extensions/renderer/user_script_injector.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "extensions/renderer/user_script_injector.h"
   6
   7 #include <vector>
   8
   9 #include "base/lazy_instance.h"
  10 #include "content/public/common/url_constants.h"
  11 #include "extensions/common/extension.h"
  12 #include "extensions/common/permissions/permissions_data.h"
  13 #include "extensions/renderer/script_context.h"
  14 #include "extensions/renderer/scripts_run_info.h"
  15 #include "grit/extensions_renderer_resources.h"
  16 #include "third_party/WebKit/public/web/WebDocument.h"
  17 #include "third_party/WebKit/public/web/WebFrame.h"
  18 #include "third_party/WebKit/public/web/WebScriptSource.h"
  19 #include "ui/base/resource/resource_bundle.h"
  20 #include "url/gurl.h"
  21
  22 namespace extensions {
  23
  24 namespace {
  25
  26 // These two strings are injected before and after the Greasemonkey API and
  27 // user script to wrap it in an anonymous scope.
  28 const char kUserScriptHead[] = "(function (unsafeWindow) {\n";
  29 const char kUserScriptTail[] = "\n})(window);";
  30
  31 // Greasemonkey API source that is injected with the scripts.
  32 struct GreasemonkeyApiJsString {
  33   GreasemonkeyApiJsString();
  34   blink::WebScriptSource GetSource() const;
  35
  36  private:
  37   std::string source_;
  38 };
  39
  40 // The below constructor, monstrous as it is, just makes a WebScriptSource from
  41 // the GreasemonkeyApiJs resource.
  42 GreasemonkeyApiJsString::GreasemonkeyApiJsString()
  43     : source_(ResourceBundle::GetSharedInstance()
  44                   .GetRawDataResource(IDR_GREASEMONKEY_API_JS)
  45                   .as_string()) {
  46 }
  47
  48 blink::WebScriptSource GreasemonkeyApiJsString::GetSource() const {
  49   return blink::WebScriptSource(blink::WebString::fromUTF8(source_));
  50 }
  51
  52 base::LazyInstance<GreasemonkeyApiJsString> g_greasemonkey_api =
  53     LAZY_INSTANCE_INITIALIZER;
  54
  55 }  // namespace
  56
  57 UserScriptInjector::UserScriptInjector(
  58     const UserScript* script,
  59     UserScriptSet* script_list)
  60     : script_(script),
  61       script_id_(script_->id()),
  62       extension_id_(script_->extension_id()),
  63       user_script_set_observer_(this) {
  64   user_script_set_observer_.Add(script_list);
  65 }
  66
  67 UserScriptInjector::~UserScriptInjector() {
  68 }
  69
  70 void UserScriptInjector::OnUserScriptsUpdated(
  71     const std::set<std::string>& changed_extensions,
  72     const std::vector<UserScript*>& scripts) {
  73   // If the extension causing this injection changed, then this injection
  74   // will be removed, and there's no guarantee the backing script still exists.
  75   if (changed_extensions.count(extension_id_) > 0)
  76     return;
  77
  78   for (std::vector<UserScript*>::const_iterator iter = scripts.begin();
  79        iter != scripts.end();
  80        ++iter) {
  81     // We need to compare to |script_id_| (and not to script_->id()) because the
  82     // old |script_| may be deleted by now.
  83     if ((*iter)->id() == script_id_) {
  84       script_ = *iter;
  85       break;
  86     }
  87   }
  88 }
  89
  90 UserScript::InjectionType UserScriptInjector::script_type() const {
  91   return UserScript::CONTENT_SCRIPT;
  92 }
  93
  94 bool UserScriptInjector::ShouldExecuteInChildFrames() const {
  95   return false;
  96 }
  97
  98 bool UserScriptInjector::ShouldExecuteInMainWorld() const {
  99   return false;
 100 }
 101
 102 bool UserScriptInjector::IsUserGesture() const {
 103   return false;
 104 }
 105
 106 bool UserScriptInjector::ExpectsResults() const {
 107   return false;
 108 }
 109
 110 bool UserScriptInjector::ShouldInjectJs(
 111     UserScript::RunLocation run_location) const {
 112   return script_->run_location() == run_location &&
 113          !script_->js_scripts().empty();
 114 }
 115
 116 bool UserScriptInjector::ShouldInjectCss(
 117     UserScript::RunLocation run_location) const {
 118   return run_location == UserScript::DOCUMENT_START &&
 119          !script_->css_scripts().empty();
 120 }
 121
 122 PermissionsData::AccessType UserScriptInjector::CanExecuteOnFrame(
 123     const Extension* extension,
 124     blink::WebFrame* web_frame,
 125     int tab_id,
 126     const GURL& top_url) const {
 127   // If we don't have a tab id, we have no UI surface to ask for user consent.
