| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "extensions/renderer/script_injection.h" |
| |
| #include <map> |
| |
| #include "base/lazy_instance.h" |
| #include "base/metrics/histogram.h" |
| #include "base/timer/elapsed_timer.h" |
| #include "base/values.h" |
| #include "content/public/renderer/render_view.h" |
| #include "content/public/renderer/v8_value_converter.h" |
| #include "extensions/common/extension.h" |
| #include "extensions/common/extension_messages.h" |
| #include "extensions/common/feature_switch.h" |
| #include "extensions/common/manifest_handlers/csp_info.h" |
| #include "extensions/renderer/dom_activity_logger.h" |
| #include "extensions/renderer/extension_groups.h" |
| #include "extensions/renderer/extensions_renderer_client.h" |
| #include "third_party/WebKit/public/platform/WebString.h" |
| #include "third_party/WebKit/public/web/WebDocument.h" |
| #include "third_party/WebKit/public/web/WebLocalFrame.h" |
| #include "third_party/WebKit/public/web/WebScopedUserGesture.h" |
| #include "third_party/WebKit/public/web/WebScriptSource.h" |
| #include "third_party/WebKit/public/web/WebSecurityOrigin.h" |
| #include "url/gurl.h" |
| |
| namespace extensions { |
| |
| namespace { |
| |
| typedef std::map<std::string, int> IsolatedWorldMap; |
| base::LazyInstance<IsolatedWorldMap> g_isolated_worlds = |
| LAZY_INSTANCE_INITIALIZER; |
| |
| const int64 kInvalidRequestId = -1; |
| |
| // The id of the next pending injection. |
| int64 g_next_pending_id = 0; |
| |
| bool ShouldNotifyBrowserOfInjections() { |
| return !FeatureSwitch::scripts_require_action()->IsEnabled(); |
| } |
| |
| // Append all the child frames of |parent_frame| to |frames_vector|. |
| void AppendAllChildFrames(blink::WebFrame* parent_frame, |
| std::vector<blink::WebFrame*>* frames_vector) { |
| DCHECK(parent_frame); |
| for (blink::WebFrame* child_frame = parent_frame->firstChild(); child_frame; |
| child_frame = child_frame->nextSibling()) { |
| frames_vector->push_back(child_frame); |
| AppendAllChildFrames(child_frame, frames_vector); |
| } |
| } |
| |
| // Gets the isolated world ID to use for the given |extension| in the given |
| // |frame|. If no isolated world has been created for that extension, |
| // one will be created and initialized. |
| int GetIsolatedWorldIdForExtension(const Extension* extension, |
| blink::WebLocalFrame* frame) { |
| static int g_next_isolated_world_id = |
| ExtensionsRendererClient::Get()->GetLowestIsolatedWorldId(); |
| |
| IsolatedWorldMap& isolated_worlds = g_isolated_worlds.Get(); |
| |
| int id = 0; |
| IsolatedWorldMap::iterator iter = isolated_worlds.find(extension->id()); |
| if (iter != isolated_worlds.end()) { |
| id = iter->second; |
| } else { |
| id = g_next_isolated_world_id++; |
| // This map will tend to pile up over time, but realistically, you're never |
| // going to have enough extensions for it to matter. |
| isolated_worlds[extension->id()] = id; |
| } |
| |
| // We need to set the isolated world origin and CSP even if it's not a new |
| // world since these are stored per frame, and we might not have used this |
| // isolated world in this frame before. |
| frame->setIsolatedWorldSecurityOrigin( |
| id, blink::WebSecurityOrigin::create(extension->url())); |
| frame->setIsolatedWorldContentSecurityPolicy( |
| id, |
| blink::WebString::fromUTF8(CSPInfo::GetContentSecurityPolicy(extension))); |
| frame->setIsolatedWorldHumanReadableName( |
| id, |
| blink::WebString::fromUTF8(extension->name())); |
| |
| return id; |
| } |
| |
| } // namespace |
| |
| // static |
| std::string ScriptInjection::GetExtensionIdForIsolatedWorld( |
| int isolated_world_id) { |
| IsolatedWorldMap& isolated_worlds = g_isolated_worlds.Get(); |
| |
| for (IsolatedWorldMap::iterator iter = isolated_worlds.begin(); |
| iter != isolated_worlds.end(); |
| ++iter) { |
| if (iter->second == isolated_world_id) |
| return iter->first; |
