty sure that's a bug. I'll follow up
not at google - send to devlin
2014/04/21 22:36:47
Yes seems like this code should be explicitly chec
|
+ if (document_origin_url.is_valid()) |
+ return document_origin_url; |
+ return frame->document().url(); |
not at google - send to devlin
2014/04/21 19:56:22
.GetOrigin()?
robwu
2014/04/21 22:15:41
Done.
|
+} |
+ |
void UserScriptSlave::InjectScripts(WebFrame* frame, |
UserScript::RunLocation location) { |
GURL data_source_url = GetDataSourceURLForFrame(frame); |
@@ -224,15 +238,24 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, |
if (!extension) |
continue; |
+ const bool isAboutScheme = data_source_url.SchemeIs(content::kAboutScheme); |
not at google - send to devlin
2014/04/21 19:56:22
is_about_scheme
robwu
2014/04/21 22:15:41
Done.
|
+ if (isAboutScheme) { |
+ if (!script->match_about_blank()) |
+ continue; |
+ data_source_url = GetOriginURLForFrame(frame); |
+ } |
+ |
// Content scripts are not tab-specific. |
const int kNoTabId = -1; |
// We don't have a process id in this context. |
const int kNoProcessId = -1; |
+ // If the page is about:blank, check against the extension's origin |
+ // permissions instead of the user script's URL patterns. |
if (!PermissionsData::CanExecuteScriptOnPage(extension, |
data_source_url, |
frame->top()->document().url(), |
kNoTabId, |
- script, |
+ isAboutScheme ? NULL : script, |
not at google - send to devlin
2014/04/21 19:56:22
don't have time to trace this down, why NULL here?
robwu
2014/04/21 22:15:41
Moved to separate variable, preceeded by a comment
|
kNoProcessId, |
NULL)) { |
continue; |