Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2238)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/renderer/user_script_injector.cc

Issue 906493004: Refactoring: de-couple Extensions from "script injection System" [render side]:2 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@decouple_brower_isolated_world_1
Patch Set: clean up. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « extensions/renderer/extension_injection_host.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/renderer/user_script_injector.cc
diff --git a/extensions/renderer/user_script_injector.cc b/extensions/renderer/user_script_injector.cc
index c3e15ef36e909c4a9cd0ec3568f226e1ce252587..e620a7c65e4ec79b361e9735aa4d4e7b70919a4f 100644
--- a/extensions/renderer/user_script_injector.cc
+++ b/extensions/renderer/user_script_injector.cc
@@ -8,6 +8,7 @@
#include "base/lazy_instance.h"
#include "content/public/common/url_constants.h"
+#include "content/public/renderer/render_view.h"
#include "extensions/common/extension.h"
#include "extensions/common/permissions/permissions_data.h"
#include "extensions/renderer/injection_host.h"
@@ -127,15 +128,21 @@ PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
blink::WebFrame* web_frame,
int tab_id,
const GURL& top_url) const {
- // If we don't have a tab id, we have no UI surface to ask for user consent.
- // For now, we treat this as an automatic allow.
- if (tab_id == -1)
- return PermissionsData::ACCESS_ALLOWED;
-
GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
web_frame, web_frame->document().url(), script_->match_about_blank());
- return injection_host->CanExecuteOnFrame(
+ PermissionsData::AccessType can_execute = injection_host->CanExecuteOnFrame(
effective_document_url, top_url, tab_id, is_declarative_);
+
+ if (script_->consumer_instance_type() !=
+ UserScript::ConsumerInstanceType::WEBVIEW ||
Devlin 2015/03/02 20:22:42 This seems very wrong. Why are we automatically d
Xi Han 2015/03/02 20:30:17 Hmm? We didn't deny all extensions injection. The
Devlin 2015/03/02 21:08:14 Huh. I have no idea how I read that so wrong (for
+ can_execute == PermissionsData::ACCESS_DENIED)
+ return can_execute;
+
+ int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
+ ->GetRoutingID();
+ return script_->routing_info().render_view_id == routing_id
+ ? PermissionsData::ACCESS_ALLOWED
+ : PermissionsData::ACCESS_DENIED;
}
std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
« no previous file with comments | « extensions/renderer/extension_injection_host.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698