extensions/renderer/script_context.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   6 #define EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "base/compiler_specific.h"
  14 #include "extensions/common/features/feature.h"
  15 #include "extensions/common/permissions/api_permission_set.h"
  16 #include "extensions/renderer/module_system.h"
  17 #include "extensions/renderer/request_sender.h"
  18 #include "extensions/renderer/safe_builtins.h"
  19 #include "gin/runner.h"
  20 #include "url/gurl.h"
  21 #include "v8/include/v8.h"
  22
  23 namespace blink {
  24 class WebFrame;
  25 class WebLocalFrame;
  26 }
  27
  28 namespace content {
  29 class RenderFrame;
  30 class RenderView;
  31 }
  32
  33 namespace extensions {
  34 class Extension;
  35 class ExtensionSet;
  36
  37 // Extensions wrapper for a v8 context.
  38 class ScriptContext : public RequestSender::Source {
  39  public:
  40   ScriptContext(const v8::Handle<v8::Context>& context,
  41                 blink::WebLocalFrame* frame,
  42                 const Extension* extension,
  43                 Feature::Context context_type,
  44                 const Extension* effective_extension,
  45                 Feature::Context effective_context_type);
  46   ~ScriptContext() override;
  47
  48   // Returns whether |url| from any Extension in |extension_set| is sandboxed,
  49   // as declared in each Extension's manifest.
  50   // TODO(kalman): Delete this when crbug.com/466373 is fixed.
  51   // See comment in HasAccessOrThrowError.
  52   static bool IsSandboxedPage(const ExtensionSet& extension_set,
  53                               const GURL& url);
  54
  55   // Clears the WebFrame for this contexts and invalidates the associated
  56   // ModuleSystem.
  57   void Invalidate();
  58
  59   // Registers |observer| to be run when this context is invalidated. Closures
  60   // are run immediately when Invalidate() is called, not in a message loop.
  61   void AddInvalidationObserver(const base::Closure& observer);
  62
  63   // Returns true if this context is still valid, false if it isn't.
  64   // A context becomes invalid via Invalidate().
  65   bool is_valid() const { return is_valid_; }
  66
  67   v8::Handle<v8::Context> v8_context() const {
  68     return v8::Local<v8::Context>::New(isolate_, v8_context_);
  69   }
  70
  71   const Extension* extension() const { return extension_.get(); }
  72
  73   const Extension* effective_extension() const {
  74     return effective_extension_.get();
  75   }
  76
  77   blink::WebLocalFrame* web_frame() const { return web_frame_; }
  78
  79   Feature::Context context_type() const { return context_type_; }
  80
  81   Feature::Context effective_context_type() const {
  82     return effective_context_type_;
  83   }
  84
  85   void set_module_system(scoped_ptr<ModuleSystem> module_system) {
  86     module_system_ = module_system.Pass();
  87   }
  88
  89   ModuleSystem* module_system() { return module_system_.get(); }
  90
  91   SafeBuiltins* safe_builtins() { return &safe_builtins_; }
  92
  93   const SafeBuiltins* safe_builtins() const { return &safe_builtins_; }
  94
  95   // Returns the ID of the extension associated with this context, or empty
  96   // string if there is no such extension.
  97   const std::string& GetExtensionID() const;
  98
  99   // Returns the RenderView associated with this context. Can return NULL if the
 100   // context is in the process of being destroyed.
 101   content::RenderView* GetRenderView() const;
 102
 103   // Returns the RenderFrame associated with this context. Can return NULL if
 104   // the context is in the process of being destroyed.
 105   content::RenderFrame* GetRenderFrame() const;
 106
 107   // Runs |function| with appropriate scopes. Doesn't catch exceptions, callers
 108   // must do that if they want.
 109   //
 110   // USE THIS METHOD RATHER THAN v8::Function::Call WHEREVER POSSIBLE.
 111   v8::Local<v8::Value> CallFunction(v8::Handle<v8::Function> function,
 112                                     int argc,
 113                                     v8::Handle<v8::Value> argv[]) const;
 114
 115   void DispatchEvent(const char* event_name, v8::Handle<v8::Array> args) const;
 116
 117   // Fires the onunload event on the unload_event module.
 118   void DispatchOnUnloadEvent();
 119
 120   // Returns the availability of the API |api_name|.
 121   Feature::Availability GetAvailability(const std::string& api_name);
 122
 123   // Returns a string description of the type of context this is.
