| // Copyright 2020 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/extensions/api/scripting/scripting_api.h" |
| |
| #include <algorithm> |
| |
| #include "base/check.h" |
| #include "base/json/json_writer.h" |
| #include "base/strings/string_util.h" |
| #include "base/strings/stringprintf.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "chrome/browser/extensions/extension_tab_util.h" |
| #include "chrome/browser/extensions/tab_helper.h" |
| #include "chrome/common/extensions/api/scripting.h" |
| #include "content/public/browser/browser_task_traits.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "extensions/browser/api/extension_types_utils.h" |
| #include "extensions/browser/extension_api_frame_id_map.h" |
| #include "extensions/browser/extension_file_task_runner.h" |
| #include "extensions/browser/extension_system.h" |
| #include "extensions/browser/extension_user_script_loader.h" |
| #include "extensions/browser/load_and_localize_file.h" |
| #include "extensions/browser/script_executor.h" |
| #include "extensions/browser/user_script_manager.h" |
| #include "extensions/common/api/extension_types.h" |
| #include "extensions/common/error_utils.h" |
| #include "extensions/common/extension.h" |
| #include "extensions/common/manifest_constants.h" |
| #include "extensions/common/mojom/css_origin.mojom-shared.h" |
| #include "extensions/common/mojom/host_id.mojom.h" |
| #include "extensions/common/mojom/run_location.mojom-shared.h" |
| #include "extensions/common/permissions/api_permission.h" |
| #include "extensions/common/permissions/permissions_data.h" |
| #include "extensions/common/utils/content_script_utils.h" |
| |
| namespace extensions { |
| |
| namespace { |
| |
| constexpr char kCouldNotLoadFileError[] = "Could not load file: '*'."; |
| constexpr char kDuplicateFileSpecifiedError[] = |
| "Duplicate file specified: '*'."; |
| constexpr char kExactlyOneOfCssAndFilesError[] = |
| "Exactly one of 'css' and 'files' must be specified."; |
| |
| // Note: CSS always injects as soon as possible, so we default to |
| // document_start. Because of tab loading, there's no guarantee this will |
| // *actually* inject before page load, but it will at least inject "soon". |
| constexpr mojom::RunLocation kCSSRunLocation = |
| mojom::RunLocation::kDocumentStart; |
| |
| // TODO(crbug.com/1168627): The can_execute_script_everywhere flag is currently |
| // only used by the legacy version Chromevox extension. We can assume it will |
| // always be false here, but it may be added back if needed. |
| constexpr bool kScriptsCanExecuteEverywhere = false; |
| |
| // The all_urls_includes_chrome_urls flag is only true for the legacy ChromeVox |
| // extension, which does not call this API. Therefore we can assume it to be |
| // always false. |
| constexpr bool kAllUrlsIncludesChromeUrls = false; |
| |
| // Converts the given `style_origin` to a CSSOrigin. |
| mojom::CSSOrigin ConvertStyleOriginToCSSOrigin( |
| api::scripting::StyleOrigin style_origin) { |
| mojom::CSSOrigin css_origin = mojom::CSSOrigin::kAuthor; |
| switch (style_origin) { |
| case api::scripting::STYLE_ORIGIN_NONE: |
| case api::scripting::STYLE_ORIGIN_AUTHOR: |
| css_origin = mojom::CSSOrigin::kAuthor; |
| break; |
| case api::scripting::STYLE_ORIGIN_USER: |
| css_origin = mojom::CSSOrigin::kUser; |
| break; |
| } |
| |
| return css_origin; |
| } |
| |
| std::string InjectionKeyForCode(const mojom::HostID& host_id, |
| const std::string& code) { |
| return ScriptExecutor::GenerateInjectionKey(host_id, /*script_url=*/GURL(), |
| code); |
| } |
| |
| std::string InjectionKeyForFile(const mojom::HostID& host_id, |
| const GURL& resource_url) { |
| return ScriptExecutor::GenerateInjectionKey(host_id, resource_url, |
| /*code=*/std::string()); |
| } |
| |
| // Constructs an array of file sources from the read file `data`. |
