diff options
author | rdevlin.cronin <rdevlin.cronin@chromium.org> | 2015-08-25 11:06:01 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-08-25 18:07:16 +0000 |
commit | 29d2ec93b685a04c1ad0ad047ab702c3cc62ba3f (patch) | |
tree | 0d43c06921fc096d7deab985b453c1544c3ae76f /extensions/renderer/extension_injection_host.cc | |
parent | 1b4f6471e46e85ab40a6768a0414aa084ead3b68 (diff) | |
download | chromium_src-29d2ec93b685a04c1ad0ad047ab702c3cc62ba3f.zip chromium_src-29d2ec93b685a04c1ad0ad047ab702c3cc62ba3f.tar.gz chromium_src-29d2ec93b685a04c1ad0ad047ab702c3cc62ba3f.tar.bz2 |
[Script Injection] Allow whitelisted extensions to inject scripts everywhere
Fix a regression where whitelisted extensions couldn't inject content scripts on
other extension pages.
BUG=517370
Review URL: https://codereview.chromium.org/1294393003
Cr-Commit-Position: refs/heads/master@{#345382}
Diffstat (limited to 'extensions/renderer/extension_injection_host.cc')
-rw-r--r-- | extensions/renderer/extension_injection_host.cc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/extensions/renderer/extension_injection_host.cc b/extensions/renderer/extension_injection_host.cc index 32e8399..1a6dca8 100644 --- a/extensions/renderer/extension_injection_host.cc +++ b/extensions/renderer/extension_injection_host.cc @@ -57,8 +57,10 @@ PermissionsData::AccessType ExtensionInjectionHost::CanExecuteOnFrame( blink::WebSecurityOrigin top_frame_security_origin = render_frame->GetWebFrame()->top()->securityOrigin(); + // Only whitelisted extensions may run scripts on another extension's page. if (top_frame_security_origin.protocol().utf8() == kExtensionScheme && - top_frame_security_origin.host().utf8() != extension_->id()) + top_frame_security_origin.host().utf8() != extension_->id() && + !PermissionsData::CanExecuteScriptEverywhere(extension_)) return PermissionsData::ACCESS_DENIED; // Declarative user scripts use "page access" (from "permissions" section in |