Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / extensions / renderer / user_script_set.cc
blob58e9de17cc89bb0fd72d755af79f92e4ff474aba
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/renderer/user_script_set.h"
7 #include "base/memory/ref_counted.h"
8 #include "content/public/common/url_constants.h"
9 #include "content/public/renderer/render_thread.h"
10 #include "extensions/common/extension.h"
11 #include "extensions/common/extension_set.h"
12 #include "extensions/common/permissions/permissions_data.h"
13 #include "extensions/renderer/extension_injection_host.h"
14 #include "extensions/renderer/extensions_renderer_client.h"
15 #include "extensions/renderer/injection_host.h"
16 #include "extensions/renderer/script_context.h"
17 #include "extensions/renderer/script_injection.h"
18 #include "extensions/renderer/user_script_injector.h"
19 #include "extensions/renderer/web_ui_injection_host.h"
20 #include "third_party/WebKit/public/web/WebDocument.h"
21 #include "third_party/WebKit/public/web/WebFrame.h"
22 #include "url/gurl.h"
24 namespace extensions {
26 namespace {
28 GURL GetDocumentUrlForFrame(blink::WebFrame* frame) {
29 GURL data_source_url = ScriptContext::GetDataSourceURLForFrame(frame);
30 if (!data_source_url.is_empty() && frame->isViewSourceModeEnabled()) {
31 data_source_url = GURL(content::kViewSourceScheme + std::string(":") +
32 data_source_url.spec());
35 return data_source_url;
38 } // namespace
40 UserScriptSet::UserScriptSet(const ExtensionSet* extensions)
41 : extensions_(extensions) {
44 UserScriptSet::~UserScriptSet() {
47 void UserScriptSet::AddObserver(Observer* observer) {
48 observers_.AddObserver(observer);
51 void UserScriptSet::RemoveObserver(Observer* observer) {
52 observers_.RemoveObserver(observer);
55 void UserScriptSet::GetActiveExtensionIds(
56 std::set<std::string>* ids) const {
57 for (ScopedVector<UserScript>::const_iterator iter = scripts_.begin();
58 iter != scripts_.end();
59 ++iter) {
60 if ((*iter)->host_id().type() != HostID::EXTENSIONS)
61 continue;
62 DCHECK(!(*iter)->extension_id().empty());
63 ids->insert((*iter)->extension_id());
67 void UserScriptSet::GetInjections(
68 ScopedVector<ScriptInjection>* injections,
69 blink::WebFrame* web_frame,
70 int tab_id,
71 UserScript::RunLocation run_location) {
72 GURL document_url = GetDocumentUrlForFrame(web_frame);
73 for (ScopedVector<UserScript>::const_iterator iter = scripts_.begin();
74 iter != scripts_.end();
75 ++iter) {
76 scoped_ptr<ScriptInjection> injection = GetInjectionForScript(
77 *iter,
78 web_frame,
79 tab_id,
80 run_location,
81 document_url,
82 false /* is_declarative */);
83 if (injection.get())
84 injections->push_back(injection.release());
88 bool UserScriptSet::UpdateUserScripts(base::SharedMemoryHandle shared_memory,
89 const std::set<HostID>& changed_hosts) {
90 bool only_inject_incognito =
91 ExtensionsRendererClient::Get()->IsIncognitoProcess();
93 // Create the shared memory object (read only).
94 shared_memory_.reset(new base::SharedMemory(shared_memory, true));
95 if (!shared_memory_.get())
96 return false;
98 // First get the size of the memory block.
99 if (!shared_memory_->Map(sizeof(Pickle::Header)))
100 return false;
101 Pickle::Header* pickle_header =
102 reinterpret_cast<Pickle::Header*>(shared_memory_->memory());
104 // Now map in the rest of the block.
105 int pickle_size = sizeof(Pickle::Header) + pickle_header->payload_size;
106 shared_memory_->Unmap();
107 if (!shared_memory_->Map(pickle_size))
108 return false;
110 // Unpickle scripts.
111 size_t num_scripts = 0;
112 Pickle pickle(reinterpret_cast<char*>(shared_memory_->memory()), pickle_size);
113 PickleIterator iter(pickle);
114 CHECK(iter.ReadSizeT(&num_scripts));
116 scripts_.clear();
117 scripts_.reserve(num_scripts);
118 for (size_t i = 0; i < num_scripts; ++i) {
119 scoped_ptr<UserScript> script(new UserScript());
120 script->Unpickle(pickle, &iter);
122 // Note that this is a pointer into shared memory. We don't own it. It gets
123 // cleared up when the last renderer or browser process drops their
124 // reference to the shared memory.
