chrome/common/extensions/manifest_handlers/content_scripts_handler.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/common/extensions/manifest_handlers/content_scripts_handler.h"
   6
   7 #include "base/files/file_util.h"
   8 #include "base/lazy_instance.h"
   9 #include "base/memory/scoped_ptr.h"
  10 #include "base/strings/string_number_conversions.h"
  11 #include "base/strings/string_util.h"
  12 #include "base/strings/utf_string_conversions.h"
  13 #include "base/values.h"
  14 #include "chrome/grit/generated_resources.h"
  15 #include "content/public/common/url_constants.h"
  16 #include "extensions/common/error_utils.h"
  17 #include "extensions/common/extension.h"
  18 #include "extensions/common/extension_resource.h"
  19 #include "extensions/common/manifest_constants.h"
  20 #include "extensions/common/manifest_handlers/permissions_parser.h"
  21 #include "extensions/common/permissions/permissions_data.h"
  22 #include "extensions/common/url_pattern.h"
  23 #include "extensions/common/url_pattern_set.h"
  24 #include "ui/base/l10n/l10n_util.h"
  25 #include "url/gurl.h"
  26
  27 namespace extensions {
  28
  29 namespace keys = extensions::manifest_keys;
  30 namespace values = manifest_values;
  31 namespace errors = manifest_errors;
  32
  33 namespace {
  34
  35 // Helper method that loads either the include_globs or exclude_globs list
  36 // from an entry in the content_script lists of the manifest.
  37 bool LoadGlobsHelper(const base::DictionaryValue* content_script,
  38                      int content_script_index,
  39                      const char* globs_property_name,
  40                      base::string16* error,
  41                      void(UserScript::*add_method)(const std::string& glob),
  42                      UserScript* instance) {
  43   if (!content_script->HasKey(globs_property_name))
  44     return true;  // they are optional
  45
  46   const base::ListValue* list = NULL;
  47   if (!content_script->GetList(globs_property_name, &list)) {
  48     *error = ErrorUtils::FormatErrorMessageUTF16(
  49         errors::kInvalidGlobList,
  50         base::IntToString(content_script_index),
  51         globs_property_name);
  52     return false;
  53   }
  54
  55   for (size_t i = 0; i < list->GetSize(); ++i) {
  56     std::string glob;
  57     if (!list->GetString(i, &glob)) {
  58       *error = ErrorUtils::FormatErrorMessageUTF16(
  59           errors::kInvalidGlob,
  60           base::IntToString(content_script_index),
  61           globs_property_name,
  62           base::IntToString(i));
  63       return false;
  64     }
  65
  66     (instance->*add_method)(glob);
  67   }
  68
  69   return true;
  70 }
  71
  72 // Helper method that loads a UserScript object from a dictionary in the
  73 // content_script list of the manifest.
