search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Android WebViewShell] Add inclusion test for webview exposed stable interfaces.
[chromium-blink-merge.git] / extensions / renderer / script_context.cc
blob93214688f913cc0a009f392e918302d5d443cd8a
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "extensions/renderer/script_context.h"
6
7 #include "base/logging.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/string_split.h"
10 #include "base/strings/string_util.h"
11 #include "base/strings/stringprintf.h"
12 #include "base/values.h"
13 #include "content/public/child/v8_value_converter.h"
14 #include "content/public/common/url_constants.h"
15 #include "content/public/renderer/render_frame.h"
16 #include "extensions/common/constants.h"
17 #include "extensions/common/extension.h"
18 #include "extensions/common/extension_api.h"
19 #include "extensions/common/extension_set.h"
20 #include "extensions/common/extension_urls.h"
21 #include "extensions/common/features/base_feature_provider.h"
22 #include "extensions/common/manifest_handlers/sandboxed_page_info.h"
23 #include "extensions/common/permissions/permissions_data.h"
24 #include "gin/per_context_data.h"
25 #include "third_party/WebKit/public/web/WebDataSource.h"
26 #include "third_party/WebKit/public/web/WebDocument.h"
27 #include "third_party/WebKit/public/web/WebFrame.h"
28 #include "third_party/WebKit/public/web/WebLocalFrame.h"
29 #include "third_party/WebKit/public/web/WebScopedMicrotaskSuppression.h"
30 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
31 #include "third_party/WebKit/public/web/WebView.h"
32 #include "v8/include/v8.h"
33
34 using content::V8ValueConverter;
35
36 namespace extensions {
37
38 namespace {
39
40 std::string GetContextTypeDescriptionString(Feature::Context context_type) {
41 switch (context_type) {
42 case Feature::UNSPECIFIED_CONTEXT:
43 return "UNSPECIFIED";
44 case Feature::BLESSED_EXTENSION_CONTEXT:
45 return "BLESSED_EXTENSION";
46 case Feature::UNBLESSED_EXTENSION_CONTEXT:
47 return "UNBLESSED_EXTENSION";
48 case Feature::CONTENT_SCRIPT_CONTEXT:
49 return "CONTENT_SCRIPT";
50 case Feature::WEB_PAGE_CONTEXT:
51 return "WEB_PAGE";
52 case Feature::BLESSED_WEB_PAGE_CONTEXT:
53 return "BLESSED_WEB_PAGE";
54 case Feature::WEBUI_CONTEXT:
55 return "WEBUI";
56 }
57 NOTREACHED();
58 return std::string();
59 }
60
61 static std::string ToStringOrDefault(
62 const v8::Local<v8::String>& v8_string,
63 const std::string& dflt) {
64 if (v8_string.IsEmpty())
65 return dflt;
66 std::string ascii_value = *v8::String::Utf8Value(v8_string);
67 return ascii_value.empty() ? dflt : ascii_value;
68 }
69
70 } // namespace
71
72 // A gin::Runner that delegates to its ScriptContext.
73 class ScriptContext::Runner : public gin::Runner {
74 public:
75 explicit Runner(ScriptContext* context);
76
77 // gin::Runner overrides.
78 void Run(const std::string& source,
79 const std::string& resource_name) override;
80 v8::Local<v8::Value> Call(v8::Local<v8::Function> function,
81 v8::Local<v8::Value> receiver,
82 int argc,
83 v8::Local<v8::Value> argv[]) override;
84 gin::ContextHolder* GetContextHolder() override;
85
86 private:
87 ScriptContext* context_;
88 };
89
90 ScriptContext::ScriptContext(const v8::Local<v8::Context>& v8_context,
91 blink::WebLocalFrame* web_frame,
92 const Extension* extension,
93 Feature::Context context_type,
94 const Extension* effective_extension,
95 Feature::Context effective_context_type)
96 : is_valid_(true),
97 v8_context_(v8_context->GetIsolate(), v8_context),
98 web_frame_(web_frame),
99 extension_(extension),
100 context_type_(context_type),
101 effective_extension_(effective_extension),
102 effective_context_type_(effective_context_type),
103 safe_builtins_(this),
104 isolate_(v8_context->GetIsolate()),
105 url_(web_frame_ ? GetDataSourceURLForFrame(web_frame_) : GURL()),
106 runner_(new Runner(this)) {
107 VLOG(1) << "Created context:\n" << GetDebugString();
108 gin::PerContextData* gin_data = gin::PerContextData::From(v8_context);
109 CHECK(gin_data); // may fail if the v8::Context hasn't been registered yet
110 gin_data->set_runner(runner_.get());
111 }
112
113 ScriptContext::~ScriptContext() {
114 VLOG(1) << "Destroyed context for extension\n"
115 << " extension id: " << GetExtensionID() << "\n"
116 << " effective extension id: "
117 << (effective_extension_.get() ? effective_extension_->id() : "");
118 CHECK(!is_valid_) << "ScriptContexts must be invalidated before destruction";
119 }
120
121 // static
122 bool ScriptContext::IsSandboxedPage(const ExtensionSet& extensions,
123 const GURL& url) {
124 // TODO(kalman): This is checking the wrong thing. See comment in
125 // HasAccessOrThrowError.
