Refactoring: de-couple Extensions from "script injection System" [render side]:2

extensions/renderer/user_script_injector.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/user_script_injector.h"
 
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "content/public/common/url_constants.h"
+#include "content/public/renderer/render_view.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/renderer/injection_host.h"
 #include "extensions/renderer/script_context.h"
 #include "extensions/renderer/scripts_run_info.h"
 #include "grit/extensions_renderer_resources.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "third_party/WebKit/public/web/WebScriptSource.h"
 #include "ui/base/resource/resource_bundle.h"
@@ skipping 99 matching lines @@
     UserScript::RunLocation run_location) const {
   return run_location == UserScript::DOCUMENT_START &&
          !script_->css_scripts().empty();
 }
 
 PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
     const InjectionHost* injection_host,
     blink::WebFrame* web_frame,
     int tab_id,
     const GURL& top_url) const {
-  // If we don't have a tab id, we have no UI surface to ask for user consent.
-  // For now, we treat this as an automatic allow.
-  if (tab_id == -1)
-    return PermissionsData::ACCESS_ALLOWED;
-
   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
       web_frame, web_frame->document().url(), script_->match_about_blank());
-  return injection_host->CanExecuteOnFrame(
+  PermissionsData::AccessType can_execute = injection_host->CanExecuteOnFrame(
       effective_document_url, top_url, tab_id, is_declarative_);
+
+  if (script_->consumer_instance_type() !=
+      UserScript::ConsumerInstanceType::WEBVIEW ||

[Devlin, 2015/03/02 20:22:42]

This seems very wrong.  Why are we automatically denying all extension
injections here?

[Xi Han, 2015/03/02 20:30:17]

Hmm? We didn't deny all extensions injection. The logic here is: 
If it is not WEBVIEW, we will return the can_execute directly here. If it is
WEBVIEW and the can_execute is DENIED, we return directly as well. Only for
webview and the host is allowed, we do the following check. 

[Devlin, 2015/03/02 21:08:14]

Huh. I have no idea how I read that so wrong (for some reason in my mind, I saw
return ACCESS_DENIED).  Nevermind.

+      can_execute == PermissionsData::ACCESS_DENIED)
+    return can_execute;
+
+  int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
+                      ->GetRoutingID();
+  return script_->routing_info().render_view_id == routing_id
+      ? PermissionsData::ACCESS_ALLOWED
+      : PermissionsData::ACCESS_DENIED;
 }
 
 std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
     UserScript::RunLocation run_location) const {
   DCHECK_EQ(script_->run_location(), run_location);
 
   std::vector<blink::WebScriptSource> sources;
   const UserScript::FileList& js_scripts = script_->js_scripts();
   bool is_standalone_or_emulate_greasemonkey =
       script_->is_standalone() || script_->emulate_greasemonkey();
@@ skipping 53 matching lines @@
   }
 
   if (ShouldInjectCss(run_location))
     scripts_run_info->num_css += script_->css_scripts().size();
 }
 
 void UserScriptInjector::OnWillNotInject(InjectFailureReason reason) {
 }
 
 }  // namespace extensions