Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(280)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/resources/extensions/declarative_content_custom_bindings.js

Issue 23478003: Check and canonicalize CSS selectors before registering PageStateMatchers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/extensions/api/declarative_content/declarative_content_apitest.cc ('K') | « chrome/browser/extensions/api/declarative_content/declarative_content_apitest.cc ('k') | chrome/renderer/resources/extensions/test_custom_bindings.js » ('j') | chrome/renderer/resources/extensions/test_custom_bindings.js » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/resources/extensions/declarative_content_custom_bindings.js
diff --git a/chrome/renderer/resources/extensions/declarative_content_custom_bindings.js b/chrome/renderer/resources/extensions/declarative_content_custom_bindings.js
index beb5409e7baab66667f49f3452b5615f13bb8f99..5652ca88864eccad780cfa3dc0563bac97e6e526 100644
--- a/chrome/renderer/resources/extensions/declarative_content_custom_bindings.js
+++ b/chrome/renderer/resources/extensions/declarative_content_custom_bindings.js
@@ -35,9 +35,35 @@ binding.registerCustomHook( function(api) {
validate([instance], [schema]);
}
+ function canonicalizeCssSelectors(selectors) {
+ var div = document.createElement('div');
+ div.innerHTML = '<style scoped></style>';
+ document.body.appendChild(div);
not at google - send to devlin 2013/08/27 01:46:14 Modifying the page's DOM / exposing our internals
Jeffrey Yasskin 2013/08/27 19:09:48 Note that this only exposes anything to the same e
not at google - send to devlin 2013/08/27 19:39:53 Yeah I know, but extensions still to unwittingly b
Jeffrey Yasskin 2013/08/29 03:39:39 Done: https://codereview.chromium.org/23659002/
+ try {
+ var sheet = document.styleSheets[document.styleSheets.length - 1];
+ for (var i = 0; i < selectors.length; i++) {
+ try {
+ sheet.insertRule(selectors[i] + '{}', 0);
+ } catch(e) {
+ if (e.name == "SyntaxError") {
+ throw new Error('Invalid selector: ' + selectors[i]);
+ }
+ throw e;
+ }
+ selectors[i] = sheet.cssRules[0].selectorText;
+ sheet.deleteRule(0);
+ }
+ } finally {
+ document.body.removeChild(div);
+ }
+ }
+
// Setup all data types for the declarative content API.
declarativeContent.PageStateMatcher = function(parameters) {
setupInstance(this, parameters, 'PageStateMatcher');
+ if ('css' in this) {
not at google - send to devlin 2013/08/27 01:46:14 small point, but hasOwnProperty is probably better
Jeffrey Yasskin 2013/08/27 19:09:48 Sure (haven't updated yet, but will). Where's the
not at google - send to devlin 2013/08/27 19:39:53 I mean, for all extension function calls (chrome.b
Jeffrey Yasskin 2013/08/29 03:39:39 Done.
+ canonicalizeCssSelectors(this.css);
+ }
};
declarativeContent.ShowPageAction = function(parameters) {
setupInstance(this, parameters, 'ShowPageAction');
« chrome/browser/extensions/api/declarative_content/declarative_content_apitest.cc ('K') | « chrome/browser/extensions/api/declarative_content/declarative_content_apitest.cc ('k') | chrome/renderer/resources/extensions/test_custom_bindings.js » ('j') | chrome/renderer/resources/extensions/test_custom_bindings.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698