| } |
| return std::string(); |
| } |
| |
| // static |
| void ScriptInjection::RemoveIsolatedWorld(const std::string& extension_id) { |
| g_isolated_worlds.Get().erase(extension_id); |
| } |
| |
| ScriptInjection::ScriptInjection( |
| scoped_ptr<ScriptInjector> injector, |
| blink::WebLocalFrame* web_frame, |
| const std::string& extension_id, |
| UserScript::RunLocation run_location, |
| int tab_id) |
| : injector_(injector.Pass()), |
| web_frame_(web_frame), |
| extension_id_(extension_id), |
| run_location_(run_location), |
| tab_id_(tab_id), |
| request_id_(kInvalidRequestId), |
| complete_(false) { |
| } |
| |
| ScriptInjection::~ScriptInjection() { |
| if (!complete_) |
| injector_->OnWillNotInject(ScriptInjector::WONT_INJECT); |
| } |
| |
| bool ScriptInjection::TryToInject(UserScript::RunLocation current_location, |
| const Extension* extension, |
| ScriptsRunInfo* scripts_run_info) { |
| if (current_location < run_location_) |
| return false; // Wait for the right location. |
| |
| if (request_id_ != kInvalidRequestId) |
| return false; // We're waiting for permission right now, try again later. |
| |
| if (!extension) { |
| NotifyWillNotInject(ScriptInjector::EXTENSION_REMOVED); |
| return true; // We're done. |
| } |
| |
| switch (injector_->CanExecuteOnFrame( |
| extension, web_frame_, tab_id_, web_frame_->top()->document().url())) { |
| case PermissionsData::ACCESS_DENIED: |
| NotifyWillNotInject(ScriptInjector::NOT_ALLOWED); |
| return true; // We're done. |
| case PermissionsData::ACCESS_WITHHELD: |
| RequestPermission(); |
| return false; // Wait around for permission. |
| case PermissionsData::ACCESS_ALLOWED: |
| Inject(extension, scripts_run_info); |
| return true; // We're done! |
| } |
| |
| // Some compilers don't realize that we always return from the switch() above. |
| // Make them happy. |
| return false; |
| } |
| |
| bool ScriptInjection::OnPermissionGranted(const Extension* extension, |
| ScriptsRunInfo* scripts_run_info) { |
| if (!extension) { |
| NotifyWillNotInject(ScriptInjector::EXTENSION_REMOVED); |
| return false; |
| } |
| |
| Inject(extension, scripts_run_info); |
| return true; |
| } |
| |
| void ScriptInjection::RequestPermission() { |
| content::RenderView* render_view = |
| content::RenderView::FromWebView(web_frame()->top()->view()); |
| |
| // If we are just notifying the browser of the injection, then send an |
| // invalid request (which is treated like a notification). |
| request_id_ = ShouldNotifyBrowserOfInjections() ? kInvalidRequestId |
| : g_next_pending_id++; |
| render_view->Send(new ExtensionHostMsg_RequestScriptInjectionPermission( |
| render_view->GetRoutingID(), |
| extension_id_, |
| injector_->script_type(), |
| request_id_)); |
| } |
| |
| void ScriptInjection::NotifyWillNotInject( |
| ScriptInjector::InjectFailureReason reason) { |
| complete_ = true; |
| injector_->OnWillNotInject(reason); |
| } |
| |
| void ScriptInjection::Inject(const Extension* extension, |
| ScriptsRunInfo* scripts_run_info) { |
| DCHECK(extension); |
| DCHECK(scripts_run_info); |
| DCHECK(!complete_); |
| |
| if (ShouldNotifyBrowserOfInjections()) |
| RequestPermission(); |
| |
| std::vector<blink::WebFrame*> frame_vector; |
| frame_vector.push_back(web_frame_); |
| if (injector_->ShouldExecuteInChildFrames()) |
| AppendAllChildFrames(web_frame_, &frame_vector); |
| |
| scoped_ptr<blink::WebScopedUserGesture> gesture; |
| if (injector_->IsUserGesture()) |
| gesture.reset(new blink::WebScopedUserGesture()); |
| |
| bool inject_js = injector_->ShouldInjectJs(run_location_); |
| bool inject_css = injector_->ShouldInjectCss(run_location_); |
| DCHECK(inject_js || inject_css); |
| |
| scoped_ptr<base::ListValue> execution_results(new base::ListValue()); |
| GURL top_url = web_frame_->top()->document().url(); |
| for (std::vector<blink::WebFrame*>::iterator iter = frame_vector.begin(); |
| iter != frame_vector.end(); |