 128   // For now, we treat this as an automatic allow.
 129   if (tab_id == -1)
 130     return PermissionsData::ACCESS_ALLOWED;
 131
 132   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
 133       web_frame, web_frame->document().url(), script_->match_about_blank());
 134
 135   return extension->permissions_data()->GetContentScriptAccess(
 136       extension,
 137       effective_document_url,
 138       top_url,
 139       tab_id,
 140       -1,  // no process id
 141       NULL /* ignore error */);
 142 }
 143
 144 std::vector<blink::WebScriptSource> UserScriptInjector::GetJsSources(
 145     UserScript::RunLocation run_location) const {
 146   DCHECK_EQ(script_->run_location(), run_location);
 147
 148   std::vector<blink::WebScriptSource> sources;
 149   const UserScript::FileList& js_scripts = script_->js_scripts();
 150   bool is_standalone_or_emulate_greasemonkey =
 151       script_->is_standalone() || script_->emulate_greasemonkey();
 152
 153   for (UserScript::FileList::const_iterator iter = js_scripts.begin();
 154        iter != js_scripts.end();
 155        ++iter) {
 156     std::string content = iter->GetContent().as_string();
 157
 158     // We add this dumb function wrapper for standalone user script to
 159     // emulate what Greasemonkey does.
 160     // TODO(aa): I think that maybe "is_standalone" scripts don't exist
 161     // anymore. Investigate.
 162     if (is_standalone_or_emulate_greasemonkey) {
 163       content.insert(0, kUserScriptHead);
 164       content += kUserScriptTail;
 165     }
 166     sources.push_back(blink::WebScriptSource(
 167         blink::WebString::fromUTF8(content), iter->url()));
 168   }
 169
 170   // Emulate Greasemonkey API for scripts that were converted to extensions
 171   // and "standalone" user scripts.
 172   if (is_standalone_or_emulate_greasemonkey)
 173     sources.insert(sources.begin(), g_greasemonkey_api.Get().GetSource());
 174
 175   return sources;
 176 }
 177
 178 std::vector<std::string> UserScriptInjector::GetCssSources(
 179     UserScript::RunLocation run_location) const {
 180   DCHECK_EQ(UserScript::DOCUMENT_START, run_location);
 181
 182   std::vector<std::string> sources;
 183   const UserScript::FileList& css_scripts = script_->css_scripts();
 184   for (UserScript::FileList::const_iterator iter = css_scripts.begin();
 185        iter != css_scripts.end();
 186        ++iter) {
 187     sources.push_back(iter->GetContent().as_string());
 188   }
 189   return sources;
 190 }
 191
 192 void UserScriptInjector::OnInjectionComplete(
 193     scoped_ptr<base::ListValue> execution_results,
 194     ScriptsRunInfo* scripts_run_info,
 195     UserScript::RunLocation run_location) {
 196   if (ShouldInjectJs(run_location)) {
 197     const UserScript::FileList& js_scripts = script_->js_scripts();
 198     scripts_run_info->num_js += js_scripts.size();
 199     for (UserScript::FileList::const_iterator iter = js_scripts.begin();
 200          iter != js_scripts.end();
 201          ++iter) {
 202       scripts_run_info->executing_scripts[extension_id_].insert(
 203           iter->url().path());
 204     }
 205   }
 206
 207   if (ShouldInjectCss(run_location))
 208     scripts_run_info->num_css += script_->css_scripts().size();
 209 }
 210
 211 void UserScriptInjector::OnWillNotInject(InjectFailureReason reason) {
 212 }
 213
 214 }  // namespace extensions