diff options
| author | rob <rob@robwu.nl> | 2016-02-07 09:28:57 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-02-07 17:30:20 +0000 |
| commit | 52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d (patch) | |
| tree | 98016ba6f92be725a32ab1d8b773781441548753 /extensions/common | |
| parent | 057f009b6b02d1e94409a6d88702f37a07598de0 (diff) | |
| download | chromium_src-52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d.zip chromium_src-52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d.tar.gz chromium_src-52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d.tar.bz2 | |
Add frameId to chrome.tabs.executeScript/insertCSS
- Re-implemented https://codereview.chromium.org/952473002/, with all
checks at the browser side instead of just the renderer.
- Use the last committed URL for checking permissions instead of the
visible URL. As a result, executeScript/insertCSS will now succeed in
frames where the currently committed page is scriptable by extensions,
but the target of the pending navigation is is not.
- ExecuteScript: Do not send IPC to non-live frames (they're not going
to reply anyway).
- Include URL in the error if the extension has the tabs permission
(follow-up to TODO from https://codereview.chromium.org/1414223005).
BUG=63979,551626
TEST=./browser_tests --gtest_filter=ExecuteScriptApiTest.*
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1628423002
Cr-Commit-Position: refs/heads/master@{#374057}
Diffstat (limited to 'extensions/common')
| -rw-r--r-- | extensions/common/api/extension_types.json | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/extensions/common/api/extension_types.json b/extensions/common/api/extension_types.json index 29562ee..9f27590 100644 --- a/extensions/common/api/extension_types.json +++ b/extensions/common/api/extension_types.json @@ -45,7 +45,17 @@ "properties": { "code": {"type": "string", "optional": true, "description": "JavaScript or CSS code to inject.<br><br><b>Warning:</b><br>Be careful using the <code>code</code> parameter. Incorrect use of it may open your extension to <a href=\"https://en.wikipedia.org/wiki/Cross-site_scripting\">cross site scripting</a> attacks."}, "file": {"type": "string", "optional": true, "description": "JavaScript or CSS file to inject."}, - "allFrames": {"type": "boolean", "optional": true, "description": "If allFrames is <code>true</code>, implies that the JavaScript or CSS should be injected into all frames of current page. By default, it's <code>false</code> and is only injected into the top frame."}, + "allFrames": { + "type": "boolean", + "optional": true, + "description": "If allFrames is <code>true</code>, implies that the JavaScript or CSS should be injected into all frames of current page. By default, it's <code>false</code> and is only injected into the top frame. If <code>true</code> and <code>frameId</code> is set, then the code is inserted in the selected frame and all of its child frames." + }, + "frameId": { + "type": "integer", + "optional": true, + "minimum": 0, + "description": "The <a href='webNavigation#frame_ids'>frame</a> where the script or CSS should be injected. Defaults to 0 (the top-level frame)." + }, "matchAboutBlank": {"type": "boolean", "optional": true, "description": "If matchAboutBlank is true, then the code is also injected in about:blank and about:srcdoc frames if your extension has access to its parent document. Code cannot be inserted in top-level about:-frames. By default it is <code>false</code>."}, "runAt": { "$ref": "RunAt", |