| std::vector<InjectedFileSource> ConstructFileSources( |
| std::vector<std::unique_ptr<std::string>> data, |
| std::vector<std::string> file_names) { |
| // Note: CHECK (and not DCHECK) because if it fails, we have an out-of-bounds |
| // access. |
| CHECK_EQ(data.size(), file_names.size()); |
| const size_t num_sources = data.size(); |
| std::vector<InjectedFileSource> sources; |
| sources.reserve(num_sources); |
| for (size_t i = 0; i < num_sources; ++i) |
| sources.emplace_back(std::move(file_names[i]), std::move(data[i])); |
| |
| return sources; |
| } |
| |
| std::vector<mojom::JSSourcePtr> FileSourcesToJSSources( |
| const Extension& extension, |
| std::vector<InjectedFileSource> file_sources) { |
| std::vector<mojom::JSSourcePtr> js_sources; |
| js_sources.reserve(file_sources.size()); |
| for (auto& file_source : file_sources) { |
| js_sources.push_back( |
| mojom::JSSource::New(std::move(*file_source.data), |
| extension.GetResourceURL(file_source.file_name))); |
| } |
| |
| return js_sources; |
| } |
| |
| std::vector<mojom::CSSSourcePtr> FileSourcesToCSSSources( |
| const Extension& extension, |
| std::vector<InjectedFileSource> file_sources) { |
| mojom::HostID host_id(mojom::HostID::HostType::kExtensions, extension.id()); |
| |
| std::vector<mojom::CSSSourcePtr> css_sources; |
| css_sources.reserve(file_sources.size()); |
| for (auto& file_source : file_sources) { |
| css_sources.push_back(mojom::CSSSource::New( |
| std::move(*file_source.data), |
| InjectionKeyForFile(host_id, |
| extension.GetResourceURL(file_source.file_name)))); |
| } |
| |
| return css_sources; |
| } |
| |
| // Checks `files` and populates `resources_out` with the appropriate extension |
| // resource. Returns true on success; on failure, populates `error_out`. |
| bool GetFileResources(const std::vector<std::string>& files, |
| const Extension& extension, |
| std::vector<ExtensionResource>* resources_out, |
| std::string* error_out) { |
| if (files.empty()) { |
| static constexpr char kAtLeastOneFileError[] = |
| "At least one file must be specified."; |
| *error_out = kAtLeastOneFileError; |
| return false; |
| } |
| |
| std::vector<ExtensionResource> resources; |
| for (const auto& file : files) { |
| ExtensionResource resource = extension.GetResource(file); |
| if (resource.extension_root().empty() || resource.relative_path().empty()) { |
| *error_out = ErrorUtils::FormatErrorMessage(kCouldNotLoadFileError, file); |
| return false; |
| } |
| |
| // ExtensionResource doesn't implement an operator==. |
| auto existing = base::ranges::find_if( |
| resources, [&resource](const ExtensionResource& other) { |
| return resource.relative_path() == other.relative_path(); |
| }); |
| |
| if (existing != resources.end()) { |
| // Disallow duplicates. Note that we could allow this, if we wanted (and |
| // there *might* be reason to with JS injection, to perform an operation |
| // twice?). However, this matches content script behavior, and injecting |
| // twice can be done by chaining calls to executeScript() / insertCSS(). |
| // This isn't a robust check, and could probably be circumvented by |
| // passing two paths that look different but are the same - but in that |
| // case, we just try to load and inject the script twice, which is |
| // inefficient, but safe. |
| *error_out = |
| ErrorUtils::FormatErrorMessage(kDuplicateFileSpecifiedError, file); |
| return false; |
| } |
| |
| resources.push_back(std::move(resource)); |
| } |
| |
| resources_out->swap(resources); |
| return true; |
| } |
| |
| using ResourcesLoadedCallback = |
| base::OnceCallback<void(std::vector<InjectedFileSource>, |
| absl::optional<std::string>)>; |
| |
| // Checks the loaded content of extension resources. Invokes `callback` with |
| // the constructed file sources on success or with an error on failure. |
| void CheckLoadedResources(std::vector<std::string> file_names, |
