diff options
Diffstat (limited to 'chrome/renderer')
| -rw-r--r-- | chrome/renderer/extensions/extension_renderer_info.cc | 9 | ||||
| -rw-r--r-- | chrome/renderer/extensions/extension_renderer_info.h | 14 | ||||
| -rw-r--r-- | chrome/renderer/render_view.cc | 32 | ||||
| -rw-r--r-- | chrome/renderer/user_script_slave.cc | 30 |
4 files changed, 36 insertions, 49 deletions
diff --git a/chrome/renderer/extensions/extension_renderer_info.cc b/chrome/renderer/extensions/extension_renderer_info.cc index 24d0064..f4b61a1 100644 --- a/chrome/renderer/extensions/extension_renderer_info.cc +++ b/chrome/renderer/extensions/extension_renderer_info.cc @@ -11,8 +11,7 @@ // static std::vector<ExtensionRendererInfo>* ExtensionRendererInfo::extensions_ = NULL; -ExtensionRendererInfo::ExtensionRendererInfo() - : allowed_to_execute_script_everywhere_(false) { +ExtensionRendererInfo::ExtensionRendererInfo() { } ExtensionRendererInfo::ExtensionRendererInfo( @@ -21,9 +20,6 @@ ExtensionRendererInfo::ExtensionRendererInfo( web_extent_ = that.web_extent_; name_ = that.name_; icon_url_ = that.icon_url_; - allowed_to_execute_script_everywhere_ = - that.allowed_to_execute_script_everywhere_; - host_permissions_ = that.host_permissions_; } ExtensionRendererInfo::~ExtensionRendererInfo() { @@ -35,9 +31,6 @@ void ExtensionRendererInfo::Update(const ViewMsg_ExtensionRendererInfo& info) { name_ = info.name; location_ = info.location; icon_url_ = info.icon_url; - allowed_to_execute_script_everywhere_ = - info.allowed_to_execute_script_everywhere; - host_permissions_ = info.host_permissions; } // static diff --git a/chrome/renderer/extensions/extension_renderer_info.h b/chrome/renderer/extensions/extension_renderer_info.h index b9b74e5..926f275 100644 --- a/chrome/renderer/extensions/extension_renderer_info.h +++ b/chrome/renderer/extensions/extension_renderer_info.h @@ -29,12 +29,6 @@ class ExtensionRendererInfo { const ExtensionExtent& web_extent() const { return web_extent_; } const std::string& name() const { return name_; } const GURL& icon_url() const { return icon_url_; } - const bool allowed_to_execute_script_everywhere() const { - return allowed_to_execute_script_everywhere_; - } - const std::vector<URLPattern> host_permissions() const { - return host_permissions_; - } // Replace the list of extensions with those provided in |params|. static void UpdateExtensions(const ViewMsg_ExtensionsUpdated_Params& params); @@ -73,14 +67,6 @@ class ExtensionRendererInfo { Extension::Location location_; GURL icon_url_; - // Some internal extensions, such as accessibility extensions, should be able - // to execute scripts everywhere. - bool allowed_to_execute_script_everywhere_; - - // The list of host permissions, that the extension is allowed to run scripts - // on. - std::vector<URLPattern> host_permissions_; - // static static std::vector<ExtensionRendererInfo>* extensions_; }; diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc index d80b160..9d07d18 100644 --- a/chrome/renderer/render_view.cc +++ b/chrome/renderer/render_view.cc @@ -308,6 +308,16 @@ static void GetRedirectChain(WebDataSource* ds, std::vector<GURL>* result) { result->push_back(urls[i]); } +static bool UrlMatchesPermissions( + const GURL& url, const std::vector<URLPattern>& host_permissions) { + for (size_t i = 0; i < host_permissions.size(); ++i) { + if (host_permissions[i].MatchesUrl(url)) + return true; + } + + return false; +} + static bool PaintViewIntoCanvas(WebView* view, skia::PlatformCanvas& canvas) { view->layout(); @@ -5623,6 +5633,15 @@ void RenderView::OnExecuteCode(const ViewMsg_ExecuteCode_Params& params) { void RenderView::ExecuteCodeImpl(WebFrame* frame, const ViewMsg_ExecuteCode_Params& params) { + // Don't execute scripts in gallery pages. + GURL frame_url = GURL(frame->url()); + if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host() + && !