Revert 59889 - Fix regression introduced by

http://src.chromium.org/viewvc/chrome?view=rev&revision=57788 Add a delegate interface so that chromium have more fine-grained control over whether a V8 extension is injected into a script context. This is the chromium-side change of webkit bug https://bugs.webkit.org/show_bug.cgi?id=45721 BUG=37290 TEST=covered by unit tests Review URL: http://codereview.chromium.org/3398001 TBR=mpcomplete@chromium.org Review URL: http://codereview.chromium.org/3464003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59906 0039d316-1c4b-4281-b951-d872f2087c98
author: thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-09-19 20:42:52 +0000
committer: thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-09-19 20:42:52 +0000
commit: 3dab5052298c6f98f7ba11ad6d939ec48c94a5a7 (patch)
tree: c24385257217893a4bd344afa4e44d1d550b44d0 /chrome/renderer
parent: 3486ec6dd26c1e40766afa1b54afbc727b00d5d6 (diff)
download: chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.zip
chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.tar.gz
chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.tar.bz2
5 files changed, 72 insertions, 94 deletions
diff --git a/chrome/renderer/extensions/event_bindings.cc b/chrome/renderer/extensions/event_bindings.cc
index e0beb68..54edbb4 100644
--- a/chrome/renderer/extensions/event_bindings.cc
+++ b/chrome/renderer/extensions/event_bindings.cc
@@ -262,11 +262,18 @@ void EventBindings::HandleContextCreated(WebFrame* frame, bool content_script) {
   GURL url = ds->request().url();
   std::string extension_id = ExtensionRendererInfo::GetIdByURL(url);
 
-  if (!ExtensionRendererInfo::ExtensionBindingsAllowed(url) &&
+  // Note: because process isolation doesn't work correcly with redirects,
+  // it is possible that a page that IS in an extension process won't have
+  // bindings setup for it, so we must also check IsExtensionProcess, otherwise
+  // we'll attempt to invoke a JS function that doesn't exist.
+  // Fixing crbug.com/53610 should fix this as well.
+  RenderThread* current_thread = RenderThread::current();
+  if ((!current_thread ||
+       !current_thread->IsExtensionProcess() ||
+       !ExtensionRendererInfo::ExtensionBindingsAllowed(url)) &&
       !content_script) {
-    // This context is a regular non-extension web page or an unprivileged
-    // chrome app. Ignore it. We only care about content scripts and extension
-    // frames.
+    // This context is a regular non-extension web page.  Ignore it.  We only
+    // care about content scripts and extension frames.
     // (Unless we're in unit tests, in which case we don't care what the URL
     // is).
     DCHECK(frame_context.IsEmpty() || frame_context == context);
diff --git a/chrome/renderer/render_thread.cc b/chrome/renderer/render_thread.cc
index 37f170e..a067435 100644
--- a/chrome/renderer/render_thread.cc
+++ b/chrome/renderer/render_thread.cc
@@ -848,40 +848,80 @@ void RenderThread::EnsureWebKitInitialized() {
 
 #if defined(OS_WIN)
   // We don't yet support Gears on non-Windows, so don't tell pages that we do.
-  RegisterExtension(extensions_v8::GearsExtension::Get(), false);
+  WebScriptController::registerExtension(extensions_v8::GearsExtension::Get());
 #endif
-  RegisterExtension(extensions_v8::LoadTimesExtension::Get(), false);
-  RegisterExtension(extensions_v8::ChromeAppExtension::Get(), false);
-  RegisterExtension(extensions_v8::ExternalExtension::Get(), false);
+  WebScriptController::registerExtension(
+      extensions_v8::LoadTimesExtension::Get());
+  WebScriptController::registerExtension(
+      extensions_v8::ChromeAppExtension::Get());
+  WebScriptController::registerExtension(
+      extensions_v8::ExternalExtension::Get());
   v8::Extension* search_extension = extensions_v8::SearchExtension::Get();
   // search_extension is null if not enabled.
   if (search_extension)
-    RegisterExtension(search_extension, false);
+    WebScriptController::registerExtension(search_extension);
+
+  // TODO(rafaelw). Note that extension-related v8 extensions are being
+  // bound currently based on is_extension_process_. This means that
+  // non-extension renderers that slip into an extension process (for example,
+  // an extension page opening an iframe) will be extension bindings setup.
+  // This should be relatively rare, and the offending page won't be able to
+  // make extension API requests because it'll be denied on both sides of
+  // the renderer by a permission check. However, this is still fairly lame
+  // and we should consider implementing a V8Proxy delegate that calls out
+  // to the render thread and makes a decision as to whether to bind these
+  // extensions based on the frame's url.
+  // See: crbug.com/53610.
+
+  if (is_extension_process_)
+    WebScriptController::registerExtension(ExtensionProcessBindings::Get());
+
+  WebScriptController::registerExtension(
+      BaseJsV8Extension::Get(), EXTENSION_GROUP_CONTENT_SCRIPTS);
+  if (is_extension_process_)
+    WebScriptController::registerExtension(BaseJsV8Extension::Get());
+
+  WebScriptController::registerExtension(
+      JsonSchemaJsV8Extension::Get(), EXTENSION_GROUP_CONTENT_SCRIPTS);
+  if (is_extension_process_)
+    WebScriptController::registerExtension(JsonSchemaJsV8Extension::Get());
+
+  WebScriptController::registerExtension(
+      EventBindings::Get(), EXTENSION_GROUP_CONTENT_SCRIPTS);
+  if (is_extension_process_)
+    WebScriptController::registerExtension(EventBindings::Get());
+
+  WebScriptController::registerExtension(
+      RendererExtensionBindings::Get(), EXTENSION_GROUP_CONTENT_SCRIPTS);
+  if (is_extension_process_)
+    WebScriptController::registerExtension(RendererExtensionBindings::Get());
+
+  WebScriptController::registerExtension(
+      ExtensionApiTestV8Extension::Get(), EXTENSION_GROUP_CONTENT_SCRIPTS);
+  if (is_extension_process_)
+      WebScriptController::registerExtension(
+          ExtensionApiTestV8Extension::Get());
+
+  web_database_observer_impl_.reset(new WebDatabaseObserverImpl(this));
+  WebKit::WebDatabase::setObserver(web_database_observer_impl_.get());
 