| ResourcesLoadedCallback callback, |
| std::vector<std::unique_ptr<std::string>> file_data, |
| absl::optional<std::string> load_error) { |
| if (load_error) { |
| std::move(callback).Run({}, std::move(load_error)); |
| return; |
| } |
| |
| std::vector<InjectedFileSource> file_sources = |
| ConstructFileSources(std::move(file_data), std::move(file_names)); |
| |
| for (const auto& source : file_sources) { |
| DCHECK(source.data); |
| // TODO(devlin): What necessitates this encoding requirement? Is it needed |
| // for blink injection? |
| if (!base::IsStringUTF8(*source.data)) { |
| static constexpr char kBadFileEncodingError[] = |
| "Could not load file '*'. It isn't UTF-8 encoded."; |
| std::string error = ErrorUtils::FormatErrorMessage(kBadFileEncodingError, |
| source.file_name); |
| std::move(callback).Run({}, std::move(error)); |
| return; |
| } |
| } |
| |
| std::move(callback).Run(std::move(file_sources), absl::nullopt); |
| } |
| |
| // Checks the specified `files` for validity, and attempts to load and localize |
| // them, invoking `callback` with the result. Returns true on success; on |
| // failure, populates `error`. |
| bool CheckAndLoadFiles(std::vector<std::string> files, |
| const Extension& extension, |
| bool requires_localization, |
| ResourcesLoadedCallback callback, |
| std::string* error) { |
| std::vector<ExtensionResource> resources; |
| if (!GetFileResources(files, extension, &resources, error)) |
| return false; |
| |
| LoadAndLocalizeResources( |
| extension, resources, requires_localization, |
| base::BindOnce(&CheckLoadedResources, std::move(files), |
| std::move(callback))); |
| return true; |
| } |
| |
| // Returns true if the `permissions` allow for injection into the given `frame`. |
| // If false, populates `error`. |
| bool HasPermissionToInjectIntoFrame(const PermissionsData& permissions, |
| int tab_id, |
| content::RenderFrameHost* frame, |
| std::string* error) { |
| GURL url = frame->GetLastCommittedURL(); |
| |
| // TODO(devlin): Add more schemes here, in line with |
| // https://crbug.com/55084. |
| if (url.SchemeIs(url::kAboutScheme) || url.SchemeIs(url::kDataScheme)) { |
| url::Origin origin = frame->GetLastCommittedOrigin(); |
| const url::SchemeHostPort& tuple_or_precursor_tuple = |
| origin.GetTupleOrPrecursorTupleIfOpaque(); |
| if (!tuple_or_precursor_tuple.IsValid()) { |
| if (permissions.HasAPIPermission(mojom::APIPermissionID::kTab)) { |
| *error = ErrorUtils::FormatErrorMessage( |
| manifest_errors::kCannotAccessPageWithUrl, url.spec()); |
| } else { |
| *error = manifest_errors::kCannotAccessPage; |
| } |
| return false; |
| } |
| |
| url = tuple_or_precursor_tuple.GetURL(); |
| } |
| |
| return permissions.CanAccessPage(url, tab_id, error); |
| } |
| |
| // Returns true if the `target` can be accessed with the given `permissions`. |
| // If the target can be accessed, populates `script_executor_out`, |
| // `frame_scope_out`, and `frame_ids_out` with the appropriate values; |
| // if the target cannot be accessed, populates `error_out`. |
| bool CanAccessTarget(const PermissionsData& permissions, |
| const api::scripting::InjectionTarget& target, |
| content::BrowserContext* browser_context, |
| bool include_incognito_information, |
| ScriptExecutor** script_executor_out, |
| ScriptExecutor::FrameScope* frame_scope_out, |
| std::set<int>* frame_ids_out, |
| std::string* error_out) { |
| content::WebContents* tab = nullptr; |
| TabHelper* tab_helper = nullptr; |
| if (!ExtensionTabUtil::GetTabById(target.tab_id, browser_context, |
| include_incognito_information, &tab) || |
| !(tab_helper = TabHelper::FromWebContents(tab))) { |
| // TODO(devlin): Add a constant for this in a centrally-consumable location. |
| *error_out = base::StringPrintf("No tab with id: %d", target.tab_id); |
| return false; |
| } |
| |
| if ((target.all_frames && *target.all_frames == true) && target.frame_ids) { |