 124   std::string GetContextTypeDescription();
 125
 126   // Returns a string description of the effective type of context this is.
 127   std::string GetEffectiveContextTypeDescription();
 128
 129   v8::Isolate* isolate() const { return isolate_; }
 130
 131   // Get the URL of this context's web frame.
 132   //
 133   // TODO(kalman): Remove this and replace with a GetOrigin() call which reads
 134   // of WebDocument::securityOrigin():
 135   //  - The URL can change (e.g. pushState) but the origin cannot. Luckily it
 136   //    appears as though callers don't make security decisions based on the
 137   //    result of GetURL() so it's not a problem... yet.
 138   //  - Origin is the correct check to be making.
 139   //  - It might let us remove the about:blank resolving?
 140   GURL GetURL() const;
 141
 142   // Returns whether the API |api| or any part of the API could be
 143   // available in this context without taking into account the context's
 144   // extension.
 145   bool IsAnyFeatureAvailableToContext(const extensions::Feature& api);
 146
 147   // Utility to get the URL we will match against for a frame. If the frame has
 148   // committed, this is the commited URL. Otherwise it is the provisional URL.
 149   // The returned URL may be invalid.
 150   static GURL GetDataSourceURLForFrame(const blink::WebFrame* frame);
 151
 152   // Returns the first non-about:-URL in the document hierarchy above and
 153   // including |frame|. The document hierarchy is only traversed if
 154   // |document_url| is an about:-URL and if |match_about_blank| is true.
 155   static GURL GetEffectiveDocumentURL(const blink::WebFrame* frame,
 156                                       const GURL& document_url,
 157                                       bool match_about_blank);
 158
 159   // RequestSender::Source implementation.
 160   ScriptContext* GetContext() override;
 161   void OnResponseReceived(const std::string& name,
 162                           int request_id,
 163                           bool success,
 164                           const base::ListValue& response,
 165                           const std::string& error) override;
 166
 167   // Grants a set of content capabilities to this context.
 168   void SetContentCapabilities(const APIPermissionSet& permissions);
 169
 170   // Indicates if this context has an effective API permission either by being
 171   // a context for an extension which has that permission, or by being a web
 172   // context which has been granted the corresponding capability by an
 173   // extension.
 174   bool HasAPIPermission(APIPermission::ID permission) const;
 175
 176   // Throws an Error in this context's JavaScript context, if this context does
 177   // not have access to |name|. Returns true if this context has access (i.e.
 178   // no exception thrown), false if it does not (i.e. an exception was thrown).
 179   bool HasAccessOrThrowError(const std::string& name);
 180
 181  private:
 182   class Runner;
 183
 184   // Whether this context is valid.
 185   bool is_valid_;
 186
 187   // The v8 context the bindings are accessible to.
 188   v8::Global<v8::Context> v8_context_;
 189
 190   // The WebLocalFrame associated with this context. This can be NULL because
 191   // this object can outlive is destroyed asynchronously.
 192   blink::WebLocalFrame* web_frame_;
 193
 194   // The extension associated with this context, or NULL if there is none. This
 195   // might be a hosted app in the case that this context is hosting a web URL.
 196   scoped_refptr<const Extension> extension_;
 197
 198   // The type of context.
 199   Feature::Context context_type_;
 200
 201   // The effective extension associated with this context, or NULL if there is
 202   // none. This is different from the above extension if this context is in an
 203   // about:blank iframe for example.
 204   scoped_refptr<const Extension> effective_extension_;
 205
 206   // The type of context.
 207   Feature::Context effective_context_type_;
 208
 209   // Owns and structures the JS that is injected to set up extension bindings.
 210   scoped_ptr<ModuleSystem> module_system_;
 211
 212   // Contains safe copies of builtin objects like Function.prototype.
 213   SafeBuiltins safe_builtins_;
 214
 215   // The set of capabilities granted to this context by extensions.
 216   APIPermissionSet content_capabilities_;
 217
 218   // A list of base::Closure instances as an observer interface for
 219   // invalidation.
 220   std::vector<base::Closure> invalidate_observers_;
 221
 222   v8::Isolate* isolate_;
 223
 224   GURL url_;
 225
 226   scoped_ptr<Runner> runner_;
 227
 228   DISALLOW_COPY_AND_ASSIGN(ScriptContext);
 229 };
 230
 231 }  // namespace extensions
 232
 233 #endif  // EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_