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
-  if (command_line.HasSwitch(switches::kEnableBenchmarking))
-    RegisterExtension(extensions_v8::BenchmarkingExtension::Get(), false);
+  if (command_line.HasSwitch(switches::kEnableBenchmarking)) {
+    WebScriptController::registerExtension(
+        extensions_v8::BenchmarkingExtension::Get());
+  }
 
   if (command_line.HasSwitch(switches::kPlaybackMode) ||
       command_line.HasSwitch(switches::kRecordMode) ||
       command_line.HasSwitch(switches::kNoJsRandomness)) {
-    RegisterExtension(extensions_v8::PlaybackExtension::Get(), false);
+    WebScriptController::registerExtension(
+        extensions_v8::PlaybackExtension::Get());
   }
 
-  if (command_line.HasSwitch(switches::kDomAutomationController))
-    RegisterExtension(DomAutomationV8Extension::Get(), false);
-
-  // Add v8 extensions related to chrome extensions.
-  RegisterExtension(ExtensionProcessBindings::Get(), true);
-  RegisterExtension(BaseJsV8Extension::Get(), true);
-  RegisterExtension(JsonSchemaJsV8Extension::Get(), true);
-  RegisterExtension(EventBindings::Get(), true);
-  RegisterExtension(RendererExtensionBindings::Get(), true);
-  RegisterExtension(ExtensionApiTestV8Extension::Get(), true);
-
-  web_database_observer_impl_.reset(new WebDatabaseObserverImpl(this));
-  WebKit::WebDatabase::setObserver(web_database_observer_impl_.get());
+  if (command_line.HasSwitch(switches::kDomAutomationController)) {
+    WebScriptController::registerExtension(DomAutomationV8Extension::Get());
+  }
 
   WebRuntimeFeatures::enableMediaPlayer(
       RenderProcess::current()->HasInitializedMediaLibrary());
@@ -1073,31 +1113,3 @@ RenderThread::GetFileThreadMessageLoopProxy() {
   }
   return file_thread_->message_loop_proxy();
 }
-
-bool RenderThread::AllowScriptExtension(const std::string& v8_extension_name,
-                                        const GURL& url,
-                                        int extension_group) {
-  // If we don't know about it, it was added by WebCore, so we should allow it.
-  if (v8_extensions_.find(v8_extension_name) == v8_extensions_.end())
-    return true;
-
-  // If the V8 extension is not restricted, allow it to run anywhere.
-  bool restrict_to_extensions = v8_extensions_[v8_extension_name];
-  if (!restrict_to_extensions)
-    return true;
-
-  // Extension-only bindings should be restricted to content scripts and
-  // extension-blessed URLs.
-  if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS ||
-      ExtensionRendererInfo::ExtensionBindingsAllowed(url)) {
-    return true;
-  }
-
-  return false;
-}
-
-void RenderThread::RegisterExtension(v8::Extension* extension,
-                                     bool restrict_to_extensions) {
-  WebScriptController::registerExtension(extension);
-  v8_extensions_[extension->name()] = restrict_to_extensions;
-}
diff --git a/chrome/renderer/render_thread.h b/chrome/renderer/render_thread.h
index d7a7594..76d9428 100644
--- a/chrome/renderer/render_thread.h
+++ b/chrome/renderer/render_thread.h
@@ -6,7 +6,6 @@
 #define CHROME_RENDERER_RENDER_THREAD_H_
 #pragma once
 
