Run any pending injections in ActiveScriptController if permission is granted

chrome/browser/extensions/active_tab_permission_granter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/active_tab_permission_granter.h"
 
+#include "chrome/browser/extensions/active_script_controller.h"
 #include "chrome/browser/profiles/profile.h"
 #include "content/public/browser/navigation_details.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/web_contents.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/common/extension_messages.h"
 #include "extensions/common/permissions/permission_set.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/user_script.h"
 #include "url/gurl.h"
@@ skipping 53 matching lines @@
   if (!new_apis.empty() || !new_hosts.is_empty()) {
     granted_extensions_.Insert(extension);
     scoped_refptr<const PermissionSet> new_permissions =
         new PermissionSet(new_apis, ManifestPermissionSet(),
                           new_hosts, URLPatternSet());
     PermissionsData::UpdateTabSpecificPermissions(extension,
                                                   tab_id_,
                                                   new_permissions);
     const content::NavigationEntry* navigation_entry =
         web_contents()->GetController().GetVisibleEntry();
     if (navigation_entry) {

[not at google - send to devlin, 2014/05/22 20:44:49]

I don't see why this should be gated on a navigation entry (.. conceptually, at
least).

[Devlin, 2014/05/22 22:12:36]

Conceptually, if there's no navigation entry, we don't really know what page
we'd even assign the tab-specific permissions to, so it doesn't make sense to
grant them, or run a script on that page.  This should only happen if, e.g., no
page has fully loaded.  So if a page hasn't loaded, but _will_ load
sensitive-website.com, we don't want to prematurely grant access.  Better to
ignore the request.

Non-conceptually, if we don't have a navigation controller, we can't confirm
page id, and it doesn't matter.  Or the renderer won't have the updated
permissions, and we can't execute anyway.  Or, if we move out both the send and
the ASC stuff, we crash on line 83.  So I figured it best in here. :)  (At
least, until we refactor stuff...)

[not at google - send to devlin, 2014/05/22 22:21:47]

Yeah so some of this is part of a larger question: should we be checking against
the last committed URL or the visible URL. last committed is typically more
correct for host permission checks, but for granting active tab the visible URL
is what the user is seeing, so that's what they're granting access to; it seems
more correct.

... and this stuff sits in the middle, so it's hard to think about.

in any case, it's the *tab* that's being assigned the permissions, not the page.
I'd expect that ASC will pull out the page ID and check it (... which is does,
but that's not the concern of this class)

the point being: the effect is identical. I just don't think that conceptually
this class should assume anything about ASC. we still update the browser-side
state (line 76) even though there wasn't a navigation entry.

       Send(new ExtensionMsg_UpdateTabSpecificPermissions(
           navigation_entry->GetPageID(),
           tab_id_,
           extension->id(),
           new_hosts));
+      // If more things ever need to know about this, we should consider making
+      // an observer class.

[not at google - send to devlin, 2014/05/22 20:44:49]

yes indeed :)

which is to say, good comment, don't need to now.

+      ActiveScriptController::GetForWebContents(web_contents())

[not at google - send to devlin, 2014/05/22 20:44:49]

also add a note to do this after the IPC has been sent, so that the renderer
knows about the correct permission state before anything caused by the
ActiveScriptController can happen.

[Devlin, 2014/05/22 22:12:36]

Done.

+          ->OnActiveTabPermissionGranted(extension);
     }
   }
 }
 
 void ActiveTabPermissionGranter::DidNavigateMainFrame(
     const content::LoadCommittedDetails& details,
     const content::FrameNavigateParams& params) {
   if (details.is_in_page)
     return;
   DCHECK(details.is_main_frame);  // important: sub-frames don't get granted!
@@ skipping 23 matching lines @@
        it != granted_extensions_.end(); ++it) {
     PermissionsData::ClearTabSpecificPermissions(it->get(), tab_id_);
     extension_ids.push_back((*it)->id());
   }
 
   Send(new ExtensionMsg_ClearTabSpecificPermissions(tab_id_, extension_ids));
   granted_extensions_.Clear();
 }
 
 }  // namespace extensions