[Extensions] Don't allow content scripts on the New Tab Page

chrome/browser/extensions/api/tabs/tabs_api.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/tabs/tabs_api.h"
 
 #include <stddef.h>
 #include <algorithm>
 #include <limits>
 #include <memory>
@@ skipping 1804 matching lines @@
   if (tab_id == -1) {
     Browser* browser = chrome_details_.GetCurrentBrowser();
     // Can happen during shutdown.
     if (!browser)
       return set_init_result_error(keys::kNoCurrentWindowError);
     content::WebContents* web_contents = NULL;
     // Can happen during shutdown.
     if (!ExtensionTabUtil::GetDefaultTab(browser, &web_contents, &tab_id))
       return set_init_result_error(keys::kNoTabInBrowserWindowError);
   }
 

[karandeepb, 2017/07/18 19:26:59]

Do we also need to update extension docs for this change?

[Devlin, 2017/07/18 20:53:46]

I don't think so. We state in numerous places that the only sanctioned way to
modify chrome pages is through the chrome urls overrides.

[karandeepb, 2017/07/18 21:06:25]

Acknowledged.

   execute_tab_id_ = tab_id;
   details_ = std::move(details);
   set_host_id(HostID(HostID::EXTENSIONS, extension()->id()));
   return set_init_result(SUCCESS);
 }
 
 bool ExecuteCodeInTabFunction::CanExecuteScriptOnPage() {

[karandeepb, 2017/07/18 19:26:59]

So we don't do any checks in the browser process?

[Devlin, 2017/07/18 20:53:46]

Funny thing - the URL in the browser side is actually chrome://newtab, and so
extensions aren't allowed to inject into it since it's a chrome://-scheme URL. 
Only the renderer knows that chrome://newtab is kinda-like google.com/newtab. 
So the only specific place we need to check for this is in the renderer.

[karandeepb, 2017/07/18 21:06:25]

Acknowledged.

   content::WebContents* contents = NULL;
 
   // If |tab_id| is specified, look for the tab. Otherwise default to selected
   // tab in the current window.
+  LOG(WARNING) << "Checking host";
   CHECK_GE(execute_tab_id_, 0);
   if (!GetTabById(execute_tab_id_, browser_context(), include_incognito(),
                   nullptr, nullptr, &contents, nullptr, &error_)) {
+    LOG(WARNING) << "No tab";
     return false;
   }
 
   CHECK(contents);
 
   int frame_id = details_->frame_id ? *details_->frame_id
                                     : ExtensionApiFrameIdMap::kTopFrameId;
   content::RenderFrameHost* rfh =
       ExtensionApiFrameIdMap::GetRenderFrameHostById(contents, frame_id);
   if (!rfh) {
+    LOG(WARNING) << "No frame";

[karandeepb, 2017/07/18 19:26:59]

Remove logging.

[Devlin, 2017/07/18 20:53:46]

Whoops, done.

     error_ = ErrorUtils::FormatErrorMessage(keys::kFrameNotFoundError,
                                             base::IntToString(frame_id),
                                             base::IntToString(execute_tab_id_));
     return false;
   }
 
   // Content scripts declared in manifest.json can access frames at about:-URLs
   // if the extension has permission to access the frame's origin, so also allow
   // programmatic content scripts at about:-URLs for allowed origins.
   GURL effective_document_url(rfh->GetLastCommittedURL());
+  LOG(WARNING) << "Effective1: " << effective_document_url;
   bool is_about_url = effective_document_url.SchemeIs(url::kAboutScheme);
   if (is_about_url && details_->match_about_blank &&
       *details_->match_about_blank) {
     effective_document_url = GURL(rfh->GetLastCommittedOrigin().Serialize());
+    LOG(WARNING) << "Effective2: " << effective_document_url;
   }
 
   if (!effective_document_url.is_valid()) {
+    LOG(WARNING) << "Invalid, skipping";
     // Unknown URL, e.g. because no load was committed yet. Allow for now, the
     // renderer will check again and fail the injection if needed.
     return true;
   }
 
   // NOTE: This can give the wrong answer due to race conditions, but it is OK,
   // we check again in the renderer.
   if (!extension()->permissions_data()->CanAccessPage(
           extension(), effective_document_url, execute_tab_id_, &error_)) {
+    LOG(WARNING) << "Denied";
     if (is_about_url &&
         extension()->permissions_data()->active_permissions().HasAPIPermission(
             APIPermission::kTab)) {
       error_ = ErrorUtils::FormatErrorMessage(
           manifest_errors::kCannotAccessAboutUrl,
           rfh->GetLastCommittedURL().spec(),
           rfh->GetLastCommittedOrigin().Serialize());
     }
     return false;
   }
 
+  LOG(WARNING) << "Accepted";
   return true;
 }
 
 ScriptExecutor* ExecuteCodeInTabFunction::GetScriptExecutor() {
   Browser* browser = NULL;
   content::WebContents* contents = NULL;
 
   bool success =
       GetTabById(execute_tab_id_, browser_context(), include_incognito(),
                  &browser, nullptr, &contents, nullptr, &error_) &&
@@ skipping 205 matching lines @@
       params->tab_id
           ? ErrorUtils::FormatErrorMessage(keys::kCannotDiscardTab,
                                            base::IntToString(*params->tab_id))
           : keys::kCannotFindTabToDiscard));
 }
 
 TabsDiscardFunction::TabsDiscardFunction() {}
 TabsDiscardFunction::~TabsDiscardFunction() {}
 
 }  // namespace extensions