extensions/renderer/script_context.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   6 #define EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/callback.h"
  13 #include "base/compiler_specific.h"
  14 #include "extensions/common/features/feature.h"
  15 #include "extensions/common/permissions/api_permission_set.h"
  16 #include "extensions/renderer/module_system.h"
  17 #include "extensions/renderer/request_sender.h"
  18 #include "extensions/renderer/safe_builtins.h"
  19 #include "gin/runner.h"
  20 #include "url/gurl.h"
  21 #include "v8/include/v8.h"
  22
  23 namespace blink {
  24 class WebFrame;
  25 class WebLocalFrame;
  26 }
  27
  28 namespace content {
  29 class RenderFrame;
  30 }
  31
  32 namespace extensions {
  33 class Extension;
  34 class ExtensionSet;
  35
  36 // Extensions wrapper for a v8 context.
  37 class ScriptContext : public RequestSender::Source {
  38  public:
  39   ScriptContext(const v8::Local<v8::Context>& context,
  40                 blink::WebLocalFrame* frame,
  41                 const Extension* extension,
  42                 Feature::Context context_type,
  43                 const Extension* effective_extension,
  44                 Feature::Context effective_context_type);
  45   ~ScriptContext() override;
  46
  47   // Returns whether |url| from any Extension in |extension_set| is sandboxed,
  48   // as declared in each Extension's manifest.
  49   // TODO(kalman): Delete this when crbug.com/466373 is fixed.
  50   // See comment in HasAccessOrThrowError.
  51   static bool IsSandboxedPage(const ExtensionSet& extension_set,
  52                               const GURL& url);
  53
  54   // Clears the WebFrame for this contexts and invalidates the associated
  55   // ModuleSystem.
  56   void Invalidate();
  57
  58   // Registers |observer| to be run when this context is invalidated. Closures
  59   // are run immediately when Invalidate() is called, not in a message loop.
  60   void AddInvalidationObserver(const base::Closure& observer);
  61
  62   // Returns true if this context is still valid, false if it isn't.
  63   // A context becomes invalid via Invalidate().
  64   bool is_valid() const { return is_valid_; }
  65
  66   v8::Local<v8::Context> v8_context() const {
  67     return v8::Local<v8::Context>::New(isolate_, v8_context_);
  68   }
  69
  70   const Extension* extension() const { return extension_.get(); }
  71
  72   const Extension* effective_extension() const {
  73     return effective_extension_.get();
  74   }
  75
  76   blink::WebLocalFrame* web_frame() const { return web_frame_; }
  77
  78   Feature::Context context_type() const { return context_type_; }
  79
  80   Feature::Context effective_context_type() const {
  81     return effective_context_type_;
  82   }
  83
  84   void set_module_system(scoped_ptr<ModuleSystem> module_system) {
  85     module_system_ = module_system.Pass();
  86   }
  87
  88   ModuleSystem* module_system() { return module_system_.get(); }
  89
  90   SafeBuiltins* safe_builtins() { return &safe_builtins_; }
  91
  92   const SafeBuiltins* safe_builtins() const { return &safe_builtins_; }
  93
  94   // Returns the ID of the extension associated with this context, or empty
  95   // string if there is no such extension.
  96   const std::string& GetExtensionID() const;
  97
  98   // Returns the RenderFrame associated with this context. Can return NULL if
  99   // the context is in the process of being destroyed.
 100   content::RenderFrame* GetRenderFrame() const;
 101
 102   // Runs |function| with appropriate scopes. Doesn't catch exceptions, callers
 103   // must do that if they want.
 104   //
 105   // USE THIS METHOD RATHER THAN v8::Function::Call WHEREVER POSSIBLE.
 106   v8::Local<v8::Value> CallFunction(const v8::Local<v8::Function>& function,
 107                                     int argc,
 108                                     v8::Local<v8::Value> argv[]) const;
 109   v8::Local<v8::Value> CallFunction(
 110       const v8::Local<v8::Function>& function) const;
 111
 112   void DispatchEvent(const char* event_name, v8::Local<v8::Array> args) const;
 113
 114   // Fires the onunload event on the unload_event module.
 115   void DispatchOnUnloadEvent();
 116
 117   // Returns the availability of the API |api_name|.
 118   Feature::Availability GetAvailability(const std::string& api_name);
 119
 120   // Returns a string description of the type of context this is.
 121   std::string GetContextTypeDescription() const;
 122
 123   // Returns a string description of the effective type of context this is.
