Block tabs.executeScript() from executing until user grants permission

chrome/browser/extensions/script_executor.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/script_executor.h"
 
+#include "base/bind.h"
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "chrome/browser/extensions/active_script_controller.h"
 #include "chrome/browser/extensions/tab_helper.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
@@ skipping 102 matching lines @@
                                    const std::string& code,
                                    ScriptExecutor::FrameScope frame_scope,
                                    UserScript::RunLocation run_at,
                                    ScriptExecutor::WorldType world_type,
                                    ScriptExecutor::ProcessType process_type,
                                    const GURL& webview_src,
                                    const GURL& file_url,
                                    bool user_gesture,
                                    ScriptExecutor::ResultType result_type,
                                    const ExecuteScriptCallback& callback) {
-  ActiveScriptController* active_script_controller =
-      ActiveScriptController::GetForWebContents(web_contents_);
-  content::NavigationEntry* visible_entry =
-      web_contents_->GetController().GetVisibleEntry();
-  if (active_script_controller && visible_entry) {
-    // TODO(rdevlin.cronin): Now, this is just a notification. Soon, it should
-    // block until the user gives the OK to execute.
-    active_script_controller->NotifyScriptExecuting(extension_id,
-                                                    visible_entry->GetPageID());
-  }
-
   ExtensionMsg_ExecuteCode_Params params;
   params.request_id = next_request_id_++;
   params.extension_id = extension_id;
   params.is_javascript = (script_type == JAVASCRIPT);
   params.code = code;
   params.all_frames = (frame_scope == ALL_FRAMES);
   params.run_at = static_cast<int>(run_at);
   params.in_main_world = (world_type == MAIN_WORLD);
   params.is_web_view = (process_type == WEB_VIEW_PROCESS);
   params.webview_src = webview_src;
   params.file_url = file_url;
   params.wants_result = (result_type == JSON_SERIALIZED_RESULT);
   params.user_gesture = user_gesture;
 
+  ActiveScriptController* active_script_controller =
+      ActiveScriptController::GetForWebContents(web_contents_);
+  content::NavigationEntry* visible_entry =
+      web_contents_->GetController().GetVisibleEntry();
+  if (active_script_controller && visible_entry) {
+    // The base::Unretained(this) is safe, because this and the
+    // ActiveScriptController are both attached to the TabHelper. Thus, if the
+    // ActiveScriptController is still alive to invoke the callback, this is
+    // alive, too.
+    active_script_controller->GetPermissionForInjection(
+        extension_id,
+        visible_entry->GetPageID(),
+        scoped_ptr<const base::Closure>(new base::Closure(
+            base::Bind(&ScriptExecutor::ExecuteScriptHelper,
+                       base::Unretained(this),
+                       params,

[not at google - send to devlin, 2014/05/15 00:12:36]

yes, it would make sense to Pass() this.

[Devlin, 2014/05/15 17:45:59]

Done.

+                       callback))));
+  } else {
+    ExecuteScriptHelper(params, callback);
+  }
+}
+
+void ScriptExecutor::ExecuteScriptHelper(
+    const ExtensionMsg_ExecuteCode_Params& params,
+    const ExecuteScriptCallback& callback) {
   // Handler handles IPCs and deletes itself on completion.
   new Handler(script_observers_, web_contents_, params, callback);
 }
 
 }  // namespace extensions