| *error_out = "Cannot specify both 'allFrames' and 'frameIds'."; |
| return false; |
| } |
| |
| ScriptExecutor* script_executor = tab_helper->script_executor(); |
| DCHECK(script_executor); |
| |
| ScriptExecutor::FrameScope frame_scope = |
| target.all_frames && *target.all_frames == true |
| ? ScriptExecutor::INCLUDE_SUB_FRAMES |
| : ScriptExecutor::SPECIFIED_FRAMES; |
| |
| std::set<int> frame_ids; |
| if (target.frame_ids) { |
| frame_ids.insert(target.frame_ids->begin(), target.frame_ids->end()); |
| } else { |
| frame_ids.insert(ExtensionApiFrameIdMap::kTopFrameId); |
| } |
| |
| // TODO(devlin): If `allFrames` is true, we error out if the extension |
| // doesn't have access to the top frame (even if it may inject in child |
| // frames). This is inconsistent with content scripts (which can execute on |
| // child frames), but consistent with the old tabs.executeScript() API. |
| for (int frame_id : frame_ids) { |
| content::RenderFrameHost* frame = |
| ExtensionApiFrameIdMap::GetRenderFrameHostById(tab, frame_id); |
| if (!frame) { |
| *error_out = base::StringPrintf("No frame with id %d in tab with id %d", |
| frame_id, target.tab_id); |
| return false; |
| } |
| |
| DCHECK_EQ(content::WebContents::FromRenderFrameHost(frame), tab); |
| if (!HasPermissionToInjectIntoFrame(permissions, target.tab_id, frame, |
| error_out)) { |
| return false; |
| } |
| } |
| |
| *frame_ids_out = std::move(frame_ids); |
| *frame_scope_out = frame_scope; |
| *script_executor_out = script_executor; |
| return true; |
| } |
| |
| std::unique_ptr<UserScript> ParseUserScript( |
| const Extension& extension, |
| const api::scripting::RegisteredContentScript& content_script, |
| int definition_index, |
| int valid_schemes, |
| std::u16string* error) { |
| auto result = std::make_unique<UserScript>(); |
| result->set_id(content_script.id); |
| result->set_host_id( |
| mojom::HostID(mojom::HostID::HostType::kExtensions, extension.id())); |
| |
| if (content_script.run_at != api::extension_types::RUN_AT_NONE) |
| result->set_run_location(ConvertRunLocation(content_script.run_at)); |
| |
| if (content_script.all_frames) |
| result->set_match_all_frames(*content_script.all_frames); |
| |
| if (!script_parsing::ParseMatchPatterns( |
| content_script.matches, content_script.exclude_matches.get(), |
| definition_index, extension.creation_flags(), |
| kScriptsCanExecuteEverywhere, valid_schemes, |
| kAllUrlsIncludesChromeUrls, result.get(), error, |
| /*wants_file_access=*/nullptr)) { |
| return nullptr; |
| } |
| |
| if (!script_parsing::ParseFileSources( |
| &extension, content_script.js.get(), content_script.css.get(), |
| definition_index, result.get(), error)) { |
| return nullptr; |
| } |
| |
| return result; |
| } |
| |
| ValidateContentScriptsResult ValidateParsedScriptsOnFileThread( |
| ExtensionResource::SymlinkPolicy symlink_policy, |
| std::unique_ptr<UserScriptList> scripts) { |
| DCHECK(GetExtensionFileTaskRunner()->RunsTasksInCurrentSequence()); |
| |
| // Validate that claimed script resources actually exist, and are UTF-8 |
| // encoded. |
| std::string error; |
| bool are_script_files_valid = |
| script_parsing::ValidateFileSources(*scripts, symlink_policy, &error); |
| |
| return std::make_pair(std::move(scripts), are_script_files_valid |
| ? absl::nullopt |
| : absl::make_optional(error)); |
| } |
| |
| } // namespace |
| |
| InjectedFileSource::InjectedFileSource(std::string file_name, |
| std::unique_ptr<std::string> data) |
| : file_name(std::move(file_name)), data(std::move(data)) {} |
| InjectedFileSource::InjectedFileSource(InjectedFileSource&&) = default; |
| InjectedFileSource::~InjectedFileSource() = default; |
| |
| ScriptingExecuteScriptFunction::ScriptingExecuteScriptFunction() = default; |
| ScriptingExecuteScriptFunction::~ScriptingExecuteScriptFunction() = default; |
| |
