extensions/renderer/script_context_set.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "extensions/renderer/script_context_set.h"
   6
   7 #include "base/message_loop/message_loop.h"
   8 #include "content/public/common/url_constants.h"
   9 #include "content/public/renderer/render_view.h"
  10 #include "extensions/common/extension.h"
  11 #include "extensions/renderer/extension_groups.h"
  12 #include "extensions/renderer/script_context.h"
  13 #include "extensions/renderer/script_injection.h"
  14 #include "third_party/WebKit/public/web/WebDocument.h"
  15 #include "third_party/WebKit/public/web/WebLocalFrame.h"
  16 #include "v8/include/v8.h"
  17
  18 namespace extensions {
  19
  20 ScriptContextSet::ScriptContextSet(ExtensionSet* extensions,
  21                                    ExtensionIdSet* active_extension_ids)
  22     : extensions_(extensions), active_extension_ids_(active_extension_ids) {
  23 }
  24
  25 ScriptContextSet::~ScriptContextSet() {
  26 }
  27
  28 ScriptContext* ScriptContextSet::Register(
  29     blink::WebLocalFrame* frame,
  30     const v8::Handle<v8::Context>& v8_context,
  31     int extension_group,
  32     int world_id) {
  33   const Extension* extension =
  34       GetExtensionFromFrameAndWorld(frame, world_id, false);
  35   const Extension* effective_extension =
  36       GetExtensionFromFrameAndWorld(frame, world_id, true);
  37
  38   GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame);
  39   Feature::Context context_type =
  40       ClassifyJavaScriptContext(extension, extension_group, frame_url,
  41                                 frame->document().securityOrigin());
  42   Feature::Context effective_context_type = ClassifyJavaScriptContext(
  43       effective_extension, extension_group,
  44       ScriptContext::GetEffectiveDocumentURL(frame, frame_url, true),
  45       frame->document().securityOrigin());
  46
  47   ScriptContext* context =
  48       new ScriptContext(v8_context, frame, extension, context_type,
  49                         effective_extension, effective_context_type);
  50   contexts_.insert(context);  // takes ownership
  51   return context;
  52 }
  53
  54 void ScriptContextSet::Remove(ScriptContext* context) {
  55   if (contexts_.erase(context)) {
  56     context->Invalidate();
  57     base::MessageLoop::current()->DeleteSoon(FROM_HERE, context);
  58   }
  59 }
  60
  61 ScriptContext* ScriptContextSet::GetCurrent() const {
  62   v8::Isolate* isolate = v8::Isolate::GetCurrent();
  63   return isolate->InContext() ? GetByV8Context(isolate->GetCurrentContext())
  64                               : nullptr;
  65 }
  66
  67 ScriptContext* ScriptContextSet::GetCalling() const {
  68   v8::Isolate* isolate = v8::Isolate::GetCurrent();
  69   v8::Local<v8::Context> calling = isolate->GetCallingContext();
  70   return calling.IsEmpty() ? nullptr : GetByV8Context(calling);
  71 }
  72
  73 ScriptContext* ScriptContextSet::GetByV8Context(
  74     const v8::Handle<v8::Context>& v8_context) const {
  75   for (ScriptContext* script_context : contexts_) {
  76     if (script_context->v8_context() == v8_context)
  77       return script_context;
  78   }
  79   return nullptr;
  80 }
  81
  82 void ScriptContextSet::ForEach(
  83     const std::string& extension_id,
  84     content::RenderView* render_view,
  85     const base::Callback<void(ScriptContext*)>& callback) const {
  86   // We copy the context list, because calling into javascript may modify it
  87   // out from under us.
  88   std::set<ScriptContext*> contexts_copy = contexts_;
  89
  90   for (ScriptContext* context : contexts_copy) {
  91     // For the same reason as above, contexts may become invalid while we run.
  92     if (!context->is_valid())
  93       continue;
  94
  95     if (!extension_id.empty()) {
  96       const Extension* extension = context->extension();
  97       if (!extension || (extension_id != extension->id()))
  98         continue;
  99     }
 100
 101     content::RenderView* context_render_view = context->GetRenderView();
 102     if (!context_render_view)
 103       continue;
 104
 105     if (render_view && render_view != context_render_view)
 106       continue;
 107
 108     callback.Run(context);
 109   }
 110 }
 111
 112 std::set<ScriptContext*> ScriptContextSet::OnExtensionUnloaded(
 113     const std::string& extension_id) {
 114   std::set<ScriptContext*> removed;
 115   ForEach(extension_id,
 116           base::Bind(&ScriptContextSet::DispatchOnUnloadEventAndRemove,
 117                      base::Unretained(this), &removed));
 118   return removed;
 119 }
 120
 121 const Extension* ScriptContextSet::GetExtensionFromFrameAndWorld(
 122     const blink::WebLocalFrame* frame,
 123     int world_id,
 124     bool use_effective_url) {
 125   std::string extension_id;
 126   if (world_id != 0) {
 127     // Isolated worlds (content script).
