Don't allow content scripts to execute on file:// urls.

This requires a command line flag for the page cycler tests,
since those load file:// urls.

BUG=27877
TEST=Bunch of tests affected.

Review URL: http://codereview.chromium.org/402029

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32271 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 28 insertions, 4 deletions

diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 060adffd..61c0b98 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -187,10 +187,14 @@ const char kEnableExtensionTimelineApi[]    = "enable-extension-timeline-api";
 // Enable the fastback page cache.
 const char kEnableFastback[]                = "enable-fastback";
 
-// By default, cookies are not allowed on file://. They are needed in for
+// By default, cookies are not allowed on file://. They are needed for
 // testing, for example page cycler and layout tests.  See bug 1157243.
 const char kEnableFileCookies[]             = "enable-file-cookies";
 
+// By default, js content scripts are not allowed on file://. They are needed
+// for page cycler tests.  See http://crbug.com/27877.
+const char kEnableJsOnFileUrls[]         = "enable-content-script-on-file-urls";
+
 // Disable LocalStorage.
 const char kDisableLocalStorage[]            = "disable-local-storage";
 
@@ -203,7 +207,7 @@ const char kEnableLogging[]                 = "enable-logging";
 // assumed to be sRGB.
 const char kEnableMonitorProfile[]          = "enable-monitor-profile";
 
-// Enable Native Web Worker support
+// Enable Native Web Worker support.
 const char kEnableNativeWebWorkers[]        = "enable-native-web-workers";
 
 // Enable AutoFill++.
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index db22875..3ab2fb7 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -70,6 +70,7 @@ extern const char kEnableExperimentalWebGL[];
 extern const char kEnableExtensionTimelineApi[];
 extern const char kEnableFastback[];
 extern const char kEnableFileCookies[];
+extern const char kEnableJsOnFileUrls[];
 extern const char kDisableLocalStorage[];
 extern const char kEnableLogging[];
 extern const char kEnableMonitorProfile[];
diff --git a/chrome/common/extensions/docs/content_scripts.html b/chrome/common/extensions/docs/content_scripts.html
index 2fd23a3..c94ee56 100644
--- a/chrome/common/extensions/docs/content_scripts.html
+++ b/chrome/common/extensions/docs/content_scripts.html
@@ -314,6 +314,9 @@ They <b>cannot</b>:
   <li>
     Make cross-site XMLHttpRequests
   </li>
+  <li>
+    Execute on file:// urls.
+  </li>
 </ul>
 
 <p>
diff --git a/chrome/common/extensions/docs/static/content_scripts.html b/chrome/common/extensions/docs/static/content_scripts.html
index 26d83bb..9c90859 100644
--- a/chrome/common/extensions/docs/static/content_scripts.html
+++ b/chrome/common/extensions/docs/static/content_scripts.html
@@ -40,6 +40,9 @@ They <b>cannot</b>:
   <li>
     Make cross-site XMLHttpRequests
   </li>
+  <li>
+    Execute on file:// urls.
+  </li>
 </ul>
 
 <p>
diff --git a/chrome/common/extensions/extension.cc b/chrome/common/extensions/extension.cc
index 1a665d4..f09fba8 100644
--- a/chrome/common/extensions/extension.cc
+++ b/chrome/common/extensions/extension.cc
@@ -247,11 +247,21 @@ bool Extension::LoadUserScriptHelper(const DictionaryValue* content_script,
           IntToString(definition_index), IntToString(j));
       return false;
     }
+    std::string scheme = pattern.scheme();
+    if (scheme == "file") {
+      // No content scripts are allowed unless the command line override switch
+      // was provided.
+      if (!CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kEnableJsOnFileUrls)) {
+        *error = errors::kInvalidJsMatches;
+        return false;
+      }
+    }
 
     result->add_url_pattern(pattern);
   }
 
-  // include/exclude globs (mostly for Greasemonkey compat)
+  // Include/exclude globs (mostly for Greasemonkey compatibility).
   if (!LoadGlobsHelper(content_script, definition_index, keys::kIncludeGlobs,
                        error, &UserScript::add_glob, result)) {
       return false;
@@ -262,7 +272,7 @@ bool Extension::LoadUserScriptHelper(const DictionaryValue* content_script,
       return false;
   }
 
-  // js and css keys
+  // js and css keys.
   ListValue* js = NULL;
   if (content_script->HasKey(keys::kJs) &&
       !content_script->GetList(keys::kJs, &js)) {
diff --git a/chrome/common/extensions/extension_constants.cc b/chrome/common/extensions/extension_constants.cc
index 0dbab1f..c2700dc 100644
--- a/chrome/common/extensions/extension_constants.cc
+++ b/chrome/common/extensions/extension_constants.cc
@@ -91,6 +91,8 @@ const char* kInvalidJs =
     "Invalid value for 'content_scripts[*].js[*]'.";
 const char* kInvalidJsList =
     "Required value 'content_scripts[*].js is invalid.";
+const char* kInvalidJsMatches =
+    "Content scripts can not be executed on file:// urls.";
 const char* kInvalidKey =
     "Value 'key' is missing or invalid.";
 const char* kInvalidManifest =
diff --git a/chrome/common/extensions/extension_constants.h b/chrome/common/extensions/extension_constants.h
index d44f7b9..ff9836f 100644
--- a/chrome/common/extensions/extension_constants.h
+++ b/chrome/common/extensions/extension_constants.h
@@ -77,6 +77,7 @@ namespace extension_manifest_errors {
   extern const char* kInvalidGlob;
   extern const char* kInvalidJs;
   extern const char* kInvalidJsList;
+  extern const char* kInvalidJsMatches;
   extern const char* kInvalidKey;
   extern const char* kInvalidManifest;
   extern const char* kInvalidMatchCount;