chrome/browser/extensions/active_script_controller.cc - Issue 396033002: Support "always allow" for runtime script execution

Side by Side Diff: chrome/browser/extensions/active_script_controller.cc

Issue 396033002: Support "always allow" for runtime script execution (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Discriminate between explicit and scriptable hosts, other minor changes Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/extensions/active_script_controller.h ('k') | chrome/browser/extensions/active_script_controller_unittest.cc » ('j') | chrome/browser/extensions/active_script_controller_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/extensions/active_script_controller.h"	5 #include "chrome/browser/extensions/active_script_controller.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/bind_helpers.h"	8 #include "base/bind_helpers.h"

9 #include "base/memory/scoped_ptr.h"	9 #include "base/memory/scoped_ptr.h"

10 #include "base/metrics/histogram.h"	10 #include "base/metrics/histogram.h"

11 #include "base/stl_util.h"	11 #include "base/stl_util.h"

12 #include "chrome/browser/extensions/active_tab_permission_granter.h"	12 #include "chrome/browser/extensions/active_tab_permission_granter.h"

13 #include "chrome/browser/extensions/extension_action.h"	13 #include "chrome/browser/extensions/extension_action.h"

14 #include "chrome/browser/extensions/extension_util.h"	14 #include "chrome/browser/extensions/extension_util.h"

15 #include "chrome/browser/extensions/location_bar_controller.h"	15 #include "chrome/browser/extensions/location_bar_controller.h"

	16 #include "chrome/browser/extensions/permissions_updater.h"

16 #include "chrome/browser/extensions/tab_helper.h"	17 #include "chrome/browser/extensions/tab_helper.h"

	18 #include "chrome/browser/profiles/profile.h"

17 #include "chrome/browser/sessions/session_id.h"	19 #include "chrome/browser/sessions/session_id.h"

18 #include "chrome/common/extensions/api/extension_action/action_info.h"	20 #include "chrome/common/extensions/api/extension_action/action_info.h"

19 #include "content/public/browser/navigation_controller.h"	21 #include "content/public/browser/navigation_controller.h"

20 #include "content/public/browser/navigation_entry.h"	22 #include "content/public/browser/navigation_entry.h"

21 #include "content/public/browser/render_view_host.h"	23 #include "content/public/browser/render_view_host.h"

22 #include "content/public/browser/web_contents.h"	24 #include "content/public/browser/web_contents.h"

	25 #include "extensions/browser/extension_prefs.h"

23 #include "extensions/browser/extension_registry.h"	26 #include "extensions/browser/extension_registry.h"

24 #include "extensions/common/extension.h"	27 #include "extensions/common/extension.h"

25 #include "extensions/common/extension_messages.h"	28 #include "extensions/common/extension_messages.h"

26 #include "extensions/common/extension_set.h"	29 #include "extensions/common/extension_set.h"

27 #include "extensions/common/feature_switch.h"	30 #include "extensions/common/feature_switch.h"

28 #include "extensions/common/manifest.h"	31 #include "extensions/common/manifest.h"

	32 #include "extensions/common/manifest_handlers/permissions_parser.h"

	33 #include "extensions/common/permissions/permission_set.h"

29 #include "extensions/common/permissions/permissions_data.h"	34 #include "extensions/common/permissions/permissions_data.h"

30 #include "ipc/ipc_message_macros.h"	35 #include "ipc/ipc_message_macros.h"

31	36

32 namespace extensions {	37 namespace extensions {

33	38

34 namespace {	39 namespace {

35	40

36 // Returns true if the extension should be regarded as a "permitted" extension	41 // Returns true if the extension should be regarded as a "permitted" extension

37 // for the case of metrics. We need this because we only actually withhold	42 // for the case of metrics. We need this because we only actually withhold

38 // permissions if the switch is enabled, but want to record metrics in all	43 // permissions if the switch is enabled, but want to record metrics in all

(...skipping 54 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
93 ad_injectors, permitted_extensions_).size();	98 ad_injectors, permitted_extensions_).size();

