Have the Debugger extension api check that it has access to the tab

extensions/common/permissions/permissions_data.cc

Index: extensions/common/permissions/permissions_data.cc
diff --git a/extensions/common/permissions/permissions_data.cc b/extensions/common/permissions/permissions_data.cc
index 72717f7617d493ac2c9955155082def54ae0e951..77c2a03e76e0f3d2cbaaa96605c0b51a4fd8fe7e 100644
--- a/extensions/common/permissions/permissions_data.cc
+++ b/extensions/common/permissions/permissions_data.cc
@@ -70,6 +70,39 @@ bool PermissionsData::CanExecuteScriptEverywhere(const Extension* extension) {
          whitelist.end();
 }
 
+// static
+bool PermissionsData::UrlIsRestricted(const GURL& document_url,

[meacer, 2014/06/25 21:24:25]

Would these schemes/urls be covered by this method?

- about:settings, about:version etc.
- view-source:
- data:
- chrome-devtools: (can you debug the debugger?)
- filesystem:
- mailto: or any external protocol (not sure what happens if you try to debug
them)

[not at google - send to devlin, 2014/06/25 21:26:27]

oh, good point. we should also check the whitelisted set of origins, which is
checked on extension installation, but we should check here tool.

[Devlin, 2014/06/25 23:30:00]

Done.

+                                      const GURL& top_frame_url,
+                                      const Extension* extension,
+                                      std::string* error) {
+  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);

[not at google - send to devlin, 2014/06/25 20:42:17]

this is a bit silly, because every condition checks
!can_execute_script_everywhere. so we can save a bunch of lines of code by just
doing

if (CanExecuteScriptEverywhere(extension)) {
  return false;
}

and not worry about |can_execute_script_everywhere|

[Devlin, 2014/06/25 23:30:00]

Done.

+  if (!can_execute_everywhere &&
+      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
+    return true;
+  }
+
+  bool has_switch = base::CommandLine::ForCurrentProcess()->HasSwitch(

[not at google - send to devlin, 2014/06/25 20:42:17]

please call this allow_chrome_urls or something.

[Devlin, 2014/06/25 23:30:00]

Done.

+                        switches::kExtensionsOnChromeURLs);
+  if (document_url.SchemeIs(content::kChromeUIScheme) &&
+      !can_execute_everywhere &&
+      !has_switch) {
+    if (error)
+      *error = manifest_errors::kCannotAccessChromeUrl;
+    return true;
+  }
+
+  if (top_frame_url.SchemeIs(kExtensionScheme) &&
+      top_frame_url.host() != extension->id() &&
+      !can_execute_everywhere &&
+      !has_switch) {
+    if (error)
+      *error = manifest_errors::kCannotAccessExtensionUrl;
+    return true;
+  }
+
+  return false;
+}
+
 void PermissionsData::SetActivePermissions(
     const PermissionSet* permissions) const {
   base::AutoLock auto_lock(runtime_lock_);
@@ -283,30 +316,8 @@ bool PermissionsData::CanRunOnPage(const Extension* extension,
     return false;
   }
 
-  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);
-  if (!can_execute_everywhere &&
-      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
-    return false;
-  }
-
-  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kExtensionsOnChromeURLs)) {
-    if (document_url.SchemeIs(content::kChromeUIScheme) &&
-        !can_execute_everywhere) {
-      if (error)
-        *error = manifest_errors::kCannotAccessChromeUrl;
-      return false;
-    }
-  }
-
-  if (top_frame_url.SchemeIs(kExtensionScheme) &&
-      top_frame_url.GetOrigin() !=
-          Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() &&
-      !can_execute_everywhere) {
-    if (error)
-      *error = manifest_errors::kCannotAccessExtensionUrl;
+  if (UrlIsRestricted(document_url, top_frame_url, extension, error))
     return false;
-  }
 
   if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url))
     return true;