Google Git
Sign in
chromium / chromium / src.git / 52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d^! / . / extensions / renderer / programmatic_script_injector.h
commit52277c872b368db45bc6d2f2bd9a4b7a0eb2ce8d[log] [tgz]
authorrob <[email protected]>Sun Feb 07 17:28:57 2016
committerCommit bot <[email protected]>Sun Feb 07 17:30:20 2016
tree98016ba6f92be725a32ab1d8b773781441548753
parent057f009b6b02d1e94409a6d88702f37a07598de0 [diff] [blame]
Add frameId to chrome.tabs.executeScript/insertCSS

- Re-implemented https://codereview.chromium.org/952473002/, with all
  checks at the browser side instead of just the renderer.

- Use the last committed URL for checking permissions instead of the
  visible URL. As a result, executeScript/insertCSS will now succeed in
  frames where the currently committed page is scriptable by extensions,
  but the target of the pending navigation is is not.

- ExecuteScript: Do not send IPC to non-live frames (they're not going
  to reply anyway).

- Include URL in the error if the extension has the tabs permission
  (follow-up to TODO from https://codereview.chromium.org/1414223005).

BUG=63979,551626
TEST=./browser_tests --gtest_filter=ExecuteScriptApiTest.*
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Review URL: https://codereview.chromium.org/1628423002

Cr-Commit-Position: refs/heads/master@{#374057}

diff --git a/extensions/renderer/programmatic_script_injector.h b/extensions/renderer/programmatic_script_injector.h
index 159ff1c5..a7af9ff38 100644
--- a/extensions/renderer/programmatic_script_injector.h
+++ b/extensions/renderer/programmatic_script_injector.h

@@ -50,6 +50,9 @@
   void OnWillNotInject(InjectFailureReason reason,
                        content::RenderFrame* render_frame) override;
 
+  // Whether it is safe to include information about the URL in error messages.
+  bool CanShowUrlInError() const;
+
   // Return the run location for this injector.
   UserScript::RunLocation GetRunLocation() const;
 
@@ -63,10 +66,9 @@
   // The url of the frame into which we are injecting.
   GURL url_;
 
-  // The URL of the frame's origin. This is usually identical to |url_|, but
-  // could be different for e.g. about:blank URLs. Do not use this value to make
-  // security decisions, to avoid race conditions (e.g. due to navigation).
-  GURL effective_url_;
+  // The serialization of the frame's origin if the frame is an about:-URL. This
+  // is used to provide user-friendly messages.
+  std::string origin_for_about_error_;
 
   // The results of the script execution.
   base::ListValue results_;