[Extensions] Don't inject scripts into remote frames, null documents.

BUG=466520 Review URL: https://codereview.chromium.org/1030323003 Cr-Commit-Position: refs/heads/master@{#322651}

[Extensions] Don't inject scripts into remote frames, null documents.
BUG=466520 Review URL: https://codereview.chromium.org/1030323003 Cr-Commit-Position: refs/heads/master@{#322651}
d406f43d · rdevlin.cronin · Commit bot · 34b2daa2 · d406f43d · d406f43d
Commit d406f43d authored Mar 27, 2015 by rdevlin.cronin Committed by Commit bot Mar 27, 2015
Showing with 9 additions and 5 deletions

extensions/renderer/programmatic_script_injector.cc extensions/renderer/programmatic_script_injector.cc +4 -0

extensions/renderer/user_script_set.cc extensions/renderer/user_script_set.cc +5 -5

No files found.
--- a/extensions/renderer/programmatic_script_injector.cc
+++ b/extensions/renderer/programmatic_script_injector.cc
@@ -70,6 +70,10 @@ PermissionsData::AccessType ProgrammaticScriptInjector::CanExecuteOnFrame(
    blink::WebFrame* frame,
    int tab_id,
    const GURL& top_url) const {
+  // It doesn't make sense to inject a script into a remote frame or a frame
+  // with a null document.
+  if (frame->isWebRemoteFrame() || frame->document().isNull())
+    return PermissionsData::ACCESS_DENIED;
  GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
      frame, frame->document().url(), params_->match_about_blank);
  if (params_->is_web_view) {

--- a/extensions/renderer/user_script_set.cc
+++ b/extensions/renderer/user_script_set.cc
@@ -205,17 +205,17 @@ scoped_ptr<ScriptInjection> UserScriptSet::GetInjectionForScript(
                                                             this,
                                                             is_declarative));

-  blink::WebDocument top_document = web_frame->top()->document();
-  // This can be null if site isolation is turned on. The best we can do is to
-  // just give up - generally the wrong behavior, but better than crashing.
+  blink::WebFrame* top_frame = web_frame->top();
+  // It doesn't make sense to do script injection for remote frames, since they
+  // cannot host any documents or content.
  // TODO(kalman): Fix this properly by moving all security checks into the
  // browser. See http://crbug.com/466373 for ongoing work here.
-  if (top_document.isNull())
+  if (top_frame->isWebRemoteFrame())
    return injection.Pass();

  if (injector->CanExecuteOnFrame(injection_host.get(), web_frame,
                                  -1,  // Content scripts are not tab-specific.
-                                  top_document.url()) ==
+                                  top_frame->document().url()) ==
      PermissionsData::ACCESS_DENIED) {
    return injection.Pass();
  }