1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "extensions/renderer/script_context_set.h"
7 #include "base/message_loop/message_loop.h"
8 #include "content/public/common/url_constants.h"
9 #include "content/public/renderer/render_frame.h"
10 #include "extensions/common/extension.h"
11 #include "extensions/renderer/extension_groups.h"
12 #include "extensions/renderer/script_context.h"
13 #include "extensions/renderer/script_injection.h"
14 #include "third_party/WebKit/public/web/WebDocument.h"
15 #include "third_party/WebKit/public/web/WebLocalFrame.h"
16 #include "v8/include/v8.h"
18 namespace extensions
{
20 ScriptContextSet::ScriptContextSet(ExtensionSet
* extensions
,
21 ExtensionIdSet
* active_extension_ids
)
22 : extensions_(extensions
), active_extension_ids_(active_extension_ids
) {
25 ScriptContextSet::~ScriptContextSet() {
28 ScriptContext
* ScriptContextSet::Register(
29 blink::WebLocalFrame
* frame
,
30 const v8::Local
<v8::Context
>& v8_context
,
33 const Extension
* extension
=
34 GetExtensionFromFrameAndWorld(frame
, world_id
, false);
35 const Extension
* effective_extension
=
36 GetExtensionFromFrameAndWorld(frame
, world_id
, true);
38 GURL frame_url
= ScriptContext::GetDataSourceURLForFrame(frame
);
39 Feature::Context context_type
=
40 ClassifyJavaScriptContext(extension
, extension_group
, frame_url
,
41 frame
->document().securityOrigin());
42 Feature::Context effective_context_type
= ClassifyJavaScriptContext(
43 effective_extension
, extension_group
,
44 ScriptContext::GetEffectiveDocumentURL(frame
, frame_url
, true),
45 frame
->document().securityOrigin());
47 ScriptContext
* context
=
48 new ScriptContext(v8_context
, frame
, extension
, context_type
,
49 effective_extension
, effective_context_type
);
50 contexts_
.insert(context
); // takes ownership
54 void ScriptContextSet::Remove(ScriptContext
* context
) {
55 if (contexts_
.erase(context
)) {
56 context
->Invalidate();
57 base::MessageLoop::current()->DeleteSoon(FROM_HERE
, context
);
61 ScriptContext
* ScriptContextSet::GetCurrent() const {
62 v8::Isolate
* isolate
= v8::Isolate::GetCurrent();
63 return isolate
->InContext() ? GetByV8Context(isolate
->GetCurrentContext())
67 ScriptContext
* ScriptContextSet::GetCalling() const {
68 v8::Isolate
* isolate
= v8::Isolate::GetCurrent();
69 v8::Local
<v8::Context
> calling
= isolate
->GetCallingContext();
70 return calling
.IsEmpty() ? nullptr : GetByV8Context(calling
);
73 ScriptContext
* ScriptContextSet::GetByV8Context(
74 const v8::Local
<v8::Context
>& v8_context
) const {
75 for (ScriptContext
* script_context
: contexts_
) {
76 if (script_context
->v8_context() == v8_context
)
77 return script_context
;
82 void ScriptContextSet::ForEach(
83 const std::string
& extension_id
,
84 content::RenderFrame
* render_frame
,
85 const base::Callback
<void(ScriptContext
*)>& callback
) const {
86 // We copy the context list, because calling into javascript may modify it
88 std::set
<ScriptContext
*> contexts_copy
= contexts_
;
90 for (ScriptContext
* context
: contexts_copy
) {
91 // For the same reason as above, contexts may become invalid while we run.
92 if (!context
->is_valid())
95 if (!extension_id
.empty()) {
96 const Extension
* extension
= context
->extension();
97 if (!extension
|| (extension_id
!= extension
->id()))
101 content::RenderFrame
* context_render_frame
= context
->GetRenderFrame();
102 if (!context_render_frame
)
105 if (render_frame
&& render_frame
!= context_render_frame
)
108 callback
.Run(context
);
112 std::set
<ScriptContext
*> ScriptContextSet::OnExtensionUnloaded(
113 const std::string
& extension_id
) {
114 std::set
<ScriptContext
*> removed
;
115 ForEach(extension_id
,
116 base::Bind(&ScriptContextSet::DispatchOnUnloadEventAndRemove
,
117 base::Unretained(this), &removed
));
121 const Extension
* ScriptContextSet::GetExtensionFromFrameAndWorld(
122 const blink::WebLocalFrame
* frame
,
124 bool use_effective_url
) {
125 std::string extension_id
;
127 // Isolated worlds (content script).
