extensions/renderer/script_context.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   6 #define EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "base/compiler_specific.h"
  14 #include "extensions/common/features/feature.h"
  15 #include "extensions/common/permissions/api_permission_set.h"
  16 #include "extensions/renderer/module_system.h"
  17 #include "extensions/renderer/request_sender.h"
  18 #include "extensions/renderer/safe_builtins.h"
  19 #include "gin/runner.h"
  20 #include "url/gurl.h"
  21 #include "v8/include/v8.h"
  22
  23 namespace blink {
  24 class WebFrame;
  25 class WebLocalFrame;
  26 }
  27
  28 namespace content {
  29 class RenderFrame;
  30 class RenderView;
  31 }
  32
  33 namespace extensions {
  34 class Extension;
  35 class ExtensionSet;
  36
  37 // Extensions wrapper for a v8 context.
  38 class ScriptContext : public RequestSender::Source {
  39  public:
  40   ScriptContext(const v8::Local<v8::Context>& context,
  41                 blink::WebLocalFrame* frame,
  42                 const Extension* extension,
  43                 Feature::Context context_type,
  44                 const Extension* effective_extension,
  45                 Feature::Context effective_context_type);
  46   ~ScriptContext() override;
  47
  48   // Returns whether |url| from any Extension in |extension_set| is sandboxed,
  49   // as declared in each Extension's manifest.
  50   // TODO(kalman): Delete this when crbug.com/466373 is fixed.
  51   // See comment in HasAccessOrThrowError.
  52   static bool IsSandboxedPage(const ExtensionSet& extension_set,
  53                               const GURL& url);
  54
  55   // Clears the WebFrame for this contexts and invalidates the associated
  56   // ModuleSystem.
  57   void Invalidate();
  58
  59   // Registers |observer| to be run when this context is invalidated. Closures
  60   // are run immediately when Invalidate() is called, not in a message loop.
  61   void AddInvalidationObserver(const base::Closure& observer);
  62
  63   // Returns true if this context is still valid, false if it isn't.
  64   // A context becomes invalid via Invalidate().
  65   bool is_valid() const { return is_valid_; }
  66
  67   v8::Local<v8::Context> v8_context() const {
  68     return v8::Local<v8::Context>::New(isolate_, v8_context_);
  69   }
  70
  71   const Extension* extension() const { return extension_.get(); }
  72
  73   const Extension* effective_extension() const {
  74     return effective_extension_.get();
  75   }
  76
  77   blink::WebLocalFrame* web_frame() const { return web_frame_; }
  78
  79   Feature::Context context_type() const { return context_type_; }
  80
  81   Feature::Context effective_context_type() const {
  82     return effective_context_type_;
  83   }
  84
  85   void set_module_system(scoped_ptr<ModuleSystem> module_system) {
  86     module_system_ = module_system.Pass();
  87   }
  88
  89   ModuleSystem* module_system() { return module_system_.get(); }
  90
  91   SafeBuiltins* safe_builtins() { return &safe_builtins_; }
  92
  93   const SafeBuiltins* safe_builtins() const { return &safe_builtins_; }
  94
  95   // Returns the ID of the extension associated with this context, or empty
  96   // string if there is no such extension.
  97   const std::string& GetExtensionID() const;
  98
  99   // Returns the RenderView associated with this context. Can return NULL if the
 100   // context is in the process of being destroyed.
 101   content::RenderView* GetRenderView() const;
 102
 103   // Returns the RenderFrame associated with this context. Can return NULL if
 104   // the context is in the process of being destroyed.
 105   content::RenderFrame* GetRenderFrame() const;
 106
 107   // Runs |function| with appropriate scopes. Doesn't catch exceptions, callers
 108   // must do that if they want.
 109   //
 110   // USE THIS METHOD RATHER THAN v8::Function::Call WHEREVER POSSIBLE.
 111   v8::Local<v8::Value> CallFunction(const v8::Local<v8::Function>& function,
 112                                     int argc,
 113                                     v8::Local<v8::Value> argv[]) const;
 114   v8::Local<v8::Value> CallFunction(
 115       const v8::Local<v8::Function>& function) const;
 116
 117   void DispatchEvent(const char* event_name, v8::Local<v8::Array> args) const;
 118
 119   // Fires the onunload event on the unload_event module.
 120   void DispatchOnUnloadEvent();
 121
 122   // Returns the availability of the API |api_name|.
 123   Feature::Availability GetAvailability(const std::string& api_name);
 124
 125   // Returns a string description of the type of context this is.