| ++iter) { |
| // TODO(dcheng): Unfortunately, the code as written won't work in an OOPI |
| // world. This is just a temporary hack to make things compile. |
| blink::WebLocalFrame* frame = (*iter)->toWebLocalFrame(); |
| |
| // We recheck access here in the renderer for extra safety against races |
| // with navigation, but different frames can have different URLs, and the |
| // extension might only have access to a subset of them. |
| // For child frames, we just skip ones the extension doesn't have access |
| // to and carry on. |
| // Note: we don't consider ACCESS_WITHHELD because there is nowhere to |
| // surface a request for a child frame. |
| // TODO(rdevlin.cronin): We should ask for permission somehow. |
| if (injector_->CanExecuteOnFrame(extension, frame, tab_id_, top_url) == |
| PermissionsData::ACCESS_DENIED) { |
| DCHECK(frame->parent()); |
| continue; |
| } |
| if (inject_js) |
| InjectJs(extension, frame, execution_results.get()); |
| if (inject_css) |
| InjectCss(frame); |
| } |
| |
| complete_ = true; |
| injector_->OnInjectionComplete(execution_results.Pass(), |
| scripts_run_info, |
| run_location_); |
| } |
| |
| void ScriptInjection::InjectJs(const Extension* extension, |
| blink::WebLocalFrame* frame, |
| base::ListValue* execution_results) { |
| std::vector<blink::WebScriptSource> sources = |
| injector_->GetJsSources(run_location_); |
| bool in_main_world = injector_->ShouldExecuteInMainWorld(); |
| int world_id = in_main_world |
| ? DOMActivityLogger::kMainWorldId |
| : GetIsolatedWorldIdForExtension(extension, frame); |
| bool expects_results = injector_->ExpectsResults(); |
| |
| base::ElapsedTimer exec_timer; |
| DOMActivityLogger::AttachToWorld(world_id, extension->id()); |
| v8::HandleScope scope(v8::Isolate::GetCurrent()); |
| v8::Local<v8::Value> script_value; |
| if (in_main_world) { |
| // We only inject in the main world for javascript: urls. |
| DCHECK_EQ(1u, sources.size()); |
| |
| const blink::WebScriptSource& source = sources.front(); |
| if (expects_results) |
| script_value = frame->executeScriptAndReturnValue(source); |
| else |
| frame->executeScript(source); |
| } else { // in isolated world |
| scoped_ptr<blink::WebVector<v8::Local<v8::Value> > > results; |
| if (expects_results) |
| results.reset(new blink::WebVector<v8::Local<v8::Value> >()); |
| frame->executeScriptInIsolatedWorld(world_id, |
| &sources.front(), |
| sources.size(), |
| EXTENSION_GROUP_CONTENT_SCRIPTS, |
| results.get()); |
| if (expects_results && !results->isEmpty()) |
| script_value = (*results)[0]; |
| } |
| |
| UMA_HISTOGRAM_TIMES("Extensions.InjectScriptTime", exec_timer.Elapsed()); |
| |
| if (expects_results) { |
| // Right now, we only support returning single results (per frame). |
| scoped_ptr<content::V8ValueConverter> v8_converter( |
| content::V8ValueConverter::create()); |
| // It's safe to always use the main world context when converting |
| // here. V8ValueConverterImpl shouldn't actually care about the |
| // context scope, and it switches to v8::Object's creation context |
| // when encountered. |
| v8::Local<v8::Context> context = frame->mainWorldScriptContext(); |
| scoped_ptr<base::Value> result( |
| v8_converter->FromV8Value(script_value, context)); |
| // Always append an execution result (i.e. no result == null result) |
| // so that |execution_results| lines up with the frames. |
| execution_results->Append(result.get() ? result.release() |
| : base::Value::CreateNullValue()); |
| } |
| } |
| |
| void ScriptInjection::InjectCss(blink::WebLocalFrame* frame) { |
| std::vector<std::string> css_sources = |
| injector_->GetCssSources(run_location_); |
| for (std::vector<std::string>::const_iterator iter = css_sources.begin(); |
| iter != css_sources.end(); |
| ++iter) { |
| frame->document().insertStyleSheet(blink::WebString::fromUTF8(*iter)); |
| } |
| } |
| |
| } // namespace extensions |
