From 78bdfd66a90cb9425094aed19ab36eee18fe8171 Mon Sep 17 00:00:00 2001
From: "zelidrag@chromium.org"
 <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 23 Aug 2012 05:53:18 +0000
Subject: Added check to prevent extensions from injecting scrips into pages
 hosted in iframe context of other extensions (other than itself).

BUG=126257
TEST=ExtensionApiTest.ContentScriptOtherExtensions, added new checks to ExtensionScriptAndCaptureVisibleTest.Permissions

Review URL: https://chromiumcodereview.appspot.com/10863002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152955 0039d316-1c4b-4281-b951-d872f2087c98
---
 .../other_extensions/iframe_content.html           |  6 +++++
 .../other_extensions/iframe_content.js             | 15 +++++++++++
 .../other_extensions/injector/background.js        |  7 ++++++
 .../other_extensions/injector/inject.js            | 13 ++++++++++
 .../other_extensions/injector/manifest.json        | 16 ++++++++++++
 .../other_extensions/injector/test.html            |  6 +++++
 .../other_extensions/injector/test.js              | 29 ++++++++++++++++++++++
 .../other_extensions/victim/background.js          |  6 +++++
 .../other_extensions/victim/manifest.json          |  9 +++++++
 .../other_extensions/victim/test.html              |  6 +++++
 .../other_extensions/victim/test.js                | 29 ++++++++++++++++++++++
 11 files changed, 142 insertions(+)
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.html
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.js
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/background.js
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/inject.js
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/manifest.json
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.html
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.js
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/background.js
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/manifest.json
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.html
 create mode 100644 chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.js

(limited to 'chrome/test')

diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.html b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.html
new file mode 100644
index 0000000..c483df7
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.html
@@ -0,0 +1,6 @@
+<html>
+<script src="iframe_content.js"></script>
+<body>
+<div id="content">original</div>
+</body>
+</html>
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.js
new file mode 100644
index 0000000..0e794a0
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/iframe_content.js
@@ -0,0 +1,15 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+document.addEventListener('DOMContentLoaded', function() {
+  var id = window.setInterval(function() {
+    clearInterval(id);
+    var parent_extension_page = unescape(location.hash.replace('#', ''));
+
+    console.log('PAGE: Sending content to parent extension page - ' +
+                parent_extension_page);
+    window.parent.postMessage(document.getElementById('content').innerText,
+                              parent_extension_page);
+  }, 10);
+});
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/background.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/background.js
new file mode 100644
index 0000000..d0f305e
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/background.js
@@ -0,0 +1,7 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+console.log('INJECTOR: Loaded injector!');
+
+chrome.tabs.create({ url: "test.html" });
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/inject.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/inject.js
new file mode 100644
index 0000000..77f4c36
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/inject.js
@@ -0,0 +1,13 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+console.log('INJECTOR: Injecting content script!');
+
+var content = document.getElementById('content');
+if (content) {
+  content.innerText = 'Injected!!!';
+  console.log('INJECTOR: Changed content to: ' + content.innerText);
+} else {
+  console.log('INJECTOR: Cannot find content!?');
+}
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/manifest.json b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/manifest.json
new file mode 100644
index 0000000..f147a55
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/manifest.json
@@ -0,0 +1,16 @@
+{
+  "name": "content_script_extension_injector",
+  "version": "1.0",
+  "manifest_version": 2,
+  "description": "Tests extension that tried to inject content script in other extensions.",
+  "background": { "scripts": ["background.js"] },
+  "permissions": [ "*://*/*" ],
+  "content_scripts": [
+    {
+      "all_frames": true,
+      "run_at": "document_end",
+      "matches": ["http://a.com/*"],
+      "js": ["inject.js"]
+    }
+  ]
+}
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.html b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.html
new file mode 100644
index 0000000..297e47c
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.html
@@ -0,0 +1,6 @@
+<html>
+<script src="test.js"></script>
+<body>
+<iframe id="content_frame"></iframe>
+</body>
+</html>
\ No newline at end of file
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.js
new file mode 100644
index 0000000..e9e3bd4
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/injector/test.js
@@ -0,0 +1,29 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+chrome.test.runTests([
+  function content_self_inject_test() {
+    window.addEventListener('message', function(event) {
+        var msg = event.data;
+        if (msg == 'original') {
+          console.log('INJECTOR: No content changed.');
+          chrome.test.fail('INJECTOR: No content changed!');
+        } else {
+          console.log('INJECTOR: Successfully self-injected content - ' + msg);
+          chrome.test.succeed();
+        }
+      },
+      false);
+
+    chrome.test.getConfig(function(config) {
+      chrome.test.log("Creating tab...");
+      var test_url = ("http://a.com:PORT/files/extensions/api_test" +
+          "/content_scripts/other_extensions/iframe_content.html#" +
+          escape(chrome.extension.getURL("test.html")))
+          .replace(/PORT/, config.testServer.port);
+      console.log('Opening frame: ' + test_url);
+      document.getElementById('content_frame').src = test_url;
+    });
+  }
+]);
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/background.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/background.js
new file mode 100644
index 0000000..c48af9c
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/background.js
@@ -0,0 +1,6 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This extension just injects script into another one.
+chrome.tabs.create({ url: "test.html" });
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/manifest.json b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/manifest.json
new file mode 100644
index 0000000..2a2b958
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/manifest.json
@@ -0,0 +1,9 @@
+{
+  "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDke6VrlZje0o/th2Il/IM+u/cflzj7ZcqgFPWorrzpXc4mqD7Z0e8FZzZ4COfg28dwrsbCOcoj0Q7EKN+GnAGigFipfFwMOsp8NdA/hp0cgilsCcWZBbcBCofzmw0zf3JqKxMNqSRehvfSPT6qrTH5/7qX/bcycQqlpJtZOAV6sQIDAQAB",
+  "name": "content_script_extension_injector_victim",
+  "version": "1.0",
+  "manifest_version": 2,
+  "description": "Tests is used to test if another extension can inject its script.",
+  "permissions": [ "tabs" ],
+  "background": { "scripts": ["background.js"] }
+}
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.html b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.html
new file mode 100644
index 0000000..297e47c
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.html
@@ -0,0 +1,6 @@
+<html>
+<script src="test.js"></script>
+<body>
+<iframe id="content_frame"></iframe>
+</body>
+</html>
\ No newline at end of file
diff --git a/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.js b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.js
new file mode 100644
index 0000000..c3b8e30
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/content_scripts/other_extensions/victim/test.js
@@ -0,0 +1,29 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+chrome.test.runTests([
+  function content_test() {
+    window.addEventListener('message', function(event) {
+        var msg = event.data;
+        if (msg == 'original') {
+          console.log('VICTIM: No content changed.');
+          chrome.test.succeed();
+        } else {
+          console.log('VICTIM: Detected injected content - ' + msg);
+          chrome.test.fail('Content changed: ' + msg);
+        }
+      },
+      false);
+
+    chrome.test.getConfig(function(config) {
+      chrome.test.log("Creating tab...");
+      var test_url = ("http://a.com:PORT/files/extensions/api_test" +
+          "/content_scripts/other_extensions/iframe_content.html#" +
+          escape(chrome.extension.getURL("test.html")))
+          .replace(/PORT/, config.testServer.port);
+      console.log('Opening frame: ' + test_url);
+      document.getElementById('content_frame').src = test_url;
+    });
+  }
+]);
-- 
cgit v1.1