 126   std::string GetContextTypeDescription() const;
 127
 128   // Returns a string description of the effective type of context this is.
 129   std::string GetEffectiveContextTypeDescription() const;
 130
 131   v8::Isolate* isolate() const { return isolate_; }
 132
 133   // Get the URL of this context's web frame.
 134   //
 135   // TODO(kalman): Remove this and replace with a GetOrigin() call which reads
 136   // of WebDocument::securityOrigin():
 137   //  - The URL can change (e.g. pushState) but the origin cannot. Luckily it
 138   //    appears as though callers don't make security decisions based on the
 139   //    result of GetURL() so it's not a problem... yet.
 140   //  - Origin is the correct check to be making.
 141   //  - It might let us remove the about:blank resolving?
 142   GURL GetURL() const;
 143
 144   // Returns whether the API |api| or any part of the API could be
 145   // available in this context without taking into account the context's
 146   // extension.
 147   bool IsAnyFeatureAvailableToContext(const extensions::Feature& api);
 148
 149   // Utility to get the URL we will match against for a frame. If the frame has
 150   // committed, this is the commited URL. Otherwise it is the provisional URL.
 151   // The returned URL may be invalid.
 152   static GURL GetDataSourceURLForFrame(const blink::WebFrame* frame);
 153
 154   // Returns the first non-about:-URL in the document hierarchy above and
 155   // including |frame|. The document hierarchy is only traversed if
 156   // |document_url| is an about:-URL and if |match_about_blank| is true.
 157   static GURL GetEffectiveDocumentURL(const blink::WebFrame* frame,
 158                                       const GURL& document_url,
 159                                       bool match_about_blank);
 160
 161   // RequestSender::Source implementation.
 162   ScriptContext* GetContext() override;
 163   void OnResponseReceived(const std::string& name,
 164                           int request_id,
 165                           bool success,
 166                           const base::ListValue& response,
 167                           const std::string& error) override;
 168
 169   // Grants a set of content capabilities to this context.
 170   void SetContentCapabilities(const APIPermissionSet& permissions);
 171
 172   // Indicates if this context has an effective API permission either by being
 173   // a context for an extension which has that permission, or by being a web
 174   // context which has been granted the corresponding capability by an
 175   // extension.
 176   bool HasAPIPermission(APIPermission::ID permission) const;
 177
 178   // Throws an Error in this context's JavaScript context, if this context does
 179   // not have access to |name|. Returns true if this context has access (i.e.
 180   // no exception thrown), false if it does not (i.e. an exception was thrown).
 181   bool HasAccessOrThrowError(const std::string& name);
 182
 183   // Returns a string representation of this ScriptContext, for debugging.
 184   std::string GetDebugString() const;
 185
 186  private:
 187   class Runner;
 188
 189   // Whether this context is valid.
 190   bool is_valid_;
 191
 192   // The v8 context the bindings are accessible to.
 193   v8::Global<v8::Context> v8_context_;
 194
 195   // The WebLocalFrame associated with this context. This can be NULL because
 196   // this object can outlive is destroyed asynchronously.
 197   blink::WebLocalFrame* web_frame_;
 198
 199   // The extension associated with this context, or NULL if there is none. This
 200   // might be a hosted app in the case that this context is hosting a web URL.
 201   scoped_refptr<const Extension> extension_;
 202
 203   // The type of context.
 204   Feature::Context context_type_;
 205
 206   // The effective extension associated with this context, or NULL if there is
 207   // none. This is different from the above extension if this context is in an
 208   // about:blank iframe for example.
 209   scoped_refptr<const Extension> effective_extension_;
 210
 211   // The type of context.
 212   Feature::Context effective_context_type_;
 213
 214   // Owns and structures the JS that is injected to set up extension bindings.
 215   scoped_ptr<ModuleSystem> module_system_;
 216
 217   // Contains safe copies of builtin objects like Function.prototype.
 218   SafeBuiltins safe_builtins_;
 219
 220   // The set of capabilities granted to this context by extensions.
 221   APIPermissionSet content_capabilities_;
 222
 223   // A list of base::Closure instances as an observer interface for
 224   // invalidation.
 225   std::vector<base::Closure> invalidate_observers_;
 226
 227   v8::Isolate* isolate_;
 228
 229   GURL url_;
 230
 231   scoped_ptr<Runner> runner_;
 232
 233   DISALLOW_COPY_AND_ASSIGN(ScriptContext);
 234 };
 235
 236 }  // namespace extensions
 237
 238 #endif  // EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_