chrome/browser/extensions/active_script_controller.cc - Issue 288053002: Block content scripts from executing until user grants permission

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/extensions/active_script_controller.cc

Issue 288053002: Block content scripts from executing until user grants permission (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Ben's Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/extensions/active_script_controller.h ('k') | chrome/browser/extensions/active_script_controller_browsertest.cc » ('j') | extensions/renderer/user_script_slave.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/extensions/active_script_controller.cc

diff --git a/chrome/browser/extensions/active_script_controller.cc b/chrome/browser/extensions/active_script_controller.cc

index a4dc3a551a6ee6be48086ac0d2f667f62b9551f0..7a5eb3ac77ee247168ce8464339e60db43704967 100644

--- a/chrome/browser/extensions/active_script_controller.cc

+++ b/chrome/browser/extensions/active_script_controller.cc

@@ -182,9 +182,10 @@ void ActiveScriptController::OnNavigated() {

pending_requests_.clear();

}

-void ActiveScriptController::OnNotifyExtensionScriptExecution(

+void ActiveScriptController::OnRequestContentScriptPermission(

const std::string& extension_id,

- int page_id) {

+ int page_id,

+ int request_id) {

if (!Extension::IdIsValid(extension_id)) {

NOTREACHED() << "'" << extension_id << "' is not a valid id.";

return;

@@ -198,18 +199,35 @@ void ActiveScriptController::OnNotifyExtensionScriptExecution(

if (!extension)

return;

- // Right now, we allow all content scripts to execute, but notify the

- // controller of them.

- // TODO(rdevlin.cronin): Fix this in a future CL.

- if (RequiresUserConsentForScriptInjection(extension))

- RequestScriptInjection(extension, page_id, base::Bind(&base::DoNothing));

+ if (RequiresUserConsentForScriptInjection(extension)) {

+ // This base::Unretained() is safe, because the callback is only invoked by

+ // this object.

+ RequestScriptInjection(

+ extension,

+ page_id,

+ base::Bind(&ActiveScriptController::GrantContentScriptPermission,

+ base::Unretained(this),

+ request_id));

+ } else {

+ GrantContentScriptPermission(request_id);

+ }

+void ActiveScriptController::GrantContentScriptPermission(int request_id) {

+ content::RenderViewHost* render_view_host =

+ web_contents()->GetRenderViewHost();

+ if (render_view_host) {

+ render_view_host->Send(new ExtensionMsg_GrantContentScriptPermission(

+ render_view_host->GetRoutingID(),

+ request_id));

+ }

}

bool ActiveScriptController::OnMessageReceived(const IPC::Message& message) {

bool handled = true;

IPC_BEGIN_MESSAGE_MAP(ActiveScriptController, message)

- IPC_MESSAGE_HANDLER(ExtensionHostMsg_NotifyExtensionScriptExecution,

- OnNotifyExtensionScriptExecution)

+ IPC_MESSAGE_HANDLER(ExtensionHostMsg_RequestContentScriptPermission,

+ OnRequestContentScriptPermission)

IPC_MESSAGE_UNHANDLED(handled = false)

IPC_END_MESSAGE_MAP()

return handled;