Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(834)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/active_script_controller.h

Issue 286003004: Block tabs.executeScript() from executing until user grants permission (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/active_script_controller.cc » ('j') | chrome/browser/extensions/active_script_controller.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/active_script_controller.h
diff --git a/chrome/browser/extensions/active_script_controller.h b/chrome/browser/extensions/active_script_controller.h
index ec5d929bb788e596c227e26f2a17436e4b817a40..118f2ef97641bb92bfe867ddacd5ea098cf39def 100644
--- a/chrome/browser/extensions/active_script_controller.h
+++ b/chrome/browser/extensions/active_script_controller.h
@@ -8,7 +8,9 @@
#include <map>
#include <set>
#include <string>
+#include <vector>
+#include "base/callback.h"
#include "base/compiler_specific.h"
#include "base/memory/linked_ptr.h"
#include "chrome/browser/extensions/location_bar_controller.h"
@@ -42,10 +44,18 @@ class ActiveScriptController : public LocationBarController::ActionProvider,
static ActiveScriptController* GetForWebContents(
content::WebContents* web_contents);
- // Notify the ActiveScriptController that an extension is running a script.
- // TODO(rdevlin.cronin): Soon, this should be ask the user for permission,
- // rather than simply notifying them.
- void NotifyScriptExecuting(const std::string& extension_id, int page_id);
+ // Injects the script (by running |callback|) if the extension has permission
+ // to do. This can be determined by the extension's explicit permissions, or
+ // by asking the user for permission to run. If the extension does not have
+ // permission and it is never given, |callback| is never run (and will
+ // destruct).
+ // NOTE: Callers *cannot* make any assumptions as to when (or if) |callback|
+ // will be run. It may be run immediately (if the extension already has the
+ // required permissions), after a period of time (if the user consents), or
+ // never.
+ void InjectScriptIfHasPermission(const std::string& extension_id,
+ int page_id,
+ const base::Closure& callback);
// Notifies the ActiveScriptController of detected ad injection.
void OnAdInjectionDetected(const std::vector<std::string> ad_injectors);
@@ -58,13 +68,26 @@ class ActiveScriptController : public LocationBarController::ActionProvider,
virtual void OnNavigated() OVERRIDE;
private:
- // content::WebContentsObserver implementation.
- virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
+ typedef std::vector<base::Closure> PendingRequestList;
+ typedef std::map<std::string, PendingRequestList> PendingRequestMap;
- // Handle the NotifyExtensionScriptExecution message.
+ // Handles the NotifyExtensionScriptExecution message.
void OnNotifyExtensionScriptExecution(const std::string& extension_id,
int page_id);
+ // Returns true if the ActiveScriptController should process the request. This
+ // can be false if, e.g., the page id does not match, the extension cannot
+ // be found, etc.
+ bool ShouldProcessRequest(const Extension* extension, int page_id);
+
+ // Adds the |request| to the map of pending requests, or processes it
+ // immediately if no permission is needed.
+ void AddOrProcessRequest(const Extension* extension,
+ const base::Closure& request);
+
+ // content::WebContentsObserver implementation.
+ virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
+
// Log metrics.
void LogUMA() const;
@@ -73,11 +96,11 @@ class ActiveScriptController : public LocationBarController::ActionProvider,
// always allowing scripts to run and never displaying actions.
bool enabled_;
- // The extensions that have called ExecuteScript on the current frame.
- std::set<std::string> extensions_executing_scripts_;
+ // The map of extension_id:pending_request of all pending requests.
+ PendingRequestMap pending_requests_;
- // The extensions which have injected ads.
- std::set<std::string> ad_injectors_;
+ // The extensions which have been granted permission to run on the given page.
+ std::set<std::string> permitted_extensions_;
// Script badges that have been generated for extensions. This is both those
// with actions already declared that are copied and normalised, and actions
« no previous file with comments | « no previous file | chrome/browser/extensions/active_script_controller.cc » ('j') | chrome/browser/extensions/active_script_controller.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698