| ExtensionFunction::ResponseAction ScriptingExecuteScriptFunction::Run() { |
| std::unique_ptr<api::scripting::ExecuteScript::Params> params( |
| api::scripting::ExecuteScript::Params::Create(*args_)); |
| EXTENSION_FUNCTION_VALIDATE(params); |
| injection_ = std::move(params->injection); |
| |
| // Silently alias `function` to `func` for backwards compatibility. |
| // TODO(devlin): Remove this in M95. |
| if (injection_.function) { |
| if (injection_.func) { |
| return RespondNow( |
| Error("Both 'func' and 'function' were specified. " |
| "Only 'func' should be used.")); |
| } |
| injection_.func = std::move(injection_.function); |
| } |
| |
| if ((injection_.files && injection_.func) || |
| (!injection_.files && !injection_.func)) { |
| return RespondNow( |
| Error("Exactly one of 'func' and 'files' must be specified")); |
| } |
| |
| if (injection_.files) { |
| if (injection_.args) |
| return RespondNow(Error("'args' may not be used with file injections.")); |
| |
| // JS files don't require localization. |
| constexpr bool kRequiresLocalization = false; |
| std::string error; |
| if (!CheckAndLoadFiles( |
| std::move(*injection_.files), *extension(), kRequiresLocalization, |
| base::BindOnce(&ScriptingExecuteScriptFunction::DidLoadResources, |
| this), |
| &error)) { |
| return RespondNow(Error(std::move(error))); |
| } |
| return RespondLater(); |
| } |
| |
| DCHECK(injection_.func); |
| |
| // TODO(devlin): This (wrapping a function to create an IIFE) is pretty hacky, |
| // and along with the JSON-serialization of the arguments to curry in. |
| // Add support to the ScriptExecutor to better support this case. |
| std::string args_expression; |
| if (injection_.args) { |
| std::vector<std::string> string_args; |
| string_args.reserve(injection_.args->size()); |
| for (const auto& arg : *injection_.args) { |
| DCHECK(arg); |
| std::string json; |
| if (!base::JSONWriter::Write(*arg, &json)) |
| return RespondNow(Error("Unserializable argument passed.")); |
| string_args.push_back(std::move(json)); |
| } |
| args_expression = base::JoinString(string_args, ","); |
| } |
| |
| std::string code_to_execute = base::StringPrintf( |
| "(%s)(%s)", injection_.func->c_str(), args_expression.c_str()); |
| |
| std::vector<mojom::JSSourcePtr> sources; |
| sources.push_back(mojom::JSSource::New(std::move(code_to_execute), GURL())); |
| |
| std::string error; |
| if (!Execute(std::move(sources), &error)) |
| return RespondNow(Error(std::move(error))); |
| |
| return RespondLater(); |
| } |
| |
| void ScriptingExecuteScriptFunction::DidLoadResources( |
| std::vector<InjectedFileSource> file_sources, |
| absl::optional<std::string> load_error) { |
| if (load_error) { |
| Respond(Error(std::move(*load_error))); |
| return; |
| } |
| |
| DCHECK(!file_sources.empty()); |
| |
| std::string error; |
| if (!Execute(FileSourcesToJSSources(*extension(), std::move(file_sources)), |
| &error)) { |
| Respond(Error(std::move(error))); |
| } |
| } |
| |
| bool ScriptingExecuteScriptFunction::Execute( |
| std::vector<mojom::JSSourcePtr> sources, |
| std::string* error) { |
| ScriptExecutor* script_executor = nullptr; |
| ScriptExecutor::FrameScope frame_scope = ScriptExecutor::SPECIFIED_FRAMES; |
| std::set<int> frame_ids; |
| if (!CanAccessTarget(*extension()->permissions_data(), injection_.target, |
| browser_context(), include_incognito_information(), |
| &script_executor, &frame_scope, &frame_ids, error)) { |
| return false; |
| } |
| |
| script_executor->ExecuteScript( |
| mojom::HostID(mojom::HostID::HostType::kExtensions, extension()->id()), |
| mojom::CodeInjection::NewJs(mojom::JSInjection::New(std::move(sources), |
| /*wants_result=*/true, |
| user_gesture())), |
| frame_scope, frame_ids, ScriptExecutor::MATCH_ABOUT_BLANK, |
| mojom::RunLocation::kDocumentIdle, ScriptExecutor::DEFAULT_PROCESS, |
| /* webview_src */ GURL(), |