  74 bool LoadUserScriptFromDictionary(const base::DictionaryValue* content_script,
  75                                   int definition_index,
  76                                   Extension* extension,
  77                                   base::string16* error,
  78                                   UserScript* result) {
  79   // run_at
  80   if (content_script->HasKey(keys::kRunAt)) {
  81     std::string run_location;
  82     if (!content_script->GetString(keys::kRunAt, &run_location)) {
  83       *error = ErrorUtils::FormatErrorMessageUTF16(
  84           errors::kInvalidRunAt,
  85           base::IntToString(definition_index));
  86       return false;
  87     }
  88
  89     if (run_location == values::kRunAtDocumentStart) {
  90       result->set_run_location(UserScript::DOCUMENT_START);
  91     } else if (run_location == values::kRunAtDocumentEnd) {
  92       result->set_run_location(UserScript::DOCUMENT_END);
  93     } else if (run_location == values::kRunAtDocumentIdle) {
  94       result->set_run_location(UserScript::DOCUMENT_IDLE);
  95     } else {
  96       *error = ErrorUtils::FormatErrorMessageUTF16(
  97           errors::kInvalidRunAt,
  98           base::IntToString(definition_index));
  99       return false;
 100     }
 101   }
 102
 103   // all frames
 104   if (content_script->HasKey(keys::kAllFrames)) {
 105     bool all_frames = false;
 106     if (!content_script->GetBoolean(keys::kAllFrames, &all_frames)) {
 107       *error = ErrorUtils::FormatErrorMessageUTF16(
 108             errors::kInvalidAllFrames, base::IntToString(definition_index));
 109       return false;
 110     }
 111     result->set_match_all_frames(all_frames);
 112   }
 113
 114   // match about blank
 115   if (content_script->HasKey(keys::kMatchAboutBlank)) {
 116     bool match_about_blank = false;
 117     if (!content_script->GetBoolean(keys::kMatchAboutBlank,
 118                                     &match_about_blank)) {
 119       *error = ErrorUtils::FormatErrorMessageUTF16(
 120           errors::kInvalidMatchAboutBlank, base::IntToString(definition_index));
 121       return false;
 122     }
 123     result->set_match_about_blank(match_about_blank);
 124   }
 125
 126   // matches (required)
 127   const base::ListValue* matches = NULL;
 128   if (!content_script->GetList(keys::kMatches, &matches)) {
 129     *error = ErrorUtils::FormatErrorMessageUTF16(
 130         errors::kInvalidMatches,
 131         base::IntToString(definition_index));
 132     return false;
 133   }
 134
 135   if (matches->GetSize() == 0) {
 136     *error = ErrorUtils::FormatErrorMessageUTF16(
 137         errors::kInvalidMatchCount,
 138         base::IntToString(definition_index));
 139     return false;
 140   }
 141   for (size_t j = 0; j < matches->GetSize(); ++j) {
 142     std::string match_str;
 143     if (!matches->GetString(j, &match_str)) {
 144       *error = ErrorUtils::FormatErrorMessageUTF16(
 145           errors::kInvalidMatch,
 146           base::IntToString(definition_index),
 147           base::IntToString(j),
 148           errors::kExpectString);
 149       return false;
 150     }
 151
 152     URLPattern pattern(UserScript::ValidUserScriptSchemes(
 153         PermissionsData::CanExecuteScriptEverywhere(extension)));
 154
 155     URLPattern::ParseResult parse_result = pattern.Parse(match_str);
 156     if (parse_result != URLPattern::PARSE_SUCCESS) {
 157       *error = ErrorUtils::FormatErrorMessageUTF16(
 158           errors::kInvalidMatch,
 159           base::IntToString(definition_index),
 160           base::IntToString(j),
 161           URLPattern::GetParseResultString(parse_result));
 162       return false;
 163     }
 164
 165     // TODO(aboxhall): check for webstore
 166     if (!PermissionsData::CanExecuteScriptEverywhere(extension) &&
 167         pattern.scheme() != content::kChromeUIScheme) {
 168       // Exclude SCHEME_CHROMEUI unless it's been explicitly requested.
 169       // If the --extensions-on-chrome-urls flag has not been passed, requesting
 170       // a chrome:// url will cause a parse failure above, so there's no need to
 171       // check the flag here.
