Don't clear the activeTab permission for same-origin navigations when the

chrome/browser/extensions/active_script_controller_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <map>
 
 #include "base/values.h"
 #include "chrome/browser/extensions/active_script_controller.h"
 #include "chrome/browser/extensions/active_tab_permission_granter.h"
 #include "chrome/browser/extensions/extension_util.h"
@@ skipping 176 matching lines @@
   controller()->OnClicked(extension);
 
   // The extension should execute, and the action should go away.
   EXPECT_EQ(1u, GetExecutionCountForExtension(extension->id()));
   EXPECT_FALSE(controller()->GetActionForExtension(extension));
 
   // Since we already executed on the given page, we shouldn't need permission
   // for a second time.
   EXPECT_FALSE(RequiresUserConsent(extension));
 
-  // Reloading should clear those permissions, and we should again require user
-  // consent.
+  // Reloading and same-origin navigations shouldn't clear those permissions,
+  // and we shouldn't require user constent again.
   Reload();
+  EXPECT_FALSE(RequiresUserConsent(extension));
+  NavigateAndCommit(GURL("https://www.google.com/foo"));
+  EXPECT_FALSE(RequiresUserConsent(extension));
+  NavigateAndCommit(GURL("https://www.google.com/bar"));
+  EXPECT_FALSE(RequiresUserConsent(extension));
+
+  // Cross-origin navigations should clear permissions.
+  NavigateAndCommit(GURL("https://otherdomain.google.com"));
   EXPECT_TRUE(RequiresUserConsent(extension));
 
   // Grant access.
   RequestInjection(extension);
   controller()->OnClicked(extension);
   EXPECT_EQ(2u, GetExecutionCountForExtension(extension->id()));
   EXPECT_FALSE(controller()->GetActionForExtension(extension));
 
   // Navigating to another site should also clear the permissions.
   NavigateAndCommit(GURL("https://www.foo.com"));
@@ skipping 63 matching lines @@
           ->active_tab_permission_granter();
   ASSERT_TRUE(active_tab_permission_granter);
   // Grant the extension active tab permissions. This normally happens, e.g.,
   // if the user clicks on a browser action.
   active_tab_permission_granter->GrantIfRequested(extension);
 
   // Since we have active tab permissions, we shouldn't need user consent
   // anymore.
   EXPECT_FALSE(RequiresUserConsent(extension));
 
-  // Also test that granting active tab runs any pending tasks.
+  // Reloading and other same-origin navigations maintain the permission to
+  // execute.
   Reload();
-  // Navigating should mean we need permission again.
+  EXPECT_FALSE(RequiresUserConsent(extension));
+  NavigateAndCommit(GURL("https://www.google.com/foo"));
+  EXPECT_FALSE(RequiresUserConsent(extension));
+  NavigateAndCommit(GURL("https://www.google.com/bar"));
+  EXPECT_FALSE(RequiresUserConsent(extension));
+
+  // Navigating to a different origin will require user consent again.
+  NavigateAndCommit(GURL("https://yahoo.com"));
+  EXPECT_TRUE(RequiresUserConsent(extension));
+
+  // Back to the original origin should also re-require constent.
+  NavigateAndCommit(GURL("https://www.google.com"));
   EXPECT_TRUE(RequiresUserConsent(extension));
 
   RequestInjection(extension);
   EXPECT_TRUE(controller()->GetActionForExtension(extension));
   EXPECT_EQ(0u, GetExecutionCountForExtension(extension->id()));
 
   // Grant active tab.
   active_tab_permission_granter->GrantIfRequested(extension);
 
   // The pending injections should have run since active tab permission was
@@ skipping 20 matching lines @@
   // Turning off the preference should have instant effect.
   util::SetAllowedScriptingOnAllUrls(extension->id(), profile(), false);
   EXPECT_TRUE(RequiresUserConsent(extension));
 
   // And should also persist across navigations and websites.
   NavigateAndCommit(GURL("http://www.bar.com"));
   EXPECT_TRUE(RequiresUserConsent(extension));
 }
 
 }  // namespace extensions