Resubmit: Block content scripts from executing until user grants permission

extensions/renderer/script_injection.h

Index: extensions/renderer/script_injection.h
diff --git a/extensions/renderer/script_injection.h b/extensions/renderer/script_injection.h
index 813fbb4193cb117533ec76636799c29f6c3e1c5b..9886bc83e12d178bcccd06942f639b4c04c758e3 100644
--- a/extensions/renderer/script_injection.h
+++ b/extensions/renderer/script_injection.h
@@ -9,8 +9,10 @@
 #include <set>
 #include <string>
 
+#include "base/basictypes.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
 #include "base/timer/elapsed_timer.h"
 #include "extensions/common/user_script.h"
 
@@ -20,6 +22,10 @@ namespace blink {
 class WebFrame;
 }
 
+namespace content {
+class RenderView;
+}
+
 namespace extensions {
 class UserScriptSlave;
 
@@ -56,6 +62,39 @@ class ScriptInjection {
                   UserScriptSlave* user_script_slave);
   ~ScriptInjection();
 
+  // Inject the script into the given |frame| if the script should run on the
+  // frame and has permission to do so. If the script requires user consent,
+  // this will register a pending request to inject at a later time.
+  // If the script is run immediately, |scripts_run_info| is updated with
+  // information about the run.
+  void InjectIfAllowed(blink::WebFrame* frame,
+                       UserScript::RunLocation location,
+                       const GURL& document_url,
+                       ScriptsRunInfo* scripts_run_info);
+
+  // If a request with the given |request_id| exists, runs that request and
+  // modifies |scripts_run_info| with information about the run. Otherwise, does
+  // nothing.
+  // If |frame_out| is non-NULL and a script was run, |frame_out| will be
+  // populated with the frame in which the script was run.
+  // Returns true if the request was found *and* the script was run.
+  bool NotifyScriptPermitted(int64 request_id,
+                             content::RenderView* render_view,
+                             ScriptsRunInfo* scripts_run_info,
+                             blink::WebFrame** frame_out);
+
+  // Notififies the Injection that the frame has been detached (i.e. is about
+  // to be destroyed).
+  void FrameDetached(blink::WebFrame* frame);
+
+  void SetScript(scoped_ptr<UserScript> script);
+
+  const std::string& extension_id() { return extension_id_; }
+  const UserScript* script() { return script_.get(); }
+
+ private:
+  struct PendingInjection;
+
   // Returns true if this ScriptInjection wants to run on the given |frame| at
   // the given |run_location| (i.e., if this script would inject either JS or
   // CSS).
@@ -63,20 +102,17 @@ class ScriptInjection {
                   UserScript::RunLocation run_location,
                   const GURL& document_url) const;
 
+  // Returns true if the script will inject [css|js] at the given
+  // |run_location|.
+  bool ShouldInjectJS(UserScript::RunLocation run_location) const;
+  bool ShouldInjectCSS(UserScript::RunLocation run_location) const;
+
   // Injects the script into the given |frame|, and updates |scripts_run_info|
   // information about the run.
   void Inject(blink::WebFrame* frame,
               UserScript::RunLocation run_location,
               ScriptsRunInfo* scripts_run_info) const;
 
-  const std::string& extension_id() { return extension_id_; }
-
- private:
-  // Returns true if the script will inject [css|js] at the given
-  // |run_location|.
-  bool ShouldInjectJS(UserScript::RunLocation run_location) const;
-  bool ShouldInjectCSS(UserScript::RunLocation run_location) const;
-
   // Injects the [css|js] scripts into the frame, and stores the results of
   // the run in |scripts_run_info|.
   void InjectJS(blink::WebFrame* frame, ScriptsRunInfo* scripts_run_info) const;
@@ -99,6 +135,8 @@ class ScriptInjection {
   // True if the script is a standalone script or emulates greasemonkey.
   bool is_standalone_or_emulate_greasemonkey_;
 
+  ScopedVector<PendingInjection> pending_injections_;
+
   DISALLOW_COPY_AND_ASSIGN(ScriptInjection);
 };