Index: chrome/renderer/extensions/user_script_slave.cc |
diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc |
index bdaff10bb86692bbe69c3f3e69cadc438f90067c..f4a3e429d9572485ece71b76d8894ef2b40de25e 100644 |
--- a/chrome/renderer/extensions/user_script_slave.cc |
+++ b/chrome/renderer/extensions/user_script_slave.cc |
@@ -194,6 +194,18 @@ GURL UserScriptSlave::GetDataSourceURLForFrame(const WebFrame* frame) { |
return GURL(data_source->request().url()); |
} |
+GURL UserScriptSlave::GetOriginURLForFrame(const WebFrame* frame) { |
+ // All pages served with the about:-scheme inherit the security origin from |
+ // their parent document (i.e. either the page that contains the document or |
+ // the page that opened a new window containing this page). |
+ // If this parent document is accessible by the extension, then access to |
+ // the about:-frame is allowed if the extension has requested access to it. |
+ GURL document_origin_url(frame->document().securityOrigin().toString()); |
+ if (document_origin_url.is_valid()) |
+ return document_origin_url; |
+ return frame->document().url().GetOrigin(); |
+} |
+ |
void UserScriptSlave::InjectScripts(WebFrame* frame, |
UserScript::RunLocation location) { |
GURL data_source_url = GetDataSourceURLForFrame(frame); |
@@ -224,15 +236,27 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, |
if (!extension) |
continue; |
+ const bool is_about_scheme = |
+ data_source_url.SchemeIs(content::kAboutScheme); |
+ if (is_about_scheme) { |
+ if (!script->match_about_blank()) |
+ continue; |
+ data_source_url = GetOriginURLForFrame(frame); |
+ } |
+ |
// Content scripts are not tab-specific. |
const int kNoTabId = -1; |
// We don't have a process id in this context. |
const int kNoProcessId = -1; |
+ // If the page is about:blank, pass NULL instead of a UserScript. This |
+ // ensures that the URL is checked against the extension's host permissions |
+ // instead of the script's URL patterns. |
+ const UserScript* script_or_null = is_about_scheme ? NULL : script; |
not at google - send to devlin
2014/04/21 22:34:41
I see. a bit of a hack to assume that's what the i
robwu
2014/04/21 23:21:46
I disliked the alternative (adding yet another (bo
not at google - send to devlin
2014/04/21 23:37:39
We're in this code because we're running a declare
robwu
2014/04/22 13:29:52
Submitted patch to Blink so I can get rid of this
|
if (!PermissionsData::CanExecuteScriptOnPage(extension, |
data_source_url, |
frame->top()->document().url(), |
kNoTabId, |
- script, |
+ script_or_null, |
kNoProcessId, |
NULL)) { |
continue; |