Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(586)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/renderer/dispatcher.cc

Issue 498513002: Respect the clipboardRead and clipboardWrite permissions in content scripts. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address comments Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/renderer/content_settings_observer.cc ('K') | « extensions/renderer/dispatcher.h ('k') | extensions/renderer/dispatcher_delegate.h » ('j') | extensions/renderer/script_context.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/renderer/dispatcher.h" 5 #include "extensions/renderer/dispatcher.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/callback.h" 8 #include "base/callback.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/debug/alias.h" 10 #include "base/debug/alias.h"
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
212 } 212 }
213 213
214 bool Dispatcher::IsExtensionActive(const std::string& extension_id) const { 214 bool Dispatcher::IsExtensionActive(const std::string& extension_id) const {
215 bool is_active = 215 bool is_active =
216 active_extension_ids_.find(extension_id) != active_extension_ids_.end(); 216 active_extension_ids_.find(extension_id) != active_extension_ids_.end();
217 if (is_active) 217 if (is_active)
218 CHECK(extensions_.Contains(extension_id)); 218 CHECK(extensions_.Contains(extension_id));
219 return is_active; 219 return is_active;
220 } 220 }
221 221
222 std::string Dispatcher::GetExtensionID(const WebFrame* frame, int world_id) { 222 const Extension* Dispatcher::GetExtensionFromFrameAndWorld(
223 const WebFrame* frame,
224 int world_id,
225 bool use_effective_url) {
223 if (world_id != 0) { 226 if (world_id != 0) {
224 // Isolated worlds (content script). 227 // Isolated worlds (content script).
225 return ScriptInjection::GetExtensionIdForIsolatedWorld(world_id); 228 std::string extension_id =
229 ScriptInjection::GetExtensionIdForIsolatedWorld(world_id);
230 const Extension* extension = extensions_.GetByID(extension_id);
231 if (!extension && !extension_id.empty()) {
232 // There are conditions where despite a context being associated with an
233 // extension, no extension actually gets found. Ignore "invalid" because
234 // CSP blocks extension page loading by switching the extension ID to
235 // "invalid". This isn't interesting.
236 if (extension_id != "invalid") {
237 LOG(ERROR) << "Extension \"" << extension_id << "\" not found";
238 RenderThread::Get()->RecordAction(
239 UserMetricsAction("ExtensionNotFound_ED"));
240 }
241 }
242 return extension;
226 } 243 }
227 244
228 // TODO(kalman): Delete this check. 245 // TODO(kalman): Delete this check.
229 if (frame->document().securityOrigin().isUnique()) 246 if (frame->document().securityOrigin().isUnique())
230 return std::string(); 247 return 0;
231 248
232 // Extension pages (chrome-extension:// URLs). 249 // Extension pages (chrome-extension:// URLs).
233 GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame); 250 GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame);
234 return extensions_.GetExtensionOrAppIDByURL(frame_url); 251 frame_url = ScriptContext::GetEffectiveDocumentURL(
252 frame, frame_url, use_effective_url);
253 return extensions_.GetExtensionOrAppByURL(frame_url);
235 } 254 }
236 255
237 void Dispatcher::DidCreateScriptContext( 256 void Dispatcher::DidCreateScriptContext(
238 WebFrame* frame, 257 WebFrame* frame,
239 const v8::Handle<v8::Context>& v8_context, 258 const v8::Handle<v8::Context>& v8_context,
240 int extension_group, 259 int extension_group,
241 int world_id) { 260 int world_id) {
242 #if !defined(ENABLE_EXTENSIONS) 261 #if !defined(ENABLE_EXTENSIONS)
243 return; 262 return;
244 #endif 263 #endif
245 264
246 std::string extension_id = GetExtensionID(frame, world_id); 265 const Extension* extension =
266 GetExtensionFromFrameAndWorld(frame, world_id, false);
267 const Extension* effective_extension =
268 GetExtensionFromFrameAndWorld(frame, world_id, true);
247 269
248 const Extension* extension = extensions_.GetByID(extension_id); 270 GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame);
249 if (!extension && !extension_id.empty()) {
250 // There are conditions where despite a context being associated with an
251 // extension, no extension actually gets found. Ignore "invalid" because
252 // CSP blocks extension page loading by switching the extension ID to
253 // "invalid". This isn't interesting.
254 if (extension_id != "invalid") {
255 LOG(ERROR) << "Extension \"" << extension_id << "\" not found";
256 RenderThread::Get()->RecordAction(
257 UserMetricsAction("ExtensionNotFound_ED"));
258 }
259
260 extension_id = "";
261 }
262
263 Feature::Context context_type = 271 Feature::Context context_type =
264 ClassifyJavaScriptContext(extension, 272 ClassifyJavaScriptContext(extension,
265 extension_group, 273 extension_group,
266 ScriptContext::GetDataSourceURLForFrame(frame), 274 frame_url,
267 frame->document().securityOrigin()); 275 frame->document().securityOrigin());
276 Feature::Context effective_context_type = ClassifyJavaScriptContext(
277 effective_extension,
278 extension_group,
279 ScriptContext::GetEffectiveDocumentURL(frame, frame_url, true),
280 frame->document().securityOrigin());
268 281
269 ScriptContext* context = 282 ScriptContext* context =
270 delegate_->CreateScriptContext(v8_context, frame, extension, context_type) 283 delegate_->CreateScriptContext(v8_context,
271 .release(); 284 frame,
285 extension,
286 context_type,
287 effective_extension,
288 effective_context_type).release();
272 script_context_set_.Add(context); 289 script_context_set_.Add(context);
273 290
274 // Initialize origin permissions for content scripts, which can't be 291 // Initialize origin permissions for content scripts, which can't be
275 // initialized in |OnActivateExtension|. 292 // initialized in |OnActivateExtension|.
276 if (context_type == Feature::CONTENT_SCRIPT_CONTEXT) 293 if (context_type == Feature::CONTENT_SCRIPT_CONTEXT)
277 InitOriginPermissions(extension); 294 InitOriginPermissions(extension);
278 295
279 { 296 {
280 scoped_ptr<ModuleSystem> module_system( 297 scoped_ptr<ModuleSystem> module_system(
281 new ModuleSystem(context, &source_map_)); 298 new ModuleSystem(context, &source_map_));
(...skipping 1018 matching lines...) Expand 10 before | Expand all | Expand 10 after
1300 return v8::Handle<v8::Object>(); 1317 return v8::Handle<v8::Object>();
1301 1318
1302 if (bind_name) 1319 if (bind_name)
1303 *bind_name = split.back(); 1320 *bind_name = split.back();
1304 1321
1305 return bind_object.IsEmpty() ? AsObjectOrEmpty(GetOrCreateChrome(context)) 1322 return bind_object.IsEmpty() ? AsObjectOrEmpty(GetOrCreateChrome(context))
1306 : bind_object; 1323 : bind_object;
1307 } 1324 }
1308 1325
1309 } // namespace extensions 1326 } // namespace extensions
OLDNEW
« chrome/renderer/content_settings_observer.cc ('K') | « extensions/renderer/dispatcher.h ('k') | extensions/renderer/dispatcher_delegate.h » ('j') | extensions/renderer/script_context.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698