94	99

95 UMA_HISTOGRAM_COUNTS_100(	100 UMA_HISTOGRAM_COUNTS_100(

96 "Extensions.ActiveScriptController.PreventableAdInjectors",	101 "Extensions.ActiveScriptController.PreventableAdInjectors",

97 num_preventable_ad_injectors);	102 num_preventable_ad_injectors);

98 UMA_HISTOGRAM_COUNTS_100(	103 UMA_HISTOGRAM_COUNTS_100(

99 "Extensions.ActiveScriptController.UnpreventableAdInjectors",	104 "Extensions.ActiveScriptController.UnpreventableAdInjectors",

100 ad_injectors.size() - num_preventable_ad_injectors);	105 ad_injectors.size() - num_preventable_ad_injectors);

101 }	106 }

102	107

	108 void ActiveScriptController::AddPersistedPermission(

	109 const Extension* extension) {

	110 // Allow current tab to run injection.

	111 OnClicked(extension);
	not at google - send to devlin 2014/08/01 18:15:12 it might be safer to do this at the end in case so it might be safer to do this at the end in case some logic turns around and expects the new host permissions are in place? gpdavis 2014/08/01 20:06:06 Sure thing. Show quoted text On 2014/08/01 18:15:12, kalman wrote: > it might be safer to do this at the end in case some logic turns around and > expects the new host permissions are in place? Sure thing.
	112

	113 GURL url = web_contents()->GetVisibleURL();

	114 URLPattern pattern(extensions::UserScript::ValidUserScriptSchemes());

	115 pattern.SetScheme(url.scheme());

	116 pattern.SetHost(url.host());

	117 pattern.SetPath("/*");

	118

	119 extensions::URLPatternSet new_explicit_hosts;

	120 extensions::URLPatternSet new_scriptable_hosts;

	121

	122 scoped_refptr<const PermissionSet> permissions(

	123 PermissionsParser::GetRequiredPermissions(extension));
	not at google - send to devlin 2014/08/01 18:15:11 shouldn't this be querying the withheld permission shouldn't this be querying the withheld permissions? there's no point granting an extension permissions it already has. scoped_refptr<const PermissionSet> withheld_permissions = extension->permissions_data()->withheld_permissions(); (note that withheld is a subset of required at the moment, so your code works, but they won't always be.) gpdavis 2014/08/01 20:06:06 That seems reasonable. I chose RequiredPermission Show quoted text On 2014/08/01 18:15:11, kalman wrote: > shouldn't this be querying the withheld permissions? there's no point granting > an extension permissions it already has. > > scoped_refptr<const PermissionSet> withheld_permissions = > extension->permissions_data()->withheld_permissions(); > > (note that withheld is a subset of required at the moment, so your code works, > but they won't always be.) That seems reasonable. I chose RequiredPermissions because I was under the impression that this corresponded to the manifest permissions that don't change: https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... I was essentially trying to find out if the host matches anything in either the "permissions" key, or the "content_scripts" key (which is populated via SetScriptableHosts before Finalize is called). I suppose it does make more sense to just check the withheld permissions considering that's how we got into this section of code in the first place. I'll do that.
	124 if (permissions->explicit_hosts().MatchesURL(url))

	125 new_explicit_hosts.AddPattern(pattern);

	126 if (permissions->scriptable_hosts().MatchesURL(url))

	127 new_scriptable_hosts.AddPattern(pattern);

	128

	129 scoped_refptr<extensions::PermissionSet> new_permissions =

	130 new extensions::PermissionSet(extensions::APIPermissionSet(),

	131 extensions::ManifestPermissionSet(),

	132 new_explicit_hosts,

	133 new_scriptable_hosts);

	134

	135 // Update active permissions for the session.