-#include <map>
 #include <string>
 #include <vector>
 
@@ -61,10 +60,6 @@ namespace WebKit {
 class WebStorageEventDispatcher;
 }
 
-namespace v8 {
-class Extension;
-}
-
 // The RenderThreadBase is the minimal interface that a RenderView/Widget
 // expects from a render thread. The interface basically abstracts a way to send
 // and receive messages.
@@ -236,13 +231,6 @@ class RenderThread : public RenderThreadBase,
   // on the renderer's main thread.
   scoped_refptr<base::MessageLoopProxy> GetFileThreadMessageLoopProxy();
 
-  // This function is called for every registered V8 extension each time a new
-  // script context is created. Returns true if the given V8 extension is
-  // allowed to run on the given URL and extension group.
-  bool AllowScriptExtension(const std::string& v8_extension_name,
-                            const GURL& url,
-                            int extension_group);
-
  private:
   virtual void OnControlMessageReceived(const IPC::Message& msg);
 
@@ -321,10 +309,6 @@ class RenderThread : public RenderThreadBase,
   // Schedule a call to IdleHandler with the given initial delay.
   void ScheduleIdleHandler(double initial_delay_s);
 
-  // Registers the given V8 extension with WebKit, and also tracks what pages
-  // it is allowed to run on.
-  void RegisterExtension(v8::Extension* extension, bool restrict_to_extensions);
-
   // These objects live solely on the render thread.
   scoped_ptr<ScopedRunnableMethodFactory<RenderThread> > task_factory_;
   scoped_ptr<VisitedLinkSlave> visited_link_slave_;
@@ -385,11 +369,6 @@ class RenderThread : public RenderThreadBase,
   // A lazily initiated thread on which file operations are run.
   scoped_ptr<base::Thread> file_thread_;
 
-  // Map of registered v8 extensions. The key is the extension name. The value
-  // is true if the extension should be restricted to extension-related
-  // contexts.
-  std::map<std::string, bool> v8_extensions_;
-
   DISALLOW_COPY_AND_ASSIGN(RenderThread);
 };
 
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index 50409bf..9e33f83 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc
@@ -3426,23 +3426,6 @@ void RenderView::didCreateIsolatedScriptContext(WebFrame* frame) {
   EventBindings::HandleContextCreated(frame, true);
 }
 
-bool RenderView::allowScriptExtension(WebFrame* frame,
-                                      const WebString& extension_name,
-                                      int extension_group) {
-  // NULL in unit tests.
-  if (!RenderThread::current())
-    return true;
-
-  // Note: we prefer the provisional URL here instead of the document URL
-  // because we might be currently loading an URL into a blank page.
-  // See http://code.google.com/p/chromium/issues/detail?id=10924
-  WebDataSource* ds = frame->provisionalDataSource();
-  if (!ds)
-    ds = frame->dataSource();
-  return RenderThread::current()->AllowScriptExtension(
-      extension_name.utf8(), ds->request().url(), extension_group);
-}
-
 void RenderView::logCrossFramePropertyAccess(WebFrame* frame,
                                              WebFrame* target,
                                              bool cross_origin,
diff --git a/chrome/renderer/render_view.h b/chrome/renderer/render_view.h
index bf43b2e..01f9655 100644
--- a/chrome/renderer/render_view.h
+++ b/chrome/renderer/render_view.h
@@ -553,9 +553,6 @@ class RenderView : public RenderWidget,
   virtual void didCreateScriptContext(WebKit::WebFrame* frame);
   virtual void didDestroyScriptContext(WebKit::WebFrame* frame);
   virtual void didCreateIsolatedScriptContext(WebKit::WebFrame* frame);
-  virtual bool allowScriptExtension(WebKit::WebFrame*,
-                                    const WebKit::WebString& extension_name,
-                                    int extensionGroup);
   virtual void logCrossFramePropertyAccess(
       WebKit::WebFrame* frame,
       WebKit::WebFrame* target,
author	thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-09-19 20:42:52 +0000
committer	thakis@chromium.org <thakis@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-09-19 20:42:52 +0000
commit	3dab5052298c6f98f7ba11ad6d939ec48c94a5a7 (patch)
tree	c24385257217893a4bd344afa4e44d1d550b44d0 /chrome/renderer
parent	3486ec6dd26c1e40766afa1b54afbc727b00d5d6 (diff)
download	chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.zip chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.tar.gz chromium_src-3dab5052298c6f98f7ba11ad6d939ec48c94a5a7.tar.bz2