 124   std::string GetEffectiveContextTypeDescription() const;
 125
 126   v8::Isolate* isolate() const { return isolate_; }
 127
 128   // Get the URL of this context's web frame.
 129   //
 130   // TODO(kalman): Remove this and replace with a GetOrigin() call which reads
 131   // of WebDocument::securityOrigin():
 132   //  - The URL can change (e.g. pushState) but the origin cannot. Luckily it
 133   //    appears as though callers don't make security decisions based on the
 134   //    result of GetURL() so it's not a problem... yet.
 135   //  - Origin is the correct check to be making.
 136   //  - It might let us remove the about:blank resolving?
 137   GURL GetURL() const;
 138
 139   // Returns whether the API |api| or any part of the API could be
 140   // available in this context without taking into account the context's
 141   // extension.
 142   bool IsAnyFeatureAvailableToContext(const extensions::Feature& api);
 143
 144   // Utility to get the URL we will match against for a frame. If the frame has
 145   // committed, this is the commited URL. Otherwise it is the provisional URL.
 146   // The returned URL may be invalid.
 147   static GURL GetDataSourceURLForFrame(const blink::WebFrame* frame);
 148
 149   // Returns the first non-about:-URL in the document hierarchy above and
 150   // including |frame|. The document hierarchy is only traversed if
 151   // |document_url| is an about:-URL and if |match_about_blank| is true.
 152   static GURL GetEffectiveDocumentURL(const blink::WebFrame* frame,
 153                                       const GURL& document_url,
 154                                       bool match_about_blank);
 155
 156   // RequestSender::Source implementation.
 157   ScriptContext* GetContext() override;
 158   void OnResponseReceived(const std::string& name,
 159                           int request_id,
 160                           bool success,
 161                           const base::ListValue& response,
 162                           const std::string& error) override;
 163
 164   // Grants a set of content capabilities to this context.
 165   void SetContentCapabilities(const APIPermissionSet& permissions);
 166
 167   // Indicates if this context has an effective API permission either by being
 168   // a context for an extension which has that permission, or by being a web
 169   // context which has been granted the corresponding capability by an
 170   // extension.
 171   bool HasAPIPermission(APIPermission::ID permission) const;
 172
 173   // Throws an Error in this context's JavaScript context, if this context does
 174   // not have access to |name|. Returns true if this context has access (i.e.
 175   // no exception thrown), false if it does not (i.e. an exception was thrown).
 176   bool HasAccessOrThrowError(const std::string& name);
 177
 178   // Returns a string representation of this ScriptContext, for debugging.
 179   std::string GetDebugString() const;
 180
 181   // Gets the current stack trace as a multi-line string to be logged.
 182   std::string GetStackTraceAsString() const;
 183
 184  private:
 185   class Runner;
 186
 187   // Whether this context is valid.
 188   bool is_valid_;
 189
 190   // The v8 context the bindings are accessible to.
 191   v8::Global<v8::Context> v8_context_;
 192
 193   // The WebLocalFrame associated with this context. This can be NULL because
 194   // this object can outlive is destroyed asynchronously.
 195   blink::WebLocalFrame* web_frame_;
 196
 197   // The extension associated with this context, or NULL if there is none. This
 198   // might be a hosted app in the case that this context is hosting a web URL.
 199   scoped_refptr<const Extension> extension_;
 200
 201   // The type of context.
 202   Feature::Context context_type_;
 203
 204   // The effective extension associated with this context, or NULL if there is
 205   // none. This is different from the above extension if this context is in an
 206   // about:blank iframe for example.
 207   scoped_refptr<const Extension> effective_extension_;
 208
 209   // The type of context.
 210   Feature::Context effective_context_type_;
 211
 212   // Owns and structures the JS that is injected to set up extension bindings.
 213   scoped_ptr<ModuleSystem> module_system_;
 214
 215   // Contains safe copies of builtin objects like Function.prototype.
 216   SafeBuiltins safe_builtins_;
 217
 218   // The set of capabilities granted to this context by extensions.
 219   APIPermissionSet content_capabilities_;
 220
 221   // A list of base::Closure instances as an observer interface for
 222   // invalidation.
 223   std::vector<base::Closure> invalidate_observers_;
 224
 225   v8::Isolate* isolate_;
 226
 227   GURL url_;
 228
 229   scoped_ptr<Runner> runner_;
 230
 231   DISALLOW_COPY_AND_ASSIGN(ScriptContext);
 232 };
 233
 234 }  // namespace extensions
 235
 236 #endif  // EXTENSIONS_RENDERER_SCRIPT_CONTEXT_H_