	136 extensions::PermissionsUpdater updater(

	137 Profile::FromBrowserContext(web_contents()->GetBrowserContext()));

	138 updater.AddPermissions(extension, new_permissions.get());

	139
	not at google - send to devlin 2014/08/01 18:15:11 we should add UMA for this. I think a useful metri we should add UMA for this. I think a useful metric would be how many pages the user has persisted permissions for (after this method executes of course), which you can approximate using the size of the effective permission set: UMA_HISTOGRAM_COUNTS_100( "Extensions.ActiveScriptController.PersistedPermissionCount", extensions()->permissions_data()->GetEffectiveHostPermissions().size()); gpdavis 2014/08/01 20:06:06 Okay, sure. Should I add both you and devlin as o Show quoted text On 2014/08/01 18:15:11, kalman wrote: > we should add UMA for this. I think a useful metric would be how many pages the > user has persisted permissions for (after this method executes of course), which > you can approximate using the size of the effective permission set: > > UMA_HISTOGRAM_COUNTS_100( > "Extensions.ActiveScriptController.PersistedPermissionCount", > extensions()->permissions_data()->GetEffectiveHostPermissions().size()); Okay, sure. Should I add both you and devlin as owners in histograms.xml? not at google - send to devlin 2014/08/04 23:53:13 no, histograms.xml has its own owners. git-cl uplo Show quoted text On 2014/08/01 20:06:06, gpdavis wrote: > On 2014/08/01 18:15:11, kalman wrote: > > we should add UMA for this. I think a useful metric would be how many pages > the > > user has persisted permissions for (after this method executes of course), > which > > you can approximate using the size of the effective permission set: > > > > UMA_HISTOGRAM_COUNTS_100( > > "Extensions.ActiveScriptController.PersistedPermissionCount", > > extensions()->permissions_data()->GetEffectiveHostPermissions().size()); > > Okay, sure. Should I add both you and devlin as owners in histograms.xml? no, histograms.xml has its own owners. git-cl upload should suggest a reviewer for that. gpdavis 2014/08/07 20:50:39 Oh, no, I meant for the <owner></owner> tags in th Show quoted text On 2014/08/04 23:53:13, kalman wrote: > On 2014/08/01 20:06:06, gpdavis wrote: > > On 2014/08/01 18:15:11, kalman wrote: > > > we should add UMA for this. I think a useful metric would be how many pages > > the > > > user has persisted permissions for (after this method executes of course), > > which > > > you can approximate using the size of the effective permission set: > > > > > > UMA_HISTOGRAM_COUNTS_100( > > > "Extensions.ActiveScriptController.PersistedPermissionCount", > > > extensions()->permissions_data()->GetEffectiveHostPermissions().size()); > > > > Okay, sure. Should I add both you and devlin as owners in histograms.xml? > > no, histograms.xml has its own owners. git-cl upload should suggest a reviewer > for that. Oh, no, I meant for the <owner></owner> tags in the file itself (see the histograms.xml diff in the next patch set). not at google - send to devlin 2014/08/08 14:31:28 I thought I replied to this question. yes, <owner> Show quoted text On 2014/08/07 20:50:39, gpdavis wrote: > On 2014/08/04 23:53:13, kalman wrote: > > On 2014/08/01 20:06:06, gpdavis wrote: > > > On 2014/08/01 18:15:11, kalman wrote: > > > > we should add UMA for this. I think a useful metric would be how many > pages > > > the > > > > user has persisted permissions for (after this method executes of course), > > > which > > > > you can approximate using the size of the effective permission set: > > > > > > > > UMA_HISTOGRAM_COUNTS_100( > > > > "Extensions.ActiveScriptController.PersistedPermissionCount", > > > > > extensions()->permissions_data()->GetEffectiveHostPermissions().size()); > > > > > > Okay, sure. Should I add both you and devlin as owners in histograms.xml? > > > > no, histograms.xml has its own owners. git-cl upload should suggest a reviewer > > for that. > > Oh, no, I meant for the <owner></owner> tags in the file itself (see the > histograms.xml diff in the next patch set). I thought I replied to this question. yes, <owner> tag. gpdavis 2014/08/08 18:07:34 I added this comment right before I added the one Show quoted text On 2014/08/08 14:31:28, kalman wrote: > On 2014/08/07 20:50:39, gpdavis wrote: > > On 2014/08/04 23:53:13, kalman wrote: > > > On 2014/08/01 20:06:06, gpdavis wrote: > > > > On 2014/08/01 18:15:11, kalman wrote: > > > > > we should add UMA for this. I think a useful metric would be how many > > pages > > > > the > > > > > user has persisted permissions for (after this method executes of > course), > > > > which > > > > > you can approximate using the size of the effective permission set: > > > > > > > > > > UMA_HISTOGRAM_COUNTS_100( > > > > > "Extensions.ActiveScriptController.PersistedPermissionCount", > > > > > > > extensions()->permissions_data()->GetEffectiveHostPermissions().size()); > > > > > > > > Okay, sure. Should I add both you and devlin as owners in histograms.xml? > > > > > > no, histograms.xml has its own owners. git-cl upload should suggest a > reviewer > > > for that. > > > > Oh, no, I meant for the <owner></owner> tags in the file itself (see the > > histograms.xml diff in the next patch set). > > I thought I replied to this question. yes, <owner> tag. I added this comment right before I added the one you responded to :)
	140 // Update persisted permissions for extension.