126 if (url.SchemeIs(kExtensionScheme)) {
127 const Extension* extension = extensions.GetByID(url.host());
128 if (extension) {
129 return SandboxedPageInfo::IsSandboxedPage(extension, url.path());
130 }
131 }
132 return false;
133 }
134
135 void ScriptContext::Invalidate() {
136 CHECK(is_valid_);
137 is_valid_ = false;
138
139 // TODO(kalman): Make ModuleSystem use AddInvalidationObserver.
140 // Ownership graph is a bit weird here.
141 if (module_system_)
142 module_system_->Invalidate();
143
144 // Swap |invalidate_observers_| to a local variable to clear it, and to make
145 // sure it's not mutated as we iterate.
146 std::vector<base::Closure> observers;
147 observers.swap(invalidate_observers_);
148 for (const base::Closure& observer : observers) {
149 observer.Run();
150 }
151 DCHECK(invalidate_observers_.empty())
152 << "Invalidation observers cannot be added during invalidation";
153
154 runner_.reset();
155 v8_context_.Reset();
156 }
157
158 void ScriptContext::AddInvalidationObserver(const base::Closure& observer) {
159 invalidate_observers_.push_back(observer);
160 }
161
162 const std::string& ScriptContext::GetExtensionID() const {
163 return extension_.get() ? extension_->id() : base::EmptyString();
164 }
165
166 content::RenderFrame* ScriptContext::GetRenderFrame() const {
167 if (web_frame_)
168 return content::RenderFrame::FromWebFrame(web_frame_);
169 return NULL;
170 }
171
172 v8::Local<v8::Value> ScriptContext::CallFunction(
173 const v8::Local<v8::Function>& function,
174 int argc,
175 v8::Local<v8::Value> argv[]) const {
176 v8::EscapableHandleScope handle_scope(isolate());
177 v8::Context::Scope scope(v8_context());
178
179 blink::WebScopedMicrotaskSuppression suppression;
180 if (!is_valid_) {
181 return handle_scope.Escape(
182 v8::Local<v8::Primitive>(v8::Undefined(isolate())));
183 }
184
185 v8::Local<v8::Object> global = v8_context()->Global();
186 if (!web_frame_)
187 return handle_scope.Escape(function->Call(global, argc, argv));
188 return handle_scope.Escape(
189 v8::Local<v8::Value>(web_frame_->callFunctionEvenIfScriptDisabled(
190 function, global, argc, argv)));
191 }
192
193 v8::Local<v8::Value> ScriptContext::CallFunction(
194 const v8::Local<v8::Function>& function) const {
195 return CallFunction(function, 0, nullptr);
196 }
197
198 Feature::Availability ScriptContext::GetAvailability(
199 const std::string& api_name) {
200 // Hack: Hosted apps should have the availability of messaging APIs based on
201 // the URL of the page (which might have access depending on some extension
202 // with externally_connectable), not whether the app has access to messaging
203 // (which it won't).
