Only inject content scripts into HTML documents. Previously we would inject into SVG and raw XML documents as well.

Injecting into SVG could conceivably be a feature, but I expect it would count as a "bug" more often than that, so I'm starting conservative.

BUG=39845

Review URL: http://codereview.chromium.org/2389004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@48693 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 15 insertions, 0 deletions

diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc
index 4015484..25a272b 100644
--- a/chrome/renderer/user_script_slave.cc
+++ b/chrome/renderer/user_script_slave.cc
@@ -18,6 +18,8 @@
 #include "chrome/renderer/extension_groups.h"
 #include "chrome/renderer/render_thread.h"
 #include "googleurl/src/gurl.h"
+#include "third_party/WebKit/WebKit/chromium/public/WebDocument.h"
+#include "third_party/WebKit/WebKit/chromium/public/WebElement.h"
 #include "third_party/WebKit/WebKit/chromium/public/WebFrame.h"
 
 #include "grit/renderer_resources.h"
@@ -149,6 +151,19 @@ bool UserScriptSlave::InjectScripts(WebFrame* frame,
   if (!URLPattern::IsValidScheme(frame_url.scheme()))
     return true;
 
+  // Only inject user scripts into documents with an <html> tag as the root
+  // element. Note that WebCore fixes up html pages that lack a root HTML
+  // element so that they include one. Also, documents like text/plain and
+  // image/* are wrapped in a simple HTML document.
+  //
+  // Basically, this check filters out SVG documents and other types of XML
+  // documents.
+  if (frame->document().isNull() ||
+      frame->document().documentElement().isNull() ||
+      !frame->document().documentElement().hasTagName("html")) {
+      return true;
+  }
+
   // Don't inject user scripts into the gallery itself.  This prevents
   // a user script from removing the "report abuse" link, for example.
   if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host())