diff options
4 files changed, 22 insertions, 0 deletions
diff --git a/chrome/browser/extensions/execute_code_in_tab_function.cc b/chrome/browser/extensions/execute_code_in_tab_function.cc index 5dc6690..3d15458 100644 --- a/chrome/browser/extensions/execute_code_in_tab_function.cc +++ b/chrome/browser/extensions/execute_code_in_tab_function.cc @@ -11,6 +11,7 @@ #include "chrome/browser/extensions/file_reader.h" #include "chrome/browser/tab_contents/tab_contents.h" #include "chrome/common/extensions/extension.h" +#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/extensions/extension_error_utils.h" namespace keys = extension_tabs_module_constants; @@ -68,6 +69,16 @@ bool ExecuteCodeInTabFunction::RunImpl() { DCHECK(browser); DCHECK(contents); + // Disallow executeScript when the target contents is a gallery page. + // This mirrors a check in UserScriptSlave::InjectScripts + // NOTE: This can give the wrong answer due to race conditions, but it is OK, + // we check again in the renderer. + if (contents->GetURL().host() == + GURL(extension_urls::kGalleryBrowsePrefix).host()) { + error_ = keys::kCannotScriptGalleryError; + return false; + } + // NOTE: This can give the wrong answer due to race conditions, but it is OK, // we check again in the renderer. if (!GetExtension()->CanAccessHost(contents->GetURL())) { diff --git a/chrome/browser/extensions/extension_tabs_module_constants.cc b/chrome/browser/extensions/extension_tabs_module_constants.cc index a3fc48d..0d21460 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.cc +++ b/chrome/browser/extensions/extension_tabs_module_constants.cc @@ -44,6 +44,8 @@ const char kInternalVisibleTabCaptureError[] = const char kNotImplementedError[] = "This call is not yet implemented"; const char kCannotAccessPageError[] = "Cannot access contents of url \"*\". " "Extension manifest must request permission to access this host."; +const char kCannotScriptGalleryError[] = "The extensions gallery cannot be " + "scripted."; const char kSupportedInWindowsOnlyError[] = "Supported in Windows only"; const char kNoCodeOrFileToExecuteError[] = "No source code or file specified."; diff --git a/chrome/browser/extensions/extension_tabs_module_constants.h b/chrome/browser/extensions/extension_tabs_module_constants.h index 6e0967d..a8bf1ac 100644 --- a/chrome/browser/extensions/extension_tabs_module_constants.h +++ b/chrome/browser/extensions/extension_tabs_module_constants.h @@ -48,6 +48,7 @@ extern const char kInvalidUrlError[]; extern const char kInternalVisibleTabCaptureError[]; extern const char kNotImplementedError[]; extern const char kCannotAccessPageError[]; +extern const char kCannotScriptGalleryError[]; extern const char kSupportedInWindowsOnlyError[]; extern const char kNoCodeOrFileToExecuteError[]; diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index 6313755..709c313 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -26,6 +26,7 @@ #include "chrome/common/child_process_logging.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/chrome_constants.h" +#include "chrome/common/extensions/extension_constants.h" #include "chrome/common/jstemplate_builder.h" #include "chrome/common/page_zoom.h" #include "chrome/common/plugin_messages.h" @@ -3841,6 +3842,13 @@ void RenderView::OnExecuteCode(const ViewMsg_ExecuteCode_Params& params) { void RenderView::ExecuteCodeImpl(WebFrame* frame, const ViewMsg_ExecuteCode_Params& params) { + // Don't execute scripts in gallery pages. + GURL frame_url = GURL(frame->url()); + if (frame_url.host() == GURL(extension_urls::kGalleryBrowsePrefix).host()) { + Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true)); + return; + } + std::vector<WebFrame*> frame_vector; frame_vector.push_back(frame); if (params.all_frames) |