125 for (size_t j = 0; j < script->js_scripts().size(); ++j) {
126 const char* body = NULL;
127 int body_length = 0;
128 CHECK(iter.ReadData(&body, &body_length));
129 script->js_scripts()[j].set_external_content(
130 base::StringPiece(body, body_length));
132 for (size_t j = 0; j < script->css_scripts().size(); ++j) {
133 const char* body = NULL;
134 int body_length = 0;
135 CHECK(iter.ReadData(&body, &body_length));
136 script->css_scripts()[j].set_external_content(
137 base::StringPiece(body, body_length));
140 if (only_inject_incognito && !script->is_incognito_enabled())
141 continue; // This script shouldn't run in an incognito tab.
143 scripts_.push_back(script.release());
146 FOR_EACH_OBSERVER(Observer,
147 observers_,
148 OnUserScriptsUpdated(changed_hosts, scripts_.get()));
149 return true;
152 scoped_ptr<ScriptInjection> UserScriptSet::GetDeclarativeScriptInjection(
153 int script_id,
154 blink::WebFrame* web_frame,
155 int tab_id,
156 UserScript::RunLocation run_location,
157 const GURL& document_url) {
158 for (ScopedVector<UserScript>::const_iterator it = scripts_.begin();
159 it != scripts_.end();
160 ++it) {
161 if ((*it)->id() == script_id) {
162 return GetInjectionForScript(*it,
163 web_frame,
164 tab_id,
165 run_location,
166 document_url,
167 true /* is_declarative */);
170 return scoped_ptr<ScriptInjection>();
173 // TODO(dcheng): Scripts can't be injected on a remote frame, so this function
174 // signature needs to be updated.
175 scoped_ptr<ScriptInjection> UserScriptSet::GetInjectionForScript(
176 UserScript* script,
177 blink::WebFrame* web_frame,
178 int tab_id,
179 UserScript::RunLocation run_location,
180 const GURL& document_url,
181 bool is_declarative) {
182 scoped_ptr<ScriptInjection> injection;
183 scoped_ptr<const InjectionHost> injection_host;
185 const HostID& host_id = script->host_id();
186 if (host_id.type() == HostID::EXTENSIONS) {
187 injection_host = ExtensionInjectionHost::Create(host_id.id(), extensions_);
188 if (!injection_host)
189 return injection.Pass();
190 } else {
191 DCHECK_EQ(host_id.type(), HostID::WEBUI);
192 injection_host.reset(new WebUIInjectionHost(host_id));
195 if (web_frame->parent() && !script->match_all_frames())
196 return injection.Pass(); // Only match subframes if the script declared it.
198 GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
199 web_frame, document_url, script->match_about_blank());
201 if (!script->MatchesURL(effective_document_url))
202 return injection.Pass();
204 scoped_ptr<ScriptInjector> injector(new UserScriptInjector(script,
205 this,
206 is_declarative));
208 blink::WebFrame* top_frame = web_frame->top();
209 // It doesn't make sense to do script injection for remote frames, since they
210 // cannot host any documents or content.
211 // TODO(kalman): Fix this properly by moving all security checks into the
212 // browser. See http://crbug.com/466373 for ongoing work here.
213 if (top_frame->isWebRemoteFrame())
214 return injection.Pass();
216 if (injector->CanExecuteOnFrame(injection_host.get(), web_frame,
217 -1, // Content scripts are not tab-specific.
218 top_frame->document().url()) ==
219 PermissionsData::ACCESS_DENIED) {
220 return injection.Pass();
223 bool inject_css = !script->css_scripts().empty() &&
224 run_location == UserScript::DOCUMENT_START;
225 bool inject_js =
226 !script->js_scripts().empty() && script->run_location() == run_location;
227 if (inject_css || inject_js) {
228 injection.reset(new ScriptInjection(
229 injector.Pass(),
230 web_frame->toWebLocalFrame(),
231 injection_host.Pass(),
232 run_location,
233 tab_id));
235 return injection.Pass();
238 } // namespace extensions