204 const Extension* extension = extension_.get();
205 if (extension && extension->is_hosted_app() &&
206 (api_name == "runtime.connect" || api_name == "runtime.sendMessage")) {
207 extension = NULL;
208 }
209 return ExtensionAPI::GetSharedInstance()->IsAvailable(
210 api_name, extension, context_type_, GetURL());
211 }
212
213 void ScriptContext::DispatchEvent(const char* event_name,
214 v8::Local<v8::Array> args) const {
215 v8::HandleScope handle_scope(isolate());
216 v8::Context::Scope context_scope(v8_context());
217
218 v8::Local<v8::Value> argv[] = {v8::String::NewFromUtf8(isolate(), event_name),
219 args};
220 module_system_->CallModuleMethod(
221 kEventBindings, "dispatchEvent", arraysize(argv), argv);
222 }
223
224 void ScriptContext::DispatchOnUnloadEvent() {
225 v8::HandleScope handle_scope(isolate());
226 v8::Context::Scope context_scope(v8_context());
227 module_system_->CallModuleMethod("unload_event", "dispatch");
228 }
229
230 std::string ScriptContext::GetContextTypeDescription() const {
231 return GetContextTypeDescriptionString(context_type_);
232 }
233
234 std::string ScriptContext::GetEffectiveContextTypeDescription() const {
235 return GetContextTypeDescriptionString(effective_context_type_);
236 }
237
238 GURL ScriptContext::GetURL() const {
239 return url_;
240 }
241
242 bool ScriptContext::IsAnyFeatureAvailableToContext(const Feature& api) {
243 return ExtensionAPI::GetSharedInstance()->IsAnyFeatureAvailableToContext(
244 api, extension(), context_type(), GetDataSourceURLForFrame(web_frame()));
245 }
246
247 // static
248 GURL ScriptContext::GetDataSourceURLForFrame(const blink::WebFrame* frame) {
249 // Normally we would use frame->document().url() to determine the document's
250 // URL, but to decide whether to inject a content script, we use the URL from
251 // the data source. This "quirk" helps prevents content scripts from
252 // inadvertently adding DOM elements to the compose iframe in Gmail because
253 // the compose iframe's dataSource URL is about:blank, but the document URL
254 // changes to match the parent document after Gmail document.writes into
255 // it to create the editor.
256 // http://code.google.com/p/chromium/issues/detail?id=86742
257 blink::WebDataSource* data_source = frame->provisionalDataSource()
258 ? frame->provisionalDataSource()
259 : frame->dataSource();
260 return data_source ? GURL(data_source->request().url()) : GURL();
261 }
262
263 // static
264 GURL ScriptContext::GetEffectiveDocumentURL(const blink::WebFrame* frame,
265 const GURL& document_url,
266 bool match_about_blank) {
267 // Common scenario. If |match_about_blank| is false (as is the case in most
268 // extensions), or if the frame is not an about:-page, just return
269 // |document_url| (supposedly the URL of the frame).
270 if (!match_about_blank || !document_url.SchemeIs(url::kAboutScheme))
271 return document_url;
272
273 // Non-sandboxed about:blank and about:srcdoc pages inherit their security
274 // origin from their parent frame/window. So, traverse the frame/window
275 // hierarchy to find the closest non-about:-page and return its URL.
276 const blink::WebFrame* parent = frame;
277 do {
278 parent = parent->parent() ? parent->parent() : parent->opener();
279 } while (parent != NULL && !parent->document().isNull() &&
280 GURL(parent->document().url()).SchemeIs(url::kAboutScheme));
281
282 if (parent && !parent->document().isNull()) {
283 // Only return the parent URL if the frame can access it.
284 const blink::WebDocument& parent_document = parent->document();
285 if (frame->document().securityOrigin().canAccess(
286 parent_document.securityOrigin()))
287 return parent_document.url();
288 }
289 return document_url;
290 }
291
292 ScriptContext* ScriptContext::GetContext() { return this; }
293
294 void ScriptContext::OnResponseReceived(const std::string& name,
295 int request_id,
296 bool success,
297 const base::ListValue& response,
298 const std::string& error) {
299 v8::HandleScope handle_scope(isolate());
300
301 scoped_ptr<V8ValueConverter> converter(V8ValueConverter::create());
302 v8::Local<v8::Value> argv[] = {
303 v8::Integer::New(isolate(), request_id),
304 v8::String::NewFromUtf8(isolate(), name.c_str()),
305 v8::Boolean::New(isolate(), success),
306 converter->ToV8Value(&response,
307 v8::Local<v8::Context>::New(isolate(), v8_context_)),
308 v8::String::NewFromUtf8(isolate(), error.c_str())};
309
310 v8::Local<v8::Value> retval = module_system()->CallModuleMethod(
311 "sendRequest", "handleResponse", arraysize(argv), argv);
312
313 // In debug, the js will validate the callback parameters and return a
314 // string if a validation error has occured.