	not at google - send to devlin 2014/08/01 18:15:12 PermissionsUpdater should already do this? PermissionsUpdater should already do this? gpdavis 2014/08/01 20:06:06 Update Persisted Permissions? The updater adds to Show quoted text On 2014/08/01 18:15:12, kalman wrote: > PermissionsUpdater should already do this? Update Persisted Permissions? The updater adds to active permissions so that the extension has permission to inject scripts right away. Then we add to persisted permissions, which are loaded into active permissions when we InitializePermissions at the start of a new session: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... Without the first update (active), we grant active tab permissions, but the extension requests permission to inject on the same host in a different tab. It's not until the browser is restarted that the extension is always allowed to inject on that host. Without the second update (persisted), the extension needs permission again for that host when the browser is restarted. Hopefully this explanation makes sense without being too verbose, but I'd be more than happy to clarify further. not at google - send to devlin 2014/08/04 23:53:13 I mean PermissionsUpdater::AddPermissions: https: Show quoted text On 2014/08/01 20:06:06, gpdavis wrote: > On 2014/08/01 18:15:12, kalman wrote: > > PermissionsUpdater should already do this? > > Update Persisted Permissions? > > The updater adds to active permissions so that the extension has permission to > inject scripts right away. Then we add to persisted permissions, which are > loaded into active permissions when we InitializePermissions at the start of a > new session: > > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > Without the first update (active), we grant active tab permissions, but the > extension requests permission to inject on the same host in a different tab. > It's not until the browser is restarted that the extension is always allowed to > inject on that host. Without the second update (persisted), the extension needs > permission again for that host when the browser is restarted. > > Hopefully this explanation makes sense without being too verbose, but I'd be > more than happy to clarify further. I mean PermissionsUpdater::AddPermissions: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... I don't quite follow your explanation, sorry. It looks to me like in the code above calling AddPermissions does persist the permissions: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext.... Perhaps answer this: how is this different from granting optional permissions? (it looks like you might have to take into account withheld permissions in GetBoundedActivePermissions: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext...) gpdavis 2014/08/07 20:50:39 Ahh, I see what you're saying. AddPermissions alr Show quoted text On 2014/08/04 23:53:13, kalman wrote: > On 2014/08/01 20:06:06, gpdavis wrote: > > On 2014/08/01 18:15:12, kalman wrote: > > > PermissionsUpdater should already do this? > > > > Update Persisted Permissions? > > > > The updater adds to active permissions so that the extension has permission to > > inject scripts right away. Then we add to persisted permissions, which are > > loaded into active permissions when we InitializePermissions at the start of a > > new session: > > > > > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > > > Without the first update (active), we grant active tab permissions, but the > > extension requests permission to inject on the same host in a different tab. > > It's not until the browser is restarted that the extension is always allowed > to > > inject on that host. Without the second update (persisted), the extension > needs > > permission again for that host when the browser is restarted. > > > > Hopefully this explanation makes sense without being too verbose, but I'd be > > more than happy to clarify further. > > > I mean PermissionsUpdater::AddPermissions: > > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > I don't quite follow your explanation, sorry. It looks to me like in the code > above calling AddPermissions does persist the permissions: > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext.... > > Perhaps answer this: how is this different from granting optional permissions? > > (it looks like you might have to take into account withheld permissions in > GetBoundedActivePermissions: > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext...) Ahh, I see what you're saying. AddPermissions already adds to granted_permissions. But the problem is that this isn't consulted when the permissions are initialized: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... So these aren't really persisted, because they're not loaded into active permissions at the start of a new session. But I understand what you're saying now. I'll upload a patch set with a solution that doesn't involve persisted permissions, so refer to my comment in the new patch set and we'll see if it's reasonable. not at google - send to devlin 2014/08/07 22:03:45 It looks like GetBoundedActivePermissions reads in Show quoted text > Ahh, I see what you're saying. AddPermissions already adds to > granted_permissions. But the problem is that this isn't consulted when the > permissions are initialized: > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > So these aren't really persisted, because they're not loaded into active > permissions at the start of a new session. But I understand what you're saying > now. I'll upload a patch set with a solution that doesn't involve persisted > permissions, so refer to my comment in the new patch set and we'll see if it's > reasonable. It looks like GetBoundedActivePermissions reads in the active permissions from prefs. That's this: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... and given this "always run" should be saving to the active permissions in prefs, it should be loaded. am I understanding you correctly? if this isn't working something is going wrong with this required vs withheld permission stuff. check to see what the active permissions end up in prefs. given an extension with permissions: http:/// optional_permissions: https:/// Preferences should show permissions: http:/// optional_permissions: https:/// active_permissions: [] because they got withheld. then you should be able to go to http://example.com, see an always-run button, click it, then see in Preferenes permissions: http:/// optional_permissions: https:/// active_permissions: ["http://example.com/"] then reload and see it agian. gpdavis* 2014/08/07 23:23:36 I believe this is the line that's causing problems Show quoted text On 2014/08/07 22:03:45, kalman wrote: > > Ahh, I see what you're saying. AddPermissions already adds to > > granted_permissions. But the problem is that this isn't consulted when the > > permissions are initialized: > > > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > > > So these aren't really persisted, because they're not loaded into active > > permissions at the start of a new session. But I understand what you're > saying > > now. I'll upload a patch set with a solution that doesn't involve persisted > > permissions, so refer to my comment in the new patch set and we'll see if it's > > reasonable. > > It looks like GetBoundedActivePermissions reads in the active permissions from > prefs. That's this: > > https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... > > and given this "always run" should be saving to the active permissions in prefs, > it should be loaded. > > am I understanding you correctly? > > if this isn't working something is going wrong with this required vs withheld > permission stuff. check to see what the active permissions end up in prefs. > given an extension with > > permissions: http:/// > optional_permissions: https:/// > > Preferences should show > > permissions: http:/// > optional_permissions: https:/// > active_permissions: [] > > because they got withheld. > > then you should be able to go to http://example.com, see an always-run button, > click it, then see in Preferenes > > permissions: http:/// > optional_permissions: https:/// > active_permissions: ["http://example.com/"] > > then reload and see it agian. I believe this is the line that's causing problems: https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext... The host does indeed show up in the active permissions in preferences. However, I believe they're getting filtered out because GetBoundedActivePermissions creates this intersection; http://example.com doesn't end up in the Bounded Permissions because it's not a part of the manifest default or optional permissions. "// a) active permissions must be a subset of optional + default permissions" So what I was doing was going through and explicitly taking values from granted permissions and passing them to SetPermissions as active permissions. Does this make more sense? If I hit the always-run button for a host and trace it, it ends up in the active_permissions of Preferences, but after GetBoundedActivePermissions is called in InitializePermissions (https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext...), it no longer exists, and I believe the above reason is why; it gets shaved off because it's not a part of the extension's required or optional permissions. not at google - send to devlin* 2014/08/08 00:24:29 ah I see. so that condition needs to take into acc Show quoted text > The host does indeed show up in the active permissions in preferences. However, > I believe they're getting filtered out because GetBoundedActivePermissions > creates this intersection; http://example.com doesn't end up in the Bounded > Permissions because it's not a part of the manifest default or optional > permissions. > > "// a) active permissions must be a subset of optional + default permissions" > > So what I was doing was going through and explicitly taking values from granted > permissions and passing them to SetPermissions as active permissions. > > Does this make more sense? > > If I hit the always-run button for a host and trace it, it ends up in the > active_permissions of Preferences, but after GetBoundedActivePermissions is > called in InitializePermissions > (https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext...), > it no longer exists, and I believe the above reason is why; it gets shaved off > because it's not a part of the extension's required or optional permissions. ah I see. so that condition needs to take into account withheld permissions as well? gpdavis 2014/08/08 00:51:43 You mean as a part of the bound, meaning that acti Show quoted text On 2014/08/08 00:24:29, kalman wrote: > > > The host does indeed show up in the active permissions in preferences. > However, > > I believe they're getting filtered out because GetBoundedActivePermissions > > creates