| base::BindOnce(&ScriptingExecuteScriptFunction::OnScriptExecuted, this)); |
| |
| return true; |
| } |
| |
| void ScriptingExecuteScriptFunction::OnScriptExecuted( |
| std::vector<ScriptExecutor::FrameResult> frame_results) { |
| // If only a single frame was included and the injection failed, respond with |
| // an error. |
| if (frame_results.size() == 1 && !frame_results[0].error.empty()) { |
| Respond(Error(std::move(frame_results[0].error))); |
| return; |
| } |
| |
| // Otherwise, respond successfully. We currently just skip over individual |
| // frames that failed. In the future, we can bubble up these error messages |
| // to the extension. |
| std::vector<api::scripting::InjectionResult> injection_results; |
| for (auto& result : frame_results) { |
| if (!result.error.empty()) |
| continue; |
| api::scripting::InjectionResult injection_result; |
| injection_result.result = |
| base::Value::ToUniquePtrValue(std::move(result.value)); |
| injection_result.frame_id = result.frame_id; |
| |
| // Put the top frame first; otherwise, any order. |
| if (result.frame_id == ExtensionApiFrameIdMap::kTopFrameId) { |
| injection_results.insert(injection_results.begin(), |
| std::move(injection_result)); |
| } else { |
| injection_results.push_back(std::move(injection_result)); |
| } |
| } |
| |
| Respond(ArgumentList( |
| api::scripting::ExecuteScript::Results::Create(injection_results))); |
| } |
| |
| ScriptingInsertCSSFunction::ScriptingInsertCSSFunction() = default; |
| ScriptingInsertCSSFunction::~ScriptingInsertCSSFunction() = default; |
| |
| ExtensionFunction::ResponseAction ScriptingInsertCSSFunction::Run() { |
| std::unique_ptr<api::scripting::InsertCSS::Params> params( |
| api::scripting::InsertCSS::Params::Create(*args_)); |
| EXTENSION_FUNCTION_VALIDATE(params); |
| |
| injection_ = std::move(params->injection); |
| |
| if ((injection_.files && injection_.css) || |
| (!injection_.files && !injection_.css)) { |
| return RespondNow(Error(kExactlyOneOfCssAndFilesError)); |
| } |
| |
| if (injection_.files) { |
| // CSS files require localization. |
| constexpr bool kRequiresLocalization = true; |
| std::string error; |
| if (!CheckAndLoadFiles( |
| std::move(*injection_.files), *extension(), kRequiresLocalization, |
| base::BindOnce(&ScriptingInsertCSSFunction::DidLoadResources, this), |
| &error)) { |
| return RespondNow(Error(std::move(error))); |
| } |
| return RespondLater(); |
| } |
| |
| DCHECK(injection_.css); |
| |
| mojom::HostID host_id(mojom::HostID::HostType::kExtensions, |
| extension()->id()); |
| |
| std::vector<mojom::CSSSourcePtr> sources; |
| sources.push_back( |
| mojom::CSSSource::New(std::move(*injection_.css), |
| InjectionKeyForCode(host_id, *injection_.css))); |
| |
| std::string error; |
| if (!Execute(std::move(sources), &error)) { |
| return RespondNow(Error(std::move(error))); |
| } |
| |
| return RespondLater(); |
| } |
| |
| void ScriptingInsertCSSFunction::DidLoadResources( |
| std::vector<InjectedFileSource> file_sources, |
| absl::optional<std::string> load_error) { |
| if (load_error) { |
| Respond(Error(std::move(*load_error))); |
| return; |
| } |
| |
| DCHECK(!file_sources.empty()); |
| std::vector<mojom::CSSSourcePtr> sources = |
| FileSourcesToCSSSources(*extension(), std::move(file_sources)); |
| |
| std::string error; |
| if (!Execute(std::move(sources), &error)) |
| Respond(Error(std::move(error))); |
| } |
| |
| bool ScriptingInsertCSSFunction::Execute( |
| std::vector<mojom::CSSSourcePtr> sources, |
| std::string* error) { |
| ScriptExecutor* script_executor = nullptr; |
| ScriptExecutor::FrameScope frame_scope = ScriptExecutor::SPECIFIED_FRAMES; |
| std::set<int> frame_ids; |
| if (!CanAccessTarget(*extension()->permissions_data(), injection_.target, |
| browser_context(), include_incognito_information(), |
| &script_executor, &frame_scope, &frame_ids, error)) { |
| return false; |
