Attempt2: Component extensions (and whitelisted extensions) specifying <all_urls> in their Extension match pattern should be allowed to run content scripts everywhere (including chrome://, chrome-extension://, about: and gallery pages.

The intent was to also allow these extensions to specify more granular permissions, such as about:version instead of <all_urls>, but that didn't make the cut this time.

This CL also enables <all_urls> for host permissions for regular extensions, which was disabled before. Note: That still doesn't give them permission to script the gallery and chrome:// pages, etc.

BUG=36275
TEST=Working on it right now.

Review URL: http://codereview.chromium.org/3585009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61359 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 15 insertions, 15 deletions

diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc
index 64849aa..032406f 100644
--- a/chrome/renderer/user_script_slave.cc
+++ b/chrome/renderer/user_script_slave.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -16,6 +16,7 @@
 #include "chrome/common/extensions/extension.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/renderer/extension_groups.h"
+#include "chrome/renderer/extensions/extension_renderer_info.h"
 #include "chrome/renderer/render_thread.h"
 #include "googleurl/src/gurl.h"
 #include "third_party/WebKit/WebKit/chromium/public/WebFrame.h"
@@ -66,7 +67,8 @@ UserScriptSlave::UserScriptSlave()
                 IDR_GREASEMONKEY_API_JS);
 }
 
-void UserScriptSlave::GetActiveExtensions(std::set<std::string>* extension_ids) {
+void UserScriptSlave::GetActiveExtensions(
+    std::set<std::string>* extension_ids) {
   for (size_t i = 0; i < scripts_.size(); ++i) {
     DCHECK(!scripts_[i]->extension_id().empty());
     extension_ids->insert(scripts_[i]->extension_id());
@@ -185,19 +187,9 @@ void UserScriptSlave::InsertInitExtensionCode(
 void UserScriptSlave::InjectScripts(WebFrame* frame,
                                     UserScript::RunLocation location) {
   GURL frame_url = GURL(frame->url());
-  // Don't bother if this is not a URL we inject script into.
-  if (!URLPattern(UserScript::kValidUserScriptSchemes).IsValidScheme(
-                                 frame_url.scheme()))
+  if (frame_url.is_empty())
     return;
 
-  // Don't inject user scripts into the gallery itself.  This prevents
-  // a user script from removing the "report abuse" link, for example.
-  if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host()
-      && !CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kAllowScriptingGallery)) {
-    return;
-  }
-
   PerfTimer timer;
   int num_css = 0;
   int num_scripts = 0;
@@ -209,8 +201,16 @@ void UserScriptSlave::InjectScripts(WebFrame* frame,
     if (frame->parent() && !script->match_all_frames())
       continue;  // Only match subframes if the script declared it wanted to.
 
-    if (!script->MatchesUrl(frame->url()))
-      continue;  // This frame doesn't match the script url pattern, skip it.
+    ExtensionRendererInfo* extension =
+        ExtensionRendererInfo::GetByID(script->extension_id());
+    if (!Extension::CanExecuteScriptOnPage(
+            frame_url,
+            extension->allowed_to_execute_script_everywhere(),
+            NULL,
+            script,
+            NULL)) {
+      continue;
+    }
 
     if (frame_url.SchemeIsFile() && !script->allow_file_access())
       continue;  // This script isn't allowed to run on file URLs.