extensions/renderer/extension_injection_host.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "extensions/common/extension_set.h"
#include "extensions/common/manifest_handlers/csp_info.h"
#include "extensions/renderer/extension_injection_host.h"

namespace extensions {

ExtensionInjectionHost::ExtensionInjectionHost(
    const Extension* extension)
    : InjectionHost(HostID(HostID::EXTENSIONS, extension->id())),
      extension_(extension) {
}

ExtensionInjectionHost::~ExtensionInjectionHost() {
}

// static
scoped_ptr<const InjectionHost> ExtensionInjectionHost::Create(
    const std::string& extension_id,
    const ExtensionSet* extensions) {
  const Extension* extension = extensions->GetByID(extension_id);
  if (!extension)
    return scoped_ptr<const ExtensionInjectionHost>();
  return scoped_ptr<const ExtensionInjectionHost>(
      new ExtensionInjectionHost(extension));
}

std::string ExtensionInjectionHost::GetContentSecurityPolicy() const {
  return CSPInfo::GetContentSecurityPolicy(extension_);
}

const GURL& ExtensionInjectionHost::url() const {
  return extension_->url();
}

const std::string& ExtensionInjectionHost::name() const {
  return extension_->name();
}

PermissionsData::AccessType ExtensionInjectionHost::CanExecuteOnFrame(
    const GURL& document_url,
    const GURL& top_frame_url,
    int tab_id,
    bool is_declarative) const {
  // If we don't have a tab id, we have no UI surface to ask for user consent.
  // For now, we treat this as an automatic allow.
  if (tab_id == -1)
    return PermissionsData::ACCESS_ALLOWED;

  // Declarative user scripts use "page access" (from "permissions" section in
  // manifest) whereas non-declarative user scripts use custom
  // "content script access" logic.
  if (is_declarative) {
    return extension_->permissions_data()->GetPageAccess(
        extension_,
        document_url,
        top_frame_url,
        tab_id,
        -1,  // no process id
        nullptr /* ignore error */);
  } else {
    return extension_->permissions_data()->GetContentScriptAccess(
        extension_,
        document_url,
        top_frame_url,
        tab_id,
        -1,  // no process id
        nullptr /* ignore error */);
  }
}

bool ExtensionInjectionHost::ShouldNotifyBrowserOfInjection() const {
  // We notify the browser of any injection if the extension has no withheld
  // permissions (i.e., the permissions weren't restricted), but would have
  // otherwise been affected by the scripts-require-action feature.
  return extension_->permissions_data()->withheld_permissions()->IsEmpty() &&
         PermissionsData::ScriptsMayRequireActionForExtension(
             extension_,
             extension_->permissions_data()->active_permissions().get());
}

}  // namespace extensions