 172       pattern.SetValidSchemes(
 173           pattern.valid_schemes() & ~URLPattern::SCHEME_CHROMEUI);
 174     }
 175
 176     if (pattern.MatchesScheme(url::kFileScheme) &&
 177         !PermissionsData::CanExecuteScriptEverywhere(extension)) {
 178       extension->set_wants_file_access(true);
 179       if (!(extension->creation_flags() & Extension::ALLOW_FILE_ACCESS)) {
 180         pattern.SetValidSchemes(
 181             pattern.valid_schemes() & ~URLPattern::SCHEME_FILE);
 182       }
 183     }
 184
 185     result->add_url_pattern(pattern);
 186   }
 187
 188   // exclude_matches
 189   if (content_script->HasKey(keys::kExcludeMatches)) {  // optional
 190     const base::ListValue* exclude_matches = NULL;
 191     if (!content_script->GetList(keys::kExcludeMatches, &exclude_matches)) {
 192       *error = ErrorUtils::FormatErrorMessageUTF16(
 193           errors::kInvalidExcludeMatches,
 194           base::IntToString(definition_index));
 195       return false;
 196     }
 197
 198     for (size_t j = 0; j < exclude_matches->GetSize(); ++j) {
 199       std::string match_str;
 200       if (!exclude_matches->GetString(j, &match_str)) {
 201         *error = ErrorUtils::FormatErrorMessageUTF16(
 202             errors::kInvalidExcludeMatch,
 203             base::IntToString(definition_index),
 204             base::IntToString(j),
 205             errors::kExpectString);
 206         return false;
 207       }
 208
 209       int valid_schemes = UserScript::ValidUserScriptSchemes(
 210           PermissionsData::CanExecuteScriptEverywhere(extension));
 211       URLPattern pattern(valid_schemes);
 212
 213       URLPattern::ParseResult parse_result = pattern.Parse(match_str);
 214       if (parse_result != URLPattern::PARSE_SUCCESS) {
 215         *error = ErrorUtils::FormatErrorMessageUTF16(
 216             errors::kInvalidExcludeMatch,
 217             base::IntToString(definition_index), base::IntToString(j),
 218             URLPattern::GetParseResultString(parse_result));
 219         return false;
 220       }
 221
 222       result->add_exclude_url_pattern(pattern);
 223     }
 224   }
 225
 226   // include/exclude globs (mostly for Greasemonkey compatibility)
 227   if (!LoadGlobsHelper(content_script, definition_index, keys::kIncludeGlobs,
 228                        error, &UserScript::add_glob, result)) {
 229       return false;
 230   }
 231
 232   if (!LoadGlobsHelper(content_script, definition_index, keys::kExcludeGlobs,
 233                        error, &UserScript::add_exclude_glob, result)) {
 234       return false;
 235   }
 236
 237   // js and css keys
 238   const base::ListValue* js = NULL;
 239   if (content_script->HasKey(keys::kJs) &&
 240       !content_script->GetList(keys::kJs, &js)) {
 241     *error = ErrorUtils::FormatErrorMessageUTF16(
 242         errors::kInvalidJsList,
 243         base::IntToString(definition_index));
 244     return false;
 245   }
 246
 247   const base::ListValue* css = NULL;
 248   if (content_script->HasKey(keys::kCss) &&
 249       !content_script->GetList(keys::kCss, &css)) {
 250     *error = ErrorUtils::
 251         FormatErrorMessageUTF16(errors::kInvalidCssList,
 252         base::IntToString(definition_index));
 253     return false;
 254   }
 255
 256   // The manifest needs to have at least one js or css user script definition.
 257   if (((js ? js->GetSize() : 0) + (css ? css->GetSize() : 0)) == 0) {
 258     *error = ErrorUtils::FormatErrorMessageUTF16(
 259         errors::kMissingFile,
 260         base::IntToString(definition_index));
 261     return false;
 262   }
 263
 264   if (js) {
 265     for (size_t script_index = 0; script_index < js->GetSize();
 266          ++script_index) {
 267       const base::Value* value;
 268       std::string relative;
 269       if (!js->Get(script_index, &value) || !value->GetAsString(&relative)) {
 270         *error = ErrorUtils::FormatErrorMessageUTF16(
 271             errors::kInvalidJs,
 272             base::IntToString(definition_index),
 273             base::IntToString(script_index));
 274         return false;
 275       }
 276       GURL url = extension->GetResourceURL(relative);
 277       ExtensionResource resource = extension->GetResource(relative);
 278       result->js_scripts().push_back(UserScript::File(
 279           resource.extension_root(), resource.relative_path(), url));
 280     }
 281   }
 282
 283   if (css) {
 284     for (size_t script_index = 0; script_index < css->GetSize();
 285          ++script_index) {
 286       const base::Value* value;
 287       std::string relative;
 288       if (!css->Get(script_index, &value) || !value->GetAsString(&relative)) {
 289         *error = ErrorUtils::FormatErrorMessageUTF16(
 290             errors::kInvalidCss,
 291             base::IntToString(definition_index),
 292             base::IntToString(script_index));
 293         return false;
 294       }
 295       GURL url = extension->GetResourceURL(relative);
 296       ExtensionResource resource = extension->GetResource(relative);
 297       result->css_scripts().push_back(UserScript::File(
 298           resource.extension_root(), resource.relative_path(), url));
 299     }
 300   }
 301
 302   return true;
 303 }
 304
 305 // Returns false and sets the error if script file can't be loaded,
 306 // or if it's not UTF-8 encoded.