this intersection; http://example.com doesn't end up in the Bounded > > Permissions because it's not a part of the manifest default or optional > > permissions. > > > > "// a) active permissions must be a subset of optional + default permissions" > > > > So what I was doing was going through and explicitly taking values from > granted > > permissions and passing them to SetPermissions as active permissions. > > > > Does this make more sense? > > > > If I hit the always-run button for a host and trace it, it ends up in the > > active_permissions of Preferences, but after GetBoundedActivePermissions is > > called in InitializePermissions > > > (https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/ext...), > > it no longer exists, and I believe the above reason is why; it gets shaved off > > because it's not a part of the extension's required or optional permissions. > > ah I see. so that condition needs to take into account withheld permissions as > well? You mean as a part of the bound, meaning that active permissions are a part of the bounded active permissions if they're a subset of required, optional, and withheld? The problem is that if we have a withheld permission that implies all hosts, we're gonna get a script injection request for a particular site (http://example.com). Upon granting, http://example.com will be added to active permissions. Then this won't work, because the specific host won't be part of the subset, as http://example.com isn't found in the withheld permissions; the permission that implies all hosts is. This is why I made the separate method to add non-all-host permissions from granted to active. not at google - send to devlin 2014/08/08 14:31:28 ah I see the confusion here, on both our parts. in Show quoted text > You mean as a part of the bound, meaning that active permissions are a part of > the bounded active permissions if they're a subset of required, optional, and > withheld? > > The problem is that if we have a withheld permission that implies all hosts, > we're gonna get a script injection request for a particular site > (http://example.com). Upon granting, http://example.com will be added to active > permissions. Then this won't work, because the specific host won't be part of > the subset, as http://example.com isn't found in the withheld permissions; the > permission that implies all hosts is. > > This is why I made the separate method to add non-all-host permissions from > granted to active. ah I see the confusion here, on both our parts. in most cases host permissions are aware that http://example.com is within <all_urls>. If you were to do (taking {...} as URLPatternSet notation): {http://example.com/, https://google.com/} U {http:///} you should get {http:///, https://google.com/} not {http://example.com/, https://google.com/, http:///} likewise intersection would be {http://example.com/} not {} and this should be carried through to the permission set level. but it doesn't look like it is: https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... --> https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... i.e. it uses STLSetIntersection not URLPatternSet intersection. now I thought it had been fixed, and my memory was almost correct, except that it didn't actually get committed: https://codereview.chromium.org/181043006/ so... hmm! that's problematic. I'll follow up on that today. gpdavis 2014/08/08 18:07:34 Ah! That does make a lot of sense. I wonder why Show quoted text On 2014/08/08 14:31:28, kalman wrote: > > You mean as a part of the bound, meaning that active permissions are a part of > > the bounded active permissions if they're a subset of required, optional, and > > withheld? > > > > The problem is that if we have a withheld permission that implies all hosts, > > we're gonna get a script injection request for a particular site > > (http://example.com). Upon granting, http://example.com will be added to > active > > permissions. Then this won't work, because the specific host won't be part of > > the subset, as http://example.com isn't found in the withheld permissions; the > > permission that implies all hosts is. > > > > This is why I made the separate method to add non-all-host permissions from > > granted to active. > > ah I see the confusion here, on both our parts. in most cases host permissions > are aware that http://example.com is within <all_urls>. If you were to do > (taking {...} as URLPatternSet notation): > > {http://example.com/, https://google.com/%7D U {http:///} > > you should get > > {http:///, https://google.com/%7D > > not > > {http://example.com/, https://google.com/, http:///} > > likewise intersection would be > > {http://example.com/} not {} > > and this should be carried through to the permission set level. but it doesn't > look like it is: > > https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... > --> > https://code.google.com/p/chromium/codesearch#chromium/src/extensions/common/... > > i.e. it uses STLSetIntersection not URLPatternSet intersection. > > now I thought it had been fixed, and my memory was almost correct, except that > it didn't actually get committed: > > https://codereview.chromium.org/181043006/ > > so... hmm! that's problematic. I'll follow up on that today. Ah! That does make a lot of sense. I wonder why that patch never went through... So I guess with that fixed, this will be simple.
	141 extensions::ExtensionPrefs* prefs =

