diff options
author | kalman <kalman@chromium.org> | 2015-03-18 17:49:31 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-03-19 00:50:22 +0000 |
commit | dfebefe64349581cb675dcdf19861397a28d1252 (patch) | |
tree | bb9b9bf5e1390fc2e93d004ce985a547f918ca27 /extensions | |
parent | 5e148eb4f7679c85daa8e0d314dfd636f739b0d8 (diff) | |
download | chromium_src-dfebefe64349581cb675dcdf19861397a28d1252.zip chromium_src-dfebefe64349581cb675dcdf19861397a28d1252.tar.gz chromium_src-dfebefe64349581cb675dcdf19861397a28d1252.tar.bz2 |
[Extensions] Skip injecting scripts into remote frames with site isolation turned on.
This is admitting defeat by site isolation, for now. It's better than crashing.
It will be properly fixed when permission checks are moved into the browser.
BUG=454917
R=rdevlin.cronin@chromium.org
Review URL: https://codereview.chromium.org/1018163002
Cr-Commit-Position: refs/heads/master@{#321254}
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/renderer/user_script_set.cc | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/extensions/renderer/user_script_set.cc b/extensions/renderer/user_script_set.cc index f82465d..819c630 100644 --- a/extensions/renderer/user_script_set.cc +++ b/extensions/renderer/user_script_set.cc @@ -204,11 +204,18 @@ scoped_ptr<ScriptInjection> UserScriptSet::GetInjectionForScript( scoped_ptr<ScriptInjector> injector(new UserScriptInjector(script, this, is_declarative)); - if (injector->CanExecuteOnFrame( - injection_host.get(), - web_frame, - -1, // Content scripts are not tab-specific. - web_frame->top()->document().url()) == + + blink::WebDocument top_document = web_frame->top()->document(); + // This can be null if site isolation is turned on. The best we can do is to + // just give up - generally the wrong behavior, but better than crashing. + // TODO(kalman): Fix this properly by moving all security checks into the + // browser. See http://crbug.com/466373 for ongoing work here. + if (top_document.isNull()) + return injection.Pass(); + + if (injector->CanExecuteOnFrame(injection_host.get(), web_frame, + -1, // Content scripts are not tab-specific. + top_document.url()) == PermissionsData::ACCESS_DENIED) { return injection.Pass(); } |