Block content scripts from executing until user grants permission

chrome/browser/extensions/active_script_controller.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/active_script_controller.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram.h"
@@ skipping 192 matching lines @@
        ++request) {
     // Only run if it's on the proper page.
     if (request->page_id == page_id)
       request->closure.Run();
   }
 
   // Inform the location bar that the action is now gone.
   LocationBarController::NotifyChange(web_contents());
 }
 
-void ActiveScriptController::OnNotifyExtensionScriptExecution(
+void ActiveScriptController::OnRequestContentScriptPermission(
     const std::string& extension_id,
-    int page_id) {
+    int page_id,
+    int request_id) {
   if (!Extension::IdIsValid(extension_id)) {
     NOTREACHED() << "'" << extension_id << "' is not a valid id.";
     return;
   }
 
   const Extension* extension =
       ExtensionRegistry::Get(web_contents()->GetBrowserContext())
           ->enabled_extensions().GetByID(extension_id);
   // We shouldn't allow extensions which are no longer enabled to run any
   // scripts. Ignore the request.
   if (!extension)
     return;
 
-  // Right now, we allow all content scripts to execute, but notify the
-  // controller of them.
-  // TODO(rdevlin.cronin): Fix this in a future CL.
-  if (RequiresUserConsentForScriptInjection(extension))
-    RequestScriptInjection(extension, page_id, base::Bind(&base::DoNothing));
+  // If the request id is -1, that signals that the content script has already
+  // ran (because this feature is not enabled). Add the extension to the list of
+  // permitted extensions (for metrics), and return immediately.
+  if (request_id == -1) {
+    DCHECK(!enabled_);
+    permitted_extensions_.insert(extension->id());
+    return;
+  }
+
+  if (RequiresUserConsentForScriptInjection(extension)) {
+    // This base::Unretained() is safe, because the callback is only invoked by
+    // this object.
+    RequestScriptInjection(
+        extension,
+        page_id,
+        base::Bind(&ActiveScriptController::GrantContentScriptPermission,
+                   base::Unretained(this),
+                   request_id));
+  } else {
+    GrantContentScriptPermission(request_id);
+  }
+}
+
+void ActiveScriptController::GrantContentScriptPermission(int request_id) {
+  content::RenderViewHost* render_view_host =
+      web_contents()->GetRenderViewHost();
+  if (render_view_host) {
+    render_view_host->Send(new ExtensionMsg_GrantContentScriptPermission(
+                               render_view_host->GetRoutingID(),
+                               request_id));
+  }
 }
 
 bool ActiveScriptController::OnMessageReceived(const IPC::Message& message) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(ActiveScriptController, message)
-    IPC_MESSAGE_HANDLER(ExtensionHostMsg_NotifyExtensionScriptExecution,
-                        OnNotifyExtensionScriptExecution)
+    IPC_MESSAGE_HANDLER(ExtensionHostMsg_RequestContentScriptPermission,
+                        OnRequestContentScriptPermission)
     IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void ActiveScriptController::LogUMA() const {
   UMA_HISTOGRAM_COUNTS_100(
       "Extensions.ActiveScriptController.ShownActiveScriptsOnPage",
       pending_requests_.size());
 
   // We only log the permitted extensions metric if the feature is enabled,
   // because otherwise the data will be boring (100% allowed).
   if (enabled_) {
     UMA_HISTOGRAM_COUNTS_100(
         "Extensions.ActiveScriptController.PermittedExtensions",
         permitted_extensions_.size());
     UMA_HISTOGRAM_COUNTS_100(
         "Extensions.ActiveScriptController.DeniedExtensions",
         pending_requests_.size());
   }
 }
 
 }  // namespace extensions