diff options
| author | rdevlin.cronin <rdevlin.cronin@chromium.org> | 2015-09-14 13:22:29 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-09-14 20:23:05 +0000 |
| commit | c318b93de2ee7b8cc78e506dd2dd161af7d6819d (patch) | |
| tree | 076ab3bc9618002243884a071f1309a8596ecc6c /extensions/renderer/user_script_set.cc | |
| parent | fafe071bac241504791c2904af9fbfea476274c8 (diff) | |
| download | chromium_src-c318b93de2ee7b8cc78e506dd2dd161af7d6819d.zip chromium_src-c318b93de2ee7b8cc78e506dd2dd161af7d6819d.tar.gz chromium_src-c318b93de2ee7b8cc78e506dd2dd161af7d6819d.tar.bz2 | |
[Extensions] Don't allow extensions to inject scripts into extension pages
Don't allow extensions to inject scripts into other extension pages, since this
is a security risk. This was meant to be addressed, but there was an incorrect
early-return. Also add a regression test.
BUG=529682
Review URL: https://codereview.chromium.org/1335083004
Cr-Commit-Position: refs/heads/master@{#348707}
Diffstat (limited to 'extensions/renderer/user_script_set.cc')
| -rw-r--r-- | extensions/renderer/user_script_set.cc | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/extensions/renderer/user_script_set.cc b/extensions/renderer/user_script_set.cc index 0cd2250..23cb833 100644 --- a/extensions/renderer/user_script_set.cc +++ b/extensions/renderer/user_script_set.cc @@ -211,7 +211,7 @@ scoped_ptr<ScriptInjection> UserScriptSet::GetInjectionForScript( if (injector->CanExecuteOnFrame( injection_host.get(), web_frame, - -1 /* Content scripts are not tab-specific. */) == + tab_id) == PermissionsData::ACCESS_DENIED) { return injection.Pass(); } @@ -225,8 +225,7 @@ scoped_ptr<ScriptInjection> UserScriptSet::GetInjectionForScript( injector.Pass(), render_frame, injection_host.Pass(), - run_location, - tab_id)); + run_location)); } return injection.Pass(); } |