Refactoring: de-couple Extensions from "script injection System" [render side]:2

extensions/renderer/user_script_injector.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/user_script_injector.h"
 
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "content/public/common/url_constants.h"
+#include "content/public/renderer/render_view.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/renderer/injection_host.h"
 #include "extensions/renderer/script_context.h"
 #include "extensions/renderer/scripts_run_info.h"
 #include "grit/extensions_renderer_resources.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "third_party/WebKit/public/web/WebScriptSource.h"
 #include "ui/base/resource/resource_bundle.h"
@@ skipping 104 matching lines @@
 PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
     const InjectionHost* injection_host,
     blink::WebFrame* web_frame,
     int tab_id,
     const GURL& top_url) const {
   // If we don't have a tab id, we have no UI surface to ask for user consent.
   // For now, we treat this as an automatic allow.
   if (tab_id == -1)
     return PermissionsData::ACCESS_ALLOWED;
 
+  int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
+                       ->GetRoutingID();
+  if (script_->routing_info().render_view_id == routing_id &&

[Devlin, 2015/02/23 20:15:00]

Should this just work with the injection host call?

[Xi Han, 2015/02/24 16:19:55]

It seems in current implementation, all webview related logic is handled out of
the injection host call. See ProgrammaticScriptInjector::CanExecuteOnFrame(...).

The above code grantees that the user script from one webview will only be
injected to its corresponding render view. Changes are made to serve this
purpose.

[Devlin, 2015/02/25 17:14:38]

While that's true, the reason all webview logic is handled from the script
injector, and not the injection host, is because the injection host didn't exist
when this was written. :)  Looking at the code, it actually looks like we can
completely eliminate ScriptInjector::CanExecuteOnFrame in favor of
InjectionHost::CanExecuteOnFrame.  Let's do that, instead of continuing to have
four different places where the "can execute" question is answered.

[Xi Han, 2015/02/27 19:36:19]

As discussed offline, leave the ScriptInjector::CanExecuteOnFrame function, but
put the script checks below the injection host check.

+      script_->consumer_instance_type() ==
+          UserScript::ConsumerInstanceType::WEBVIEW)
+    return PermissionsData::ACCESS_ALLOWED;
+
   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
       web_frame, web_frame->document().url(), script_->match_about_blank());
   return injection_host->CanExecuteOnFrame(
       effective_document_url, top_url, tab_id, is_declarative_);
 }
 
 std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
     UserScript::RunLocation run_location) const {
   DCHECK_EQ(script_->run_location(), run_location);
 
@@ skipping 57 matching lines @@
   }
 
   if (ShouldInjectCss(run_location))
     scripts_run_info->num_css += script_->css_scripts().size();
 }
 
 void UserScriptInjector::OnWillNotInject(InjectFailureReason reason) {
 }
 
 }  // namespace extensions