| } |
| DCHECK(script_executor); |
| |
| script_executor->ExecuteScript( |
| mojom::HostID(mojom::HostID::HostType::kExtensions, extension()->id()), |
| mojom::CodeInjection::NewCss(mojom::CSSInjection::New( |
| std::move(sources), ConvertStyleOriginToCSSOrigin(injection_.origin), |
| mojom::CSSInjection::Operation::kAdd)), |
| frame_scope, frame_ids, ScriptExecutor::MATCH_ABOUT_BLANK, |
| kCSSRunLocation, ScriptExecutor::DEFAULT_PROCESS, |
| /* webview_src */ GURL(), |
| base::BindOnce(&ScriptingInsertCSSFunction::OnCSSInserted, this)); |
| |
| return true; |
| } |
| |
| void ScriptingInsertCSSFunction::OnCSSInserted( |
| std::vector<ScriptExecutor::FrameResult> results) { |
| // If only a single frame was included and the injection failed, respond with |
| // an error. |
| if (results.size() == 1 && !results[0].error.empty()) { |
| Respond(Error(std::move(results[0].error))); |
| return; |
| } |
| |
| Respond(NoArguments()); |
| } |
| |
| ScriptingRemoveCSSFunction::ScriptingRemoveCSSFunction() = default; |
| ScriptingRemoveCSSFunction::~ScriptingRemoveCSSFunction() = default; |
| |
| ExtensionFunction::ResponseAction ScriptingRemoveCSSFunction::Run() { |
| std::unique_ptr<api::scripting::RemoveCSS::Params> params( |
| api::scripting::RemoveCSS::Params::Create(*args_)); |
| EXTENSION_FUNCTION_VALIDATE(params); |
| |
| api::scripting::CSSInjection& injection = params->injection; |
| |
| if ((injection.files && injection.css) || |
| (!injection.files && !injection.css)) { |
| return RespondNow(Error(kExactlyOneOfCssAndFilesError)); |
| } |
| |
| ScriptExecutor* script_executor = nullptr; |
| ScriptExecutor::FrameScope frame_scope = ScriptExecutor::SPECIFIED_FRAMES; |
| std::set<int> frame_ids; |
| std::string error; |
| if (!CanAccessTarget(*extension()->permissions_data(), injection.target, |
| browser_context(), include_incognito_information(), |
| &script_executor, &frame_scope, &frame_ids, &error)) { |
| return RespondNow(Error(std::move(error))); |
| } |
| DCHECK(script_executor); |
| |
| mojom::HostID host_id(mojom::HostID::HostType::kExtensions, |
| extension()->id()); |
| std::vector<mojom::CSSSourcePtr> sources; |
| |
| if (injection.files) { |
| std::vector<ExtensionResource> resources; |
| if (!GetFileResources(*injection.files, *extension(), &resources, &error)) |
| return RespondNow(Error(std::move(error))); |
| |
| // Note: Since we're just removing the CSS, we don't actually need to load |
| // the file here. It's okay for `code` to be empty in this case. |
| const std::string empty_code; |
| sources.reserve(injection.files->size()); |
| |
| for (const auto& file : *injection.files) { |
| sources.push_back(mojom::CSSSource::New( |
| empty_code, |
| InjectionKeyForFile(host_id, extension()->GetResourceURL(file)))); |
| } |
| } else { |
| DCHECK(injection.css); |
| sources.push_back( |
| mojom::CSSSource::New(std::move(*injection.css), |
| InjectionKeyForCode(host_id, *injection.css))); |
| } |
| |
| script_executor->ExecuteScript( |
| std::move(host_id), |
| mojom::CodeInjection::NewCss(mojom::CSSInjection::New( |
| std::move(sources), ConvertStyleOriginToCSSOrigin(injection.origin), |
| mojom::CSSInjection::Operation::kRemove)), |
| frame_scope, frame_ids, ScriptExecutor::MATCH_ABOUT_BLANK, |
| kCSSRunLocation, ScriptExecutor::DEFAULT_PROCESS, |
| /* webview_src */ GURL(), |
| base::BindOnce(&ScriptingRemoveCSSFunction::OnCSSRemoved, this)); |
| |
| return RespondLater(); |
| } |
| |
| void ScriptingRemoveCSSFunction::OnCSSRemoved( |
| std::vector<ScriptExecutor::FrameResult> results) { |
| // If only a single frame was included and the injection failed, respond with |
| // an error. |
| if (results.size() == 1 && !results[0].error.empty()) { |
| Respond(Error(std::move(results[0].error))); |
| return; |
| } |
| |
| Respond(NoArguments()); |
| } |
| |
| ScriptingRegisterContentScriptsFunction:: |