 128     extension_id = ScriptInjection::GetHostIdForIsolatedWorld(world_id);
 129   } else if (!frame->document().securityOrigin().isUnique()) {
 130     // TODO(kalman): Delete the above check.
 131     // Extension pages (chrome-extension:// URLs).
 132     GURL frame_url = ScriptContext::GetDataSourceURLForFrame(frame);
 133     frame_url = ScriptContext::GetEffectiveDocumentURL(frame, frame_url,
 134                                                        use_effective_url);
 135     extension_id = extensions_->GetExtensionOrAppIDByURL(frame_url);
 136   }
 137
 138   // There are conditions where despite a context being associated with an
 139   // extension, no extension actually gets found. Ignore "invalid" because CSP
 140   // blocks extension page loading by switching the extension ID to "invalid".
 141   const Extension* extension = extensions_->GetByID(extension_id);
 142   if (!extension && !extension_id.empty() && extension_id != "invalid") {
 143     // TODO(kalman): Do something here?
 144   }
 145   return extension;
 146 }
 147
 148 Feature::Context ScriptContextSet::ClassifyJavaScriptContext(
 149     const Extension* extension,
 150     int extension_group,
 151     const GURL& url,
 152     const blink::WebSecurityOrigin& origin) {
 153   // WARNING: This logic must match ProcessMap::GetContextType, as much as
 154   // possible.
 155
 156   DCHECK_GE(extension_group, 0);
 157   if (extension_group == EXTENSION_GROUP_CONTENT_SCRIPTS) {
 158     return extension ?  // TODO(kalman): when does this happen?
 159                Feature::CONTENT_SCRIPT_CONTEXT
 160                      : Feature::UNSPECIFIED_CONTEXT;
 161   }
 162
 163   // We have an explicit check for sandboxed pages before checking whether the
 164   // extension is active in this process because:
 165   // 1. Sandboxed pages run in the same process as regular extension pages, so
 166   //    the extension is considered active.
 167   // 2. ScriptContext creation (which triggers bindings injection) happens
 168   //    before the SecurityContext is updated with the sandbox flags (after
 169   //    reading the CSP header), so the caller can't check if the context's
 170   //    security origin is unique yet.
 171   if (ScriptContext::IsSandboxedPage(*extensions_, url))
 172     return Feature::WEB_PAGE_CONTEXT;
 173
 174   if (extension && active_extension_ids_->count(extension->id()) > 0) {
 175     // |extension| is active in this process, but it could be either a true
 176     // extension process or within the extent of a hosted app. In the latter
 177     // case this would usually be considered a (blessed) web page context,
 178     // unless the extension in question is a component extension, in which case
 179     // we cheat and call it blessed.
 180     return (extension->is_hosted_app() &&
 181             extension->location() != Manifest::COMPONENT)
 182                ? Feature::BLESSED_WEB_PAGE_CONTEXT
 183                : Feature::BLESSED_EXTENSION_CONTEXT;
 184   }
 185
 186   // TODO(kalman): This isUnique() check is wrong, it should be performed as
 187   // part of ScriptContext::IsSandboxedPage().
 188   if (!origin.isUnique() && extensions_->ExtensionBindingsAllowed(url)) {
 189     if (!extension)  // TODO(kalman): when does this happen?
 190       return Feature::UNSPECIFIED_CONTEXT;
 191     return extension->is_hosted_app() ? Feature::BLESSED_WEB_PAGE_CONTEXT
 192                                       : Feature::UNBLESSED_EXTENSION_CONTEXT;
 193   }
 194
 195   if (!url.is_valid())
 196     return Feature::UNSPECIFIED_CONTEXT;
 197
 198   if (url.SchemeIs(content::kChromeUIScheme))
 199     return Feature::WEBUI_CONTEXT;
 200
 201   return Feature::WEB_PAGE_CONTEXT;
 202 }
 203
 204 void ScriptContextSet::DispatchOnUnloadEventAndRemove(
 205     std::set<ScriptContext*>* out,
 206     ScriptContext* context) {
 207   context->DispatchOnUnloadEvent();
 208   Remove(context);  // deleted asynchronously
 209   out->insert(context);
 210 }
 211
 212 }  // namespace extensions