Implement <webview>.addContentScript/removeContentScript API [1]

extensions/renderer/user_script_injector.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/renderer/user_script_injector.h"
 
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "content/public/common/url_constants.h"
+#include "content/public/renderer/render_thread.h"
 #include "content/public/renderer/render_view.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/guest_view/guest_view_messages.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/renderer/injection_host.h"
 #include "extensions/renderer/script_context.h"
 #include "extensions/renderer/scripts_run_info.h"
 #include "grit/extensions_renderer_resources.h"
 #include "third_party/WebKit/public/web/WebDocument.h"
 #include "third_party/WebKit/public/web/WebFrame.h"
 #include "third_party/WebKit/public/web/WebScriptSource.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "url/gurl.h"
 
 namespace extensions {
 
 namespace {
 
+struct RoutingInfoKey {
+  int routing_id;
+  int script_id;
+
+  RoutingInfoKey(int routing_id, int script_id)
+      : routing_id(routing_id), script_id(script_id) {}
+
+  bool operator<(const RoutingInfoKey& other) const {
+    if (routing_id != other.routing_id)
+      return routing_id < other.routing_id;
+
+    if (script_id != other.script_id)
+      return script_id < other.script_id;
+    return false;  // keys are equal.
+  }
+};
+
+using RoutingInfoMap = std::map<RoutingInfoKey, bool>;
+
 // These two strings are injected before and after the Greasemonkey API and
 // user script to wrap it in an anonymous scope.
 const char kUserScriptHead[] = "(function (unsafeWindow) {\n";
 const char kUserScriptTail[] = "\n})(window);";
 
+// A map records whether a given |script_id| from a webview-added user script
+// is allowed to inject on the render of given |routing_id|.
+// Once a script is added, the decision of whether or not allowed to inject
+// won't be changed.
+// Even if the script is removed by the webview, the user scipt will be removed
+// from the render as well. Therefore, there won't be any query from this
+// removed |script_id| and |routing_id| pair.
+base::LazyInstance<RoutingInfoMap> g_routing_info_map =
+    LAZY_INSTANCE_INITIALIZER;
+
 // Greasemonkey API source that is injected with the scripts.
 struct GreasemonkeyApiJsString {
   GreasemonkeyApiJsString();
   blink::WebScriptSource GetSource() const;
 
  private:
   std::string source_;
 };
 
 // The below constructor, monstrous as it is, just makes a WebScriptSource from
@@ skipping 81 matching lines @@
 
 PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
     const InjectionHost* injection_host,
     blink::WebFrame* web_frame,
     int tab_id,
     const GURL& top_url) const {
   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
       web_frame, web_frame->document().url(), script_->match_about_blank());
   PermissionsData::AccessType can_execute = injection_host->CanExecuteOnFrame(
       effective_document_url, top_url, tab_id, is_declarative_);
-
   if (script_->consumer_instance_type() !=
-      UserScript::ConsumerInstanceType::WEBVIEW ||
+          UserScript::ConsumerInstanceType::WEBVIEW ||
       can_execute == PermissionsData::ACCESS_DENIED)
     return can_execute;
 
   int routing_id = content::RenderView::FromWebView(web_frame->top()->view())
                       ->GetRoutingID();
-  return script_->routing_info().render_view_id == routing_id
-      ? PermissionsData::ACCESS_ALLOWED
-      : PermissionsData::ACCESS_DENIED;
+
+  RoutingInfoKey key(routing_id, script_->id());
+
+  RoutingInfoMap& map = g_routing_info_map.Get();
+  auto iter = map.find(key);
+
+  bool allowed = false;
+  if (iter != map.end()) {
+    allowed = iter->second;
+  } else {
+    // Send a SYNC IPC message to the browser to check if this is allowed. This
+    // is not ideal, but is mitigated by the fact that this is only done for
+    // webviews, and then only once per host.
+    // TODO(hanxi): Find a more efficient way to do this.
+    content::RenderThread::Get()->Send(
+        new GuestViewHostMsg_CanExecuteContentScriptSync(
+            routing_id, script_->id(), &allowed));
+    map.insert(std::pair<RoutingInfoKey, bool>(key, allowed));
+  }
+
+  return allowed ? PermissionsData::ACCESS_ALLOWED
+                 : PermissionsData::ACCESS_DENIED;
 }
 
 std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
     UserScript::RunLocation run_location) const {
   DCHECK_EQ(script_->run_location(), run_location);
 
   std::vector<blink::WebScriptSource> sources;
   const UserScript::FileList& js_scripts = script_->js_scripts();
   bool is_standalone_or_emulate_greasemonkey =
       script_->is_standalone() || script_->emulate_greasemonkey();
@@ skipping 57 matching lines @@
 
 void UserScriptInjector::OnInjectionComplete(
     scoped_ptr<base::ListValue> execution_results,
     UserScript::RunLocation run_location) {
 }
 
 void UserScriptInjector::OnWillNotInject(InjectFailureReason reason) {
 }
 
 }  // namespace extensions