315 DCHECK(retval.IsEmpty() || retval->IsUndefined())
316 << *v8::String::Utf8Value(retval);
317 }
318
319 void ScriptContext::SetContentCapabilities(
320 const APIPermissionSet& permissions) {
321 content_capabilities_ = permissions;
322 }
323
324 bool ScriptContext::HasAPIPermission(APIPermission::ID permission) const {
325 if (effective_extension_.get()) {
326 return effective_extension_->permissions_data()->HasAPIPermission(
327 permission);
328 } else if (context_type() == Feature::WEB_PAGE_CONTEXT) {
329 // Only web page contexts may be granted content capabilities. Other
330 // contexts are either privileged WebUI or extensions with their own set of
331 // permissions.
332 if (content_capabilities_.find(permission) != content_capabilities_.end())
333 return true;
334 }
335 return false;
336 }
337
338 bool ScriptContext::HasAccessOrThrowError(const std::string& name) {
339 // Theoretically[1] we could end up with bindings being injected into
340 // sandboxed frames, for example content scripts. Don't let them execute API
341 // functions.
342 //
343 // In any case, this check is silly. The frame's document's security origin
344 // already tells us if it's sandboxed. The only problem is that until
345 // crbug.com/466373 is fixed, we don't know the security origin up-front and
346 // may not know it here, either.
347 //
348 // [1] citation needed. This ScriptContext should already be in a state that
349 // doesn't allow this, from ScriptContextSet::ClassifyJavaScriptContext.
350 if (extension() &&
351 SandboxedPageInfo::IsSandboxedPage(extension(), url_.path())) {
352 static const char kMessage[] =
353 "%s cannot be used within a sandboxed frame.";
354 std::string error_msg = base::StringPrintf(kMessage, name.c_str());
355 isolate()->ThrowException(v8::Exception::Error(
356 v8::String::NewFromUtf8(isolate(), error_msg.c_str())));
357 return false;
358 }
359
360 Feature::Availability availability = GetAvailability(name);
361 if (!availability.is_available()) {
362 isolate()->ThrowException(v8::Exception::Error(
363 v8::String::NewFromUtf8(isolate(), availability.message().c_str())));
364 return false;
365 }
366
367 return true;
368 }
369
370 std::string ScriptContext::GetDebugString() const {
371 return base::StringPrintf(
372 " extension id: %s\n"
373 " frame: %p\n"
374 " URL: %s\n"
375 " context_type: %s\n"
376 " effective extension id: %s\n"
377 " effective context type: %s",
378 extension_.get() ? extension_->id().c_str() : "(none)", web_frame_,
379 GetURL().spec().c_str(), GetContextTypeDescription().c_str(),
380 effective_extension_.get() ? effective_extension_->id().c_str()
381 : "(none)",
382 GetEffectiveContextTypeDescription().c_str());
383 }
384
385 std::string ScriptContext::GetStackTraceAsString() const {
386 v8::Local<v8::StackTrace> stack_trace =
387 v8::StackTrace::CurrentStackTrace(isolate(), 10);
388 if (stack_trace.IsEmpty() || stack_trace->GetFrameCount() <= 0) {
389 return " <no stack trace>";
390 } else {
391 std::string result;
392 for (int i = 0; i < stack_trace->GetFrameCount(); ++i) {
393 v8::Local<v8::StackFrame> frame = stack_trace->GetFrame(i);
394 CHECK(!frame.IsEmpty());
395 result += base::StringPrintf(
396 "\n at %s (%s:%d:%d)",
397 ToStringOrDefault(frame->GetFunctionName(), "<anonymous>").c_str(),
398 ToStringOrDefault(frame->GetScriptName(), "<anonymous>").c_str(),
399 frame->GetLineNumber(),
400 frame->GetColumn());
401 }
402 return result;
403 }
404 }
405
406 ScriptContext::Runner::Runner(ScriptContext* context) : context_(context) {
407 }
408
409 void ScriptContext::Runner::Run(const std::string& source,
410 const std::string& resource_name) {
411 context_->module_system()->RunString(source, resource_name);
412 }
413
414 v8::Local<v8::Value> ScriptContext::Runner::Call(
415 v8::Local<v8::Function> function,
416 v8::Local<v8::Value> receiver,
417 int argc,
418 v8::Local<v8::Value> argv[]) {
419 return context_->CallFunction(function, argc, argv);
420 }
421
422 gin::ContextHolder* ScriptContext::Runner::GetContextHolder() {
423 v8::HandleScope handle_scope(context_->isolate());
424 return gin::PerContextData::From(context_->v8_context())->context_holder();
425 }
426
427 } // namespace extensions