	142 extensions::ExtensionPrefs::Get(web_contents()->GetBrowserContext());

	143 prefs->ClearPersistedPermissions(extension->id());

	144 prefs->AddPersistedPermission(extension->id(), new_permissions.get());

	145 }

	146

	147 bool ActiveScriptController::HasActiveScriptAction(

	148 const Extension* extension) {

	149 if (!enabled_ \|\| pending_requests_.count(extension->id()) == 0)
	not at google - send to devlin 2014/08/01 18:15:12 why this second check? again while it seems like c why this second check? again while it seems like checking it won't be a bug, but the \|active_script_actions_\| check below is a more idiomatic check. this whole method can be return enabled_ && active_script_actions_.count(extension->id()) > 0; gpdavis 2014/08/01 20:06:06 Ah, I see. That makes sense. I guess I was going Show quoted text On 2014/08/01 18:15:12, kalman wrote: > why this second check? again while it seems like checking it won't be a bug, but > the \|active_script_actions_\| check below is a more idiomatic check. > > this whole method can be > > return enabled_ && active_script_actions_.count(extension->id()) > 0; Ah, I see. That makes sense. I guess I was going for a preliminary check with this line, but I think I misinterpreted it, because it does make a lot more sense to just check active_script_actions_.
	150 return false; // No action for this extension.

	151

	152 ActiveScriptMap::iterator existing =

	153 active_script_actions_.find(extension->id());

	154 return existing != active_script_actions_.end();

	155 }

	156

103 ExtensionAction* ActiveScriptController::GetActionForExtension(	157 ExtensionAction* ActiveScriptController::GetActionForExtension(

104 const Extension* extension) {	158 const Extension* extension) {

105 if (!enabled_ \|\| pending_requests_.count(extension->id()) == 0)	159 if (!enabled_ \|\| pending_requests_.count(extension->id()) == 0)

106 return NULL; // No action for this extension.	160 return NULL; // No action for this extension.

107	161

108 ActiveScriptMap::iterator existing =	162 ActiveScriptMap::iterator existing =

109 active_script_actions_.find(extension->id());	163 active_script_actions_.find(extension->id());

110 if (existing != active_script_actions_.end())	164 if (existing != active_script_actions_.end())

111 return existing->second.get();	165 return existing->second.get();

112	166

(...skipping 200 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
313 UMA_HISTOGRAM_COUNTS_100(	367 UMA_HISTOGRAM_COUNTS_100(

314 "Extensions.ActiveScriptController.PermittedExtensions",	368 "Extensions.ActiveScriptController.PermittedExtensions",

315 permitted_extensions_.size());	369 permitted_extensions_.size());

316 UMA_HISTOGRAM_COUNTS_100(	370 UMA_HISTOGRAM_COUNTS_100(

317 "Extensions.ActiveScriptController.DeniedExtensions",	371 "Extensions.ActiveScriptController.DeniedExtensions",

318 pending_requests_.size());	372 pending_requests_.size());

319 }	373 }

320 }	374 }

321	375

322 } // namespace extensions	376 } // namespace extensions

OLD	NEW