extensions/renderer/script_context.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   6 #define EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "base/compiler_specific.h"
  14 #include "extensions/common/features/feature.h"
  15 #include "extensions/common/permissions/api_permission_set.h"
  16 #include "extensions/renderer/module_system.h"
  17 #include "extensions/renderer/request_sender.h"
  18 #include "extensions/renderer/safe_builtins.h"
  19 #include "gin/runner.h"
  20 #include "url/gurl.h"
  21 #include "v8/include/v8.h"
  22
  23 namespace blink {
  24 class WebFrame;
  25 class WebLocalFrame;
  26 }
  27
  28 namespace content {
  29 class RenderFrame;
  30 }
  31
  32 namespace extensions {
  33 class Extension;
  34
  35 // Extensions wrapper for a v8 context.
  36 class ScriptContext : public RequestSender::Source {
  37  public:
  38   ScriptContext(const v8::Local<v8::Context>& context,
  39                 blink::WebLocalFrame* frame,
  40                 const Extension* extension,
  41                 Feature::Context context_type,
  42                 const Extension* effective_extension,
  43                 Feature::Context effective_context_type);
  44   ~ScriptContext() override;
  45
  46   // Returns whether |url| from any Extension in |extension_set| is sandboxed,
  47   // as declared in each Extension's manifest.
  48   // TODO(kalman): Delete this when crbug.com/466373 is fixed.
  49   // See comment in HasAccessOrThrowError.
  50   static bool IsSandboxedPage(const GURL& url);
  51
  52   // Clears the WebFrame for this contexts and invalidates the associated
  53   // ModuleSystem.
  54   void Invalidate();
  55
  56   // Registers |observer| to be run when this context is invalidated. Closures
  57   // are run immediately when Invalidate() is called, not in a message loop.
  58   void AddInvalidationObserver(const base::Closure& observer);
  59
  60   // Returns true if this context is still valid, false if it isn't.
  61   // A context becomes invalid via Invalidate().
  62   bool is_valid() const { return is_valid_; }
  63
  64   v8::Local<v8::Context> v8_context() const {
  65     return v8::Local<v8::Context>::New(isolate_, v8_context_);
  66   }
  67
  68   const Extension* extension() const { return extension_.get(); }
  69
  70   const Extension* effective_extension() const {
  71     return effective_extension_.get();
  72   }
  73
  74   blink::WebLocalFrame* web_frame() const { return web_frame_; }
  75
  76   Feature::Context context_type() const { return context_type_; }
  77
  78   Feature::Context effective_context_type() const {
  79     return effective_context_type_;
  80   }
  81
  82   void set_module_system(scoped_ptr<ModuleSystem> module_system) {
  83     module_system_ = module_system.Pass();
  84   }
  85
  86   ModuleSystem* module_system() { return module_system_.get(); }
  87
  88   SafeBuiltins* safe_builtins() { return &safe_builtins_; }
  89
  90   const SafeBuiltins* safe_builtins() const { return &safe_builtins_; }
  91
  92   // Returns the ID of the extension associated with this context, or empty
  93   // string if there is no such extension.
  94   const std::string& GetExtensionID() const;
  95
  96   // Returns the RenderFrame associated with this context. Can return NULL if
  97   // the context is in the process of being destroyed.
  98   content::RenderFrame* GetRenderFrame() const;
  99
 100   // Runs |function| with appropriate scopes. Doesn't catch exceptions, callers
 101   // must do that if they want.
 102   //
 103   // USE THIS METHOD RATHER THAN v8::Function::Call WHEREVER POSSIBLE.
 104   v8::Local<v8::Value> CallFunction(const v8::Local<v8::Function>& function,
 105                                     int argc,
 106                                     v8::Local<v8::Value> argv[]) const;
 107   v8::Local<v8::Value> CallFunction(
 108       const v8::Local<v8::Function>& function) const;
 109
 110   void DispatchEvent(const char* event_name, v8::Local<v8::Array> args) const;
 111
 112   // Fires the onunload event on the unload_event module.
 113   void DispatchOnUnloadEvent();
 114
 115   // Returns the availability of the API |api_name|.
 116   Feature::Availability GetAvailability(const std::string& api_name);
 117
 118   // Returns a string description of the type of context this is.
 119   std::string GetContextTypeDescription() const;
 120
 121   // Returns a string description of the effective type of context this is.
