diff options
Diffstat (limited to 'extensions/renderer')
| -rw-r--r-- | extensions/renderer/programmatic_script_injector.cc | 33 | ||||
| -rw-r--r-- | extensions/renderer/programmatic_script_injector.h | 10 |
2 files changed, 29 insertions, 14 deletions
diff --git a/extensions/renderer/programmatic_script_injector.cc b/extensions/renderer/programmatic_script_injector.cc index 13f0a20..e19a4c9 100644 --- a/extensions/renderer/programmatic_script_injector.cc +++ b/extensions/renderer/programmatic_script_injector.cc @@ -13,14 +13,15 @@ #include "extensions/common/error_utils.h" #include "extensions/common/extension_messages.h" #include "extensions/common/manifest_constants.h" +#include "extensions/common/permissions/api_permission.h" #include "extensions/common/permissions/permissions_data.h" #include "extensions/renderer/injection_host.h" +#include "extensions/renderer/renderer_extension_registry.h" #include "extensions/renderer/script_context.h" #include "third_party/WebKit/public/platform/WebString.h" #include "third_party/WebKit/public/web/WebDocument.h" #include "third_party/WebKit/public/web/WebLocalFrame.h" #include "third_party/WebKit/public/web/WebScriptSource.h" -#include "url/origin.h" namespace extensions { @@ -31,8 +32,10 @@ ProgrammaticScriptInjector::ProgrammaticScriptInjector( url_( ScriptContext::GetDataSourceURLForFrame(render_frame->GetWebFrame())), finished_(false) { - effective_url_ = ScriptContext::GetEffectiveDocumentURL( - render_frame->GetWebFrame(), url_, params.match_about_blank); + if (url_.SchemeIs(url::kAboutScheme)) { + origin_for_about_error_ = + render_frame->GetWebFrame()->securityOrigin().toString().utf8(); + } } ProgrammaticScriptInjector::~ProgrammaticScriptInjector() { @@ -130,16 +133,15 @@ void ProgrammaticScriptInjector::OnWillNotInject( std::string error; switch (reason) { case NOT_ALLOWED: - if (url_.SchemeIs(url::kAboutScheme)) { + if (!CanShowUrlInError()) { + error = manifest_errors::kCannotAccessPage; + } else if (!origin_for_about_error_.empty()) { error = ErrorUtils::FormatErrorMessage( manifest_errors::kCannotAccessAboutUrl, url_.spec(), - url::Origin(effective_url_).Serialize()); + origin_for_about_error_); } else { - // TODO(?) It would be nice to show kCannotAccessPageWithUrl here if - // this is triggered by an extension with tabs permission. See - // https://codereview.chromium.org/1414223005/diff/1/extensions/ - // common/manifest_constants.cc#newcode269 - error = manifest_errors::kCannotAccessPage; + error = ErrorUtils::FormatErrorMessage( + manifest_errors::kCannotAccessPageWithUrl, url_.spec()); } break; case EXTENSION_REMOVED: // no special error here. @@ -149,6 +151,17 @@ void ProgrammaticScriptInjector::OnWillNotInject( Finish(error, render_frame); } +bool ProgrammaticScriptInjector::CanShowUrlInError() const { + if (params_->host_id.type() != HostID::EXTENSIONS) + return false; + const Extension* extension = + RendererExtensionRegistry::Get()->GetByID(params_->host_id.id()); + if (!extension) + return false; + return extension->permissions_data()->active_permissions().HasAPIPermission( + APIPermission::kTab); +} + UserScript::RunLocation ProgrammaticScriptInjector::GetRunLocation() const { return static_cast<UserScript::RunLocation>(params_->run_at); } diff --git a/extensions/renderer/programmatic_script_injector.h b/extensions/renderer/programmatic_script_injector.h index 159ff1c..a7af9ff 100644 --- a/extensions/renderer/programmatic_script_injector.h +++ b/extensions/renderer/programmatic_script_injector.h @@ -50,6 +50,9 @@ class ProgrammaticScriptInjector : public ScriptInjector { void OnWillNotInject(InjectFailureReason reason, content::RenderFrame* render_frame) override; + // Whether it is safe to include information about the URL in error messages. + bool CanShowUrlInError() const; + // Return the run location for this injector. UserScript::RunLocation GetRunLocation() const; @@ -63,10 +66,9 @@ class ProgrammaticScriptInjector : public ScriptInjector { // The url of the frame into which we are injecting. GURL url_; - // The URL of the frame's origin. This is usually identical to |url_|, but - // could be different for e.g. about:blank URLs. Do not use this value to make - // security decisions, to avoid race conditions (e.g. due to navigation). - GURL effective_url_; + // The serialization of the frame's origin if the frame is an about:-URL. This + // is used to provide user-friendly messages. + std::string origin_for_about_error_; // The results of the script execution. base::ListValue results_; |