| ScriptingRegisterContentScriptsFunction() = default; |
| ScriptingRegisterContentScriptsFunction:: |
| ~ScriptingRegisterContentScriptsFunction() = default; |
| |
| ExtensionFunction::ResponseAction |
| ScriptingRegisterContentScriptsFunction::Run() { |
| std::unique_ptr<api::scripting::RegisterContentScripts::Params> params( |
| api::scripting::RegisterContentScripts::Params::Create(*args_)); |
| EXTENSION_FUNCTION_VALIDATE(params); |
| |
| std::vector<api::scripting::RegisteredContentScript>& scripts = |
| params->scripts; |
| |
| ExtensionUserScriptLoader* loader = |
| ExtensionSystem::Get(browser_context()) |
| ->user_script_manager() |
| ->GetUserScriptLoaderForExtension(extension()->id()); |
| std::set<std::string> existing_script_ids = loader->GetDynamicScriptIDs(); |
| std::set<std::string> new_script_ids; |
| for (const auto& script : scripts) { |
| if (script.id.empty()) |
| return RespondNow(Error("Content script's ID must not be empty")); |
| |
| if (script.id[0] == UserScript::kGeneratedIDPrefix) { |
| return RespondNow(Error(base::StringPrintf( |
| "Content script's ID '%s' must not start with '%c'", |
| script.id.c_str(), UserScript::kGeneratedIDPrefix))); |
| } |
| |
| if (base::Contains(existing_script_ids, script.id) || |
| base::Contains(new_script_ids, script.id)) { |
| return RespondNow(Error( |
| base::StringPrintf("Duplicate script ID '%s'", script.id.c_str()))); |
| } |
| |
| new_script_ids.insert(script.id); |
| } |
| |
| std::u16string parse_error; |
| auto parsed_scripts = std::make_unique<UserScriptList>(); |
| const int valid_schemes = |
| UserScript::ValidUserScriptSchemes(kScriptsCanExecuteEverywhere); |
| |
| for (size_t i = 0; i < scripts.size(); ++i) { |
| // Parse/Create user script. |
| std::unique_ptr<UserScript> user_script = ParseUserScript( |
| *extension(), scripts[i], i, valid_schemes, &parse_error); |
| if (!user_script) |
| return RespondNow(Error(base::UTF16ToASCII(parse_error))); |
| |
| parsed_scripts->push_back(std::move(user_script)); |
| } |
| |
| // Add new script IDs now in case another call with the same script IDs is |
| // made immediately following this one. |
| loader->AddPendingDynamicScriptIDs(std::move(new_script_ids)); |
| |
| base::PostTaskAndReplyWithResult( |
| GetExtensionFileTaskRunner().get(), FROM_HERE, |
| base::BindOnce(&ValidateParsedScriptsOnFileThread, |
| script_parsing::GetSymlinkPolicy(extension()), |
| std::move(parsed_scripts)), |
| base::BindOnce(&ScriptingRegisterContentScriptsFunction:: |
| OnContentScriptFilesValidated, |
| this)); |
| |
| // Balanced in `OnContentScriptFilesValidated()` or |
| // `OnContentScriptsRegistered()`. |
| AddRef(); |
| return RespondLater(); |
| } |
| |
| void ScriptingRegisterContentScriptsFunction::OnContentScriptFilesValidated( |
| ValidateContentScriptsResult result) { |
| auto error = result.second; |
| auto scripts = std::move(result.first); |
| ExtensionUserScriptLoader* loader = |
| ExtensionSystem::Get(browser_context()) |
| ->user_script_manager() |
| ->GetUserScriptLoaderForExtension(extension()->id()); |
| |
| if (error.has_value()) { |
| std::set<std::string> ids_to_remove; |
| for (const auto& script : *scripts) |
| ids_to_remove.insert(script->id()); |
| |
| loader->RemovePendingDynamicScriptIDs(std::move(ids_to_remove)); |
| Respond(Error(*error)); |
| Release(); // Matches the `AddRef()` in `Run()`. |
| return; |
| } |
| |
| loader->AddDynamicScripts( |
| std::move(scripts), |
| base::BindOnce( |
| &ScriptingRegisterContentScriptsFunction::OnContentScriptsRegistered, |
| this)); |
| } |
| |
| void ScriptingRegisterContentScriptsFunction::OnContentScriptsRegistered( |
| const absl::optional<std::string>& error) { |
| if (error.has_value()) |
| Respond(Error(*error)); |
| else |
| Respond(NoArguments()); |
| Release(); // Matches the `AddRef()` in `Run()`. |
| } |
| |
| } // namespace extensions |