128 extension_id
= ScriptInjection::GetHostIdForIsolatedWorld(world_id
);
129 } else if (!frame
->document().securityOrigin().isUnique()) {
130 // TODO(kalman): Delete the above check.
131 // Extension pages (chrome-extension:// URLs).
132 GURL frame_url
= ScriptContext::GetDataSourceURLForFrame(frame
);
133 frame_url
= ScriptContext::GetEffectiveDocumentURL(frame
, frame_url
,
135 extension_id
= extensions_
->GetExtensionOrAppIDByURL(frame_url
);
138 // There are conditions where despite a context being associated with an
139 // extension, no extension actually gets found. Ignore "invalid" because CSP
140 // blocks extension page loading by switching the extension ID to "invalid".
141 const Extension
* extension
= extensions_
->GetByID(extension_id
);
142 if (!extension
&& !extension_id
.empty() && extension_id
!= "invalid") {
143 // TODO(kalman): Do something here?
148 Feature::Context
ScriptContextSet::ClassifyJavaScriptContext(
149 const Extension
* extension
,
152 const blink::WebSecurityOrigin
& origin
) {
153 // WARNING: This logic must match ProcessMap::GetContextType, as much as
156 DCHECK_GE(extension_group
, 0);
157 if (extension_group
== EXTENSION_GROUP_CONTENT_SCRIPTS
) {
158 return extension
? // TODO(kalman): when does this happen?
159 Feature::CONTENT_SCRIPT_CONTEXT
160 : Feature::UNSPECIFIED_CONTEXT
;
163 // We have an explicit check for sandboxed pages before checking whether the
164 // extension is active in this process because:
165 // 1. Sandboxed pages run in the same process as regular extension pages, so
166 // the extension is considered active.
167 // 2. ScriptContext creation (which triggers bindings injection) happens
168 // before the SecurityContext is updated with the sandbox flags (after
169 // reading the CSP header), so the caller can't check if the context's
170 // security origin is unique yet.
171 if (ScriptContext::IsSandboxedPage(*extensions_
, url
))
172 return Feature::WEB_PAGE_CONTEXT
;
174 if (extension
&& active_extension_ids_
->count(extension
->id()) > 0) {
175 // |extension| is active in this process, but it could be either a true
176 // extension process or within the extent of a hosted app. In the latter
177 // case this would usually be considered a (blessed) web page context,
178 // unless the extension in question is a component extension, in which case
179 // we cheat and call it blessed.
180 return (extension
->is_hosted_app() &&
181 extension
->location() != Manifest::COMPONENT
)
182 ? Feature::BLESSED_WEB_PAGE_CONTEXT
183 : Feature::BLESSED_EXTENSION_CONTEXT
;
186 // TODO(kalman): This isUnique() check is wrong, it should be performed as
187 // part of ScriptContext::IsSandboxedPage().
188 if (!origin
.isUnique() && extensions_
->ExtensionBindingsAllowed(url
)) {
189 if (!extension
) // TODO(kalman): when does this happen?
190 return Feature::UNSPECIFIED_CONTEXT
;
191 return extension
->is_hosted_app() ? Feature::BLESSED_WEB_PAGE_CONTEXT
192 : Feature::UNBLESSED_EXTENSION_CONTEXT
;
196 return Feature::UNSPECIFIED_CONTEXT
;
198 if (url
.SchemeIs(content::kChromeUIScheme
))
199 return Feature::WEBUI_CONTEXT
;
201 return Feature::WEB_PAGE_CONTEXT
;
204 void ScriptContextSet::DispatchOnUnloadEventAndRemove(
205 std::set
<ScriptContext
*>* out
,
206 ScriptContext
* context
) {
207 context
->DispatchOnUnloadEvent();
208 Remove(context
); // deleted asynchronously
209 out
->insert(context
);
212 } // namespace extensions