Index: chrome/renderer/extensions/user_script_slave.cc |
diff --git a/chrome/renderer/extensions/user_script_slave.cc b/chrome/renderer/extensions/user_script_slave.cc |
index bdaff10bb86692bbe69c3f3e69cadc438f90067c..6b89753ac0f66874ab2c417371d21df9c2eefef2 100644 |
--- a/chrome/renderer/extensions/user_script_slave.cc |
+++ b/chrome/renderer/extensions/user_script_slave.cc |
@@ -38,6 +38,7 @@ |
#include "url/gurl.h" |
using blink::WebFrame; |
+using blink::WebDocument; |
using blink::WebSecurityOrigin; |
using blink::WebSecurityPolicy; |
using blink::WebString; |
@@ -194,6 +195,38 @@ GURL UserScriptSlave::GetDataSourceURLForFrame(const WebFrame* frame) { |
return GURL(data_source->request().url()); |
} |
+GURL UserScriptSlave::GetEffectiveDocumentURL(const WebFrame* frame, |
+ const GURL& document_url, |
+ bool match_about_blank) { |
+ if (!match_about_blank || !document_url.SchemeIs(content::kAboutScheme)) |
+ return document_url; |
+ |
+ // Scripts on about:blank and about:srcdoc can access their parent document, |
+ // so traverse the document tree until a non-about:blank frame is found. |
+ WebDocument originDocument = frame->document(); |
+ const WebSecurityOrigin securityOrigin = originDocument.securityOrigin(); |
not at google - send to devlin
2014/05/01 20:32:19
security_origin
robwu
2014/05/01 21:30:38
Done. Should I also use underscores for |parentDoc
not at google - send to devlin
2014/05/02 16:01:48
yep, thanks. always underscore style in Chromium (
|
+ WebFrame* parent = frame->parent() ? frame->parent() : frame->opener(); |
not at google - send to devlin
2014/05/01 20:32:19
nit: this big block is hard to read, perhaps a bla
|
+ // Note: The next loop body is usually run at most once. It is only repeated |
+ // when an about:-frame is embedded in another about:-frame. |
+ while (parent != NULL) { |
not at google - send to devlin
2014/05/01 20:32:19
i think this loop, whole function really, could be
|
+ WebDocument parentDocument = parent->document(); |
+ // Immediately stop traversing the document hierarchy when the page does |
+ // not have the permission to access its parent document. |
+ if (!securityOrigin.canAccess(parentDocument.securityOrigin())) |
+ return document_url; |
+ |
+ // Return the first accessible non-about: URL if found. |
+ GURL parentDocumentUrl(parentDocument.url()); |
+ if (!parentDocumentUrl.SchemeIs(content::kAboutScheme)) |
+ return parentDocumentUrl; |
+ |
+ originDocument = parentDocument; |
not at google - send to devlin
2014/05/01 20:32:19
you don't use this variable inside nor after the l
|
+ parent = parent->parent() ? parent->parent() : parent->opener(); |
+ } |
+ // A standalone top-level document, just return the original URL. |
+ return document_url; |
+} |
+ |
void UserScriptSlave::InjectScripts(WebFrame* frame, |
UserScript::RunLocation location) { |
GURL data_source_url = GetDataSourceURLForFrame(frame); |
@@ -224,12 +257,15 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, |
if (!extension) |
continue; |
+ const GURL& document_url = GetEffectiveDocumentURL( |
+ frame, data_source_url, script->match_about_blank()); |
+ |
// Content scripts are not tab-specific. |
const int kNoTabId = -1; |
// We don't have a process id in this context. |
const int kNoProcessId = -1; |
if (!PermissionsData::CanExecuteScriptOnPage(extension, |
- data_source_url, |
+ document_url, |
frame->top()->document().url(), |
kNoTabId, |
script, |