 307 static bool IsScriptValid(const base::FilePath& path,
 308                           const base::FilePath& relative_path,
 309                           int message_id,
 310                           std::string* error) {
 311   std::string content;
 312   if (!base::PathExists(path) ||
 313       !base::ReadFileToString(path, &content)) {
 314     *error = l10n_util::GetStringFUTF8(
 315         message_id,
 316         relative_path.LossyDisplayName());
 317     return false;
 318   }
 319
 320   if (!base::IsStringUTF8(content)) {
 321     *error = l10n_util::GetStringFUTF8(
 322         IDS_EXTENSION_BAD_FILE_ENCODING,
 323         relative_path.LossyDisplayName());
 324     return false;
 325   }
 326
 327   return true;
 328 }
 329
 330 struct EmptyUserScriptList {
 331   UserScriptList user_script_list;
 332 };
 333
 334 static base::LazyInstance<EmptyUserScriptList> g_empty_script_list =
 335     LAZY_INSTANCE_INITIALIZER;
 336
 337 }  // namespace
 338
 339 ContentScriptsInfo::ContentScriptsInfo() {
 340 }
 341
 342 ContentScriptsInfo::~ContentScriptsInfo() {
 343 }
 344
 345 // static
 346 const UserScriptList& ContentScriptsInfo::GetContentScripts(
 347     const Extension* extension) {
 348   ContentScriptsInfo* info = static_cast<ContentScriptsInfo*>(
 349       extension->GetManifestData(keys::kContentScripts));
 350   return info ? info->content_scripts
 351               : g_empty_script_list.Get().user_script_list;
 352 }
 353
 354 // static
 355 bool ContentScriptsInfo::ExtensionHasScriptAtURL(const Extension* extension,
 356                                                  const GURL& url) {
 357   const UserScriptList& content_scripts = GetContentScripts(extension);
 358   for (UserScriptList::const_iterator iter = content_scripts.begin();
 359       iter != content_scripts.end(); ++iter) {
 360     if (iter->MatchesURL(url))
 361       return true;
 362   }
 363   return false;
 364 }
 365
 366 // static
 367 URLPatternSet ContentScriptsInfo::GetScriptableHosts(
 368     const Extension* extension) {
 369   const UserScriptList& content_scripts = GetContentScripts(extension);
 370   URLPatternSet scriptable_hosts;
 371   for (UserScriptList::const_iterator content_script =
 372            content_scripts.begin();
 373        content_script != content_scripts.end();
 374        ++content_script) {
 375     URLPatternSet::const_iterator pattern =
 376         content_script->url_patterns().begin();
 377     for (; pattern != content_script->url_patterns().end(); ++pattern)
 378       scriptable_hosts.AddPattern(*pattern);
 379   }
 380   return scriptable_hosts;
 381 }
 382
 383 ContentScriptsHandler::ContentScriptsHandler() {
 384 }
 385
 386 ContentScriptsHandler::~ContentScriptsHandler() {
 387 }
 388
 389 const std::vector<std::string> ContentScriptsHandler::Keys() const {
 390   static const char* const keys[] = {
 391     keys::kContentScripts
 392   };
 393   return std::vector<std::string>(keys, keys + arraysize(keys));
 394 }
 395
 396 bool ContentScriptsHandler::Parse(Extension* extension, base::string16* error) {
 397   scoped_ptr<ContentScriptsInfo> content_scripts_info(new ContentScriptsInfo);
 398   const base::ListValue* scripts_list = NULL;
 399   if (!extension->manifest()->GetList(keys::kContentScripts, &scripts_list)) {
 400     *error = base::ASCIIToUTF16(errors::kInvalidContentScriptsList);