 122   std::string GetEffectiveContextTypeDescription() const;
 123
 124   v8::Isolate* isolate() const { return isolate_; }
 125
 126   // Get the URL of this context's web frame.
 127   //
 128   // TODO(kalman): Remove this and replace with a GetOrigin() call which reads
 129   // of WebDocument::securityOrigin():
 130   //  - The URL can change (e.g. pushState) but the origin cannot. Luckily it
 131   //    appears as though callers don't make security decisions based on the
 132   //    result of GetURL() so it's not a problem... yet.
 133   //  - Origin is the correct check to be making.
 134   //  - It might let us remove the about:blank resolving?
 135   GURL GetURL() const;
 136
 137   // Returns whether the API |api| or any part of the API could be
 138   // available in this context without taking into account the context's
 139   // extension.
 140   bool IsAnyFeatureAvailableToContext(const extensions::Feature& api);
 141
 142   // Utility to get the URL we will match against for a frame. If the frame has
 143   // committed, this is the commited URL. Otherwise it is the provisional URL.
 144   // The returned URL may be invalid.
 145   static GURL GetDataSourceURLForFrame(const blink::WebFrame* frame);
 146
 147   // Returns the first non-about:-URL in the document hierarchy above and
 148   // including |frame|. The document hierarchy is only traversed if
 149   // |document_url| is an about:-URL and if |match_about_blank| is true.
 150   static GURL GetEffectiveDocumentURL(const blink::WebFrame* frame,
 151                                       const GURL& document_url,
 152                                       bool match_about_blank);
 153
 154   // RequestSender::Source implementation.
 155   ScriptContext* GetContext() override;
 156   void OnResponseReceived(const std::string& name,
 157                           int request_id,
 158                           bool success,
 159                           const base::ListValue& response,
 160                           const std::string& error) override;
 161
 162   // Grants a set of content capabilities to this context.
 163   void SetContentCapabilities(const APIPermissionSet& permissions);
 164
 165   // Indicates if this context has an effective API permission either by being
 166   // a context for an extension which has that permission, or by being a web
 167   // context which has been granted the corresponding capability by an
 168   // extension.
 169   bool HasAPIPermission(APIPermission::ID permission) const;
 170
 171   // Throws an Error in this context's JavaScript context, if this context does
 172   // not have access to |name|. Returns true if this context has access (i.e.
 173   // no exception thrown), false if it does not (i.e. an exception was thrown).
 174   bool HasAccessOrThrowError(const std::string& name);
 175
 176   // Returns a string representation of this ScriptContext, for debugging.
 177   std::string GetDebugString() const;
 178
 179   // Gets the current stack trace as a multi-line string to be logged.
 180   std::string GetStackTraceAsString() const;
 181
 182  private:
 183   class Runner;
 184
 185   // Whether this context is valid.
 186   bool is_valid_;
 187
 188   // The v8 context the bindings are accessible to.
 189   v8::Global<v8::Context> v8_context_;
 190
 191   // The WebLocalFrame associated with this context. This can be NULL because
 192   // this object can outlive is destroyed asynchronously.
 193   blink::WebLocalFrame* web_frame_;
 194
 195   // The extension associated with this context, or NULL if there is none. This
 196   // might be a hosted app in the case that this context is hosting a web URL.
 197   scoped_refptr<const Extension> extension_;
 198
 199   // The type of context.
 200   Feature::Context context_type_;
 201
 202   // The effective extension associated with this context, or NULL if there is
 203   // none. This is different from the above extension if this context is in an
 204   // about:blank iframe for example.
 205   scoped_refptr<const Extension> effective_extension_;
 206
 207   // The type of context.
 208   Feature::Context effective_context_type_;
 209
 210   // Owns and structures the JS that is injected to set up extension bindings.
 211   scoped_ptr<ModuleSystem> module_system_;
 212
 213   // Contains safe copies of builtin objects like Function.prototype.
 214   SafeBuiltins safe_builtins_;
 215
 216   // The set of capabilities granted to this context by extensions.
 217   APIPermissionSet content_capabilities_;
 218
 219   // A list of base::Closure instances as an observer interface for
 220   // invalidation.
 221   std::vector<base::Closure> invalidate_observers_;
 222
 223   v8::Isolate* isolate_;
 224
 225   GURL url_;
 226
 227   scoped_ptr<Runner> runner_;
 228
 229   DISALLOW_COPY_AND_ASSIGN(ScriptContext);
 230 };
 231
 232 }  // namespace extensions
 233
 234 #endif  // EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_