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowScriptingGallery)) { + Send(new ViewMsg_ExecuteCodeFinished(routing_id_, params.request_id, true)); + return; + } + std::vector<WebFrame*> frame_vector; frame_vector.push_back(frame); if (params.all_frames) @@ -5632,19 +5651,8 @@ void RenderView::ExecuteCodeImpl(WebFrame* frame, frame_it != frame_vector.end(); ++frame_it) { WebFrame* frame = *frame_it; if (params.is_javascript) { - ExtensionRendererInfo* extension = - ExtensionRendererInfo::GetByID(params.extension_id); - - const std::vector<URLPattern> host_permissions = - extension->host_permissions(); - if (!Extension::CanExecuteScriptOnPage( - frame->url(), - extension->allowed_to_execute_script_everywhere(), - &host_permissions, - NULL, - NULL)) { + if (!UrlMatchesPermissions(frame->url(), params.host_permissions)) continue; - } std::vector<WebScriptSource> sources; sources.push_back( diff --git a/chrome/renderer/user_script_slave.cc b/chrome/renderer/user_script_slave.cc index 032406f..64849aa 100644 --- a/chrome/renderer/user_script_slave.cc +++ b/chrome/renderer/user_script_slave.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2009 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -16,7 +16,6 @@ #include "chrome/common/extensions/extension.h" #include "chrome/common/url_constants.h" #include "chrome/renderer/extension_groups.h" -#include "chrome/renderer/extensions/extension_renderer_info.h" #include "chrome/renderer/render_thread.h" #include "googleurl/src/gurl.h" #include "third_party/WebKit/WebKit/chromium/public/WebFrame.h" @@ -67,8 +66,7 @@ UserScriptSlave::UserScriptSlave() IDR_GREASEMONKEY_API_JS); } -void UserScriptSlave::GetActiveExtensions( - std::set<std::string>* extension_ids) { +void UserScriptSlave::GetActiveExtensions(std::set<std::string>* extension_ids) { for (size_t i = 0; i < scripts_.size(); ++i) { DCHECK(!scripts_[i]->extension_id().empty()); extension_ids->insert(scripts_[i]->extension_id()); @@ -187,9 +185,19 @@ void UserScriptSlave::InsertInitExtensionCode( void UserScriptSlave::InjectScripts(WebFrame* frame, UserScript::RunLocation location) { GURL frame_url = GURL(frame->url()); - if (frame_url.is_empty()) + // Don't bother if this is not a URL we inject script into. + if (!URLPattern(UserScript::kValidUserScriptSchemes).IsValidScheme( + frame_url.scheme())) return; + // Don't inject user scripts into the gallery itself. This prevents + // a user script from removing the "report abuse" link, for example. + if (frame_url.host() == GURL(Extension::ChromeStoreURL()).host() + && !CommandLine::ForCurrentProcess()->HasSwitch( + switches::kAllowScriptingGallery)) { + return; + } + PerfTimer timer; int num_css = 0; int num_scripts = 0; @@ -201,16 +209,8 @@ void UserScriptSlave::InjectScripts(WebFrame* frame, if (frame->parent() && !script->match_all_frames()) continue; // Only match subframes if the script declared it wanted to. - ExtensionRendererInfo* extension = - ExtensionRendererInfo::GetByID(script->extension_id()); - if (!Extension::CanExecuteScriptOnPage( - frame_url, - extension->allowed_to_execute_script_everywhere(), - NULL, - script, - NULL)) { - continue; - } + if (!script->MatchesUrl(frame->url())) + continue; // This frame doesn't match the script url pattern, skip it. if (frame_url.SchemeIsFile() && !script->allow_file_access()) continue; // This script isn't allowed to run on file URLs. |