diff options
| author | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-22 22:21:20 +0000 |
|---|---|---|
| committer | aa@chromium.org <aa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-22 22:21:20 +0000 |
| commit | 61f5a7b0e74f9a19de55e026509360611fdfd775 (patch) | |
| tree | 6a40887215753163c7caa28d5278767d1d82ae03 /chrome/renderer | |
| parent | 332cacf55c00476da2c75e40510fc748b77519d3 (diff) | |
| download | chromium_src-61f5a7b0e74f9a19de55e026509360611fdfd775.zip chromium_src-61f5a7b0e74f9a19de55e026509360611fdfd775.tar.gz chromium_src-61f5a7b0e74f9a19de55e026509360611fdfd775.tar.bz2 | |
Check permissions for chrome.tabs.executeScript() in the
renderer just before injection to avoid races.
BUG=30937
Review URL: http://codereview.chromium.org/509032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35176 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/render_view.cc | 55 | ||||
| -rw-r--r-- | chrome/renderer/render_view.h | 44 |
2 files changed, 36 insertions, 63 deletions
diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index baac373..c4f7483 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -214,6 +214,16 @@ static void GetRedirectChain(WebDataSource* ds, std::vector<GURL>* result) { result->push_back(urls[i]); } +static bool UrlMatchesPermissions( + const GURL& url, const std::vector<URLPattern>& host_permissions) { + for (size_t i = 0; i < host_permissions.size(); ++i) { + if (host_permissions[i].MatchesUrl(url)) + return true; + } + + return false; +} + /////////////////////////////////////////////////////////////////////////////// int32 RenderView::next_page_id_ = 1; @@ -2358,10 +2368,9 @@ void RenderView::OnUserScriptIdleTriggered(WebFrame* frame) { WebFrame* main_frame = webview()->mainFrame(); if (frame == main_frame) { while (!pending_code_execution_queue_.empty()) { - scoped_refptr<CodeExecutionInfo> info = + linked_ptr<ViewMsg_ExecuteCode_Params>& params = pending_code_execution_queue_.front(); - ExecuteCodeImpl(main_frame, info->request_id, info->extension_id, - info->is_js_code, info->code_string, info->all_frames); + ExecuteCodeImpl(main_frame, *params); pending_code_execution_queue_.pop(); } } @@ -3807,57 +3816,53 @@ void RenderView::OnSetEditCommandsForNextKeyEvent( edit_commands_ = edit_commands; } -void RenderView::OnExecuteCode(int request_id, const std::string& extension_id, - bool is_js_code, - const std::string& code_string, - bool all_frames) { +void RenderView::OnExecuteCode(const ViewMsg_ExecuteCode_Params& params) { WebFrame* main_frame = webview() ? webview()->mainFrame() : NULL; if (!main_frame) { - Send(new ViewMsg_ExecuteCodeFinished(routing_id_, request_id, false)); + Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, + false)); return; } WebDataSource* ds = main_frame->dataSource(); NavigationState* navigation_state = NavigationState::FromDataSource(ds); if (!navigation_state->user_script_idle_scheduler()->has_run()) { - scoped_refptr<CodeExecutionInfo> info = new CodeExecutionInfo( - request_id, extension_id, is_js_code, code_string, all_frames); - pending_code_execution_queue_.push(info); + pending_code_execution_queue_.push( + linked_ptr<ViewMsg_ExecuteCode_Params>( + new ViewMsg_ExecuteCode_Params(params))); return; } - ExecuteCodeImpl(main_frame, request_id, extension_id, is_js_code, - code_string, all_frames); + ExecuteCodeImpl(main_frame, params); } void RenderView::ExecuteCodeImpl(WebFrame* frame, - int request_id, - const std::string& extension_id, - bool is_js_code, - const std::string& code_string, - bool all_frames) { + const ViewMsg_ExecuteCode_Params& params) { std::vector<WebFrame*> frame_vector; frame_vector.push_back(frame); - if (all_frames) + if (params.all_frames) GetAllChildFrames(frame, &frame_vector); for (std::vector<WebFrame*>::iterator frame_it = frame_vector.begin(); frame_it != frame_vector.end(); ++frame_it) { WebFrame* frame = *frame_it; - if (is_js_code) { + if (params.is_javascript) { + if (!UrlMatchesPermissions(frame->url(), params.host_permissions)) + continue; + std::vector<WebScriptSource> sources; sources.push_back( - WebScriptSource(WebString::fromUTF8(code_string))); - UserScriptSlave::InsertInitExtensionCode(&sources, extension_id); + WebScriptSource(WebString::fromUTF8(params.code))); + UserScriptSlave::InsertInitExtensionCode(&sources, params.extension_id); frame->executeScriptInIsolatedWorld( - UserScriptSlave::GetIsolatedWorldId(extension_id), + UserScriptSlave::GetIsolatedWorldId(params.extension_id), &sources.front(), sources.size(), EXTENSION_GROUP_CONTENT_SCRIPTS); } else { - frame->insertStyleText(WebString::fromUTF8(code_string), WebString()); + frame->insertStyleText(WebString::fromUTF8(params.code), WebString()); } } - Send(new ViewMsg_ExecuteCodeFinished(routing_id_, request_id, true)); + Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true)); } void RenderView::Close() { diff --git a/chrome/renderer/render_view.h b/chrome/renderer/render_view.h index c69a601..60bf6cb 100644 --- a/chrome/renderer/render_view.h +++ b/chrome/renderer/render_view.h @@ -16,6 +16,7 @@ #include "base/gfx/point.h" #include "base/gfx/rect.h" #include "base/id_map.h" +#include "base/linked_ptr.h" #include "base/shared_memory.h" #include "base/timer.h" #include "base/values.h" @@ -25,6 +26,7 @@ #include "chrome/common/navigation_gesture.h" #include "chrome/common/notification_type.h" #include "chrome/common/page_zoom.h" +#include "chrome/common/render_messages.h" #include "chrome/common/renderer_preferences.h" #include "chrome/common/view_types.h" #include "chrome/renderer/automation/dom_automation_controller.h" @@ -611,17 +613,9 @@ class RenderView : public RenderWidget, const WebKit::WebMediaPlayerAction& action); void OnNotifyRendererViewType(ViewType::Type view_type); void OnUpdateBrowserWindowId(int window_id); - void OnExecuteCode(int request_id, - const std::string& extension_id, - bool is_js_code, - const std::string& code_string, - bool all_frames); + void OnExecuteCode(const ViewMsg_ExecuteCode_Params& params); void ExecuteCodeImpl(WebKit::WebFrame* frame, - int request_id, - const std::string& extension_id, - bool is_js_code, - const std::string& code_string, - bool all_frames); + const ViewMsg_ExecuteCode_Params& params); void OnUpdateBackForwardListCount(int back_list_count, int forward_list_count); void OnGetAccessibilityInfo( @@ -961,34 +955,8 @@ class RenderView : public RenderWidget, // Id number of browser window which RenderView is attached to. int browser_window_id_; - // If page is loading, we can't run code, just create CodeExecutionInfo - // objects store pending execution information and delay the execution until - // page is loaded. - struct CodeExecutionInfo : public base::RefCounted<CodeExecutionInfo> { - CodeExecutionInfo(int id_of_request, const std::string& id_of_extension, - bool is_js, const std::string& code, - bool inject_to_all_frames) - : request_id(id_of_request), - extension_id(id_of_extension), - code_string(code), - is_js_code(is_js), - all_frames(inject_to_all_frames) {} - int request_id; - - // The id of extension who issues the pending executeScript API call. - std::string extension_id; - - // The code which would be executed. - std::string code_string; - - // It's true if |code_string| is JavaScript; otherwise |code_string| is - // CSS text. - bool is_js_code; - // It's true if the code_string would be injected into all frames. - bool all_frames; - }; - - std::queue<scoped_refptr<CodeExecutionInfo> > pending_code_execution_queue_; + std::queue<linked_ptr<ViewMsg_ExecuteCode_Params> > + pending_code_execution_queue_; // page id for the last navigation sent to the browser. int32 last_top_level_navigation_page_id_; |