 401     return false;
 402   }
 403
 404   for (size_t i = 0; i < scripts_list->GetSize(); ++i) {
 405     const base::DictionaryValue* script_dict = NULL;
 406     if (!scripts_list->GetDictionary(i, &script_dict)) {
 407       *error = ErrorUtils::FormatErrorMessageUTF16(
 408           errors::kInvalidContentScript,
 409           base::IntToString(i));
 410       return false;
 411     }
 412
 413     UserScript user_script;
 414     if (!LoadUserScriptFromDictionary(script_dict,
 415                                       i,
 416                                       extension,
 417                                       error,
 418                                       &user_script)) {
 419       return false;  // Failed to parse script context definition.
 420     }
 421
 422     user_script.set_extension_id(extension->id());
 423     if (extension->converted_from_user_script()) {
 424       user_script.set_emulate_greasemonkey(true);
 425       // Greasemonkey matches all frames.
 426       user_script.set_match_all_frames(true);
 427     }
 428     user_script.set_id(UserScript::GenerateUserScriptID());
 429     content_scripts_info->content_scripts.push_back(user_script);
 430   }
 431   extension->SetManifestData(keys::kContentScripts,
 432                              content_scripts_info.release());
 433   PermissionsParser::SetScriptableHosts(
 434       extension, ContentScriptsInfo::GetScriptableHosts(extension));
 435   return true;
 436 }
 437
 438 bool ContentScriptsHandler::Validate(
 439     const Extension* extension,
 440     std::string* error,
 441     std::vector<InstallWarning>* warnings) const {
 442   // Validate that claimed script resources actually exist,
 443   // and are UTF-8 encoded.
 444   ExtensionResource::SymlinkPolicy symlink_policy;
 445   if ((extension->creation_flags() &
 446        Extension::FOLLOW_SYMLINKS_ANYWHERE) != 0) {
 447     symlink_policy = ExtensionResource::FOLLOW_SYMLINKS_ANYWHERE;
 448   } else {
 449     symlink_policy = ExtensionResource::SYMLINKS_MUST_RESOLVE_WITHIN_ROOT;
 450   }
 451
 452   const UserScriptList& content_scripts =
 453       ContentScriptsInfo::GetContentScripts(extension);
 454   for (size_t i = 0; i < content_scripts.size(); ++i) {
 455     const UserScript& script = content_scripts[i];
 456
 457     for (size_t j = 0; j < script.js_scripts().size(); j++) {
 458       const UserScript::File& js_script = script.js_scripts()[j];
 459       const base::FilePath& path = ExtensionResource::GetFilePath(
 460           js_script.extension_root(), js_script.relative_path(),
 461           symlink_policy);
 462       if (!IsScriptValid(path, js_script.relative_path(),
 463                          IDS_EXTENSION_LOAD_JAVASCRIPT_FAILED, error))
 464         return false;
 465     }
 466
 467     for (size_t j = 0; j < script.css_scripts().size(); j++) {
 468       const UserScript::File& css_script = script.css_scripts()[j];
 469       const base::FilePath& path = ExtensionResource::GetFilePath(
 470           css_script.extension_root(), css_script.relative_path(),
 471           symlink_policy);
 472       if (!IsScriptValid(path, css_script.relative_path(),
 473                          IDS_EXTENSION_LOAD_CSS_FAILED, error))
 474         return false;
 475     }
 476   }
 477
 478   return true;
 479 }
 480
 481 }  // namespace extensions