# HG changeset patch # User Andrew Swan # Date 1474501816 25200 # Wed Sep 21 16:50:16 2016 -0700 # Node ID f4bac9e2b29f42e6a9f0f29c3504536e0494a5d7 # Parent e9cb0d6b717b395d77e521890fc6f1776b73624c Bug 1295324 Don't allow content scripts on pages with mozAddonManager diff --git a/toolkit/components/extensions/ExtensionContent.jsm b/toolkit/components/extensions/ExtensionContent.jsm --- a/toolkit/components/extensions/ExtensionContent.jsm +++ b/toolkit/components/extensions/ExtensionContent.jsm @@ -1,17 +1,17 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ "use strict"; this.EXPORTED_SYMBOLS = ["ExtensionContent"]; -/* globals ExtensionContent */ +/* globals ExtensionContent, AddonManagerPermissions */ /* * This file handles the content process side of extensions. It mainly * takes care of content script injection, content script APIs, and * messaging. */ const Ci = Components.interfaces; @@ -122,16 +122,23 @@ Script.prototype = { urls.push(url); } return urls; }, matches(window) { let uri = window.document.documentURIObject; + + // If mozAddonManager is present on this page, don't allow + // content scripts. + if (AddonManagerPermissions.isHostPermitted(uri.host)) { + return false; + } + if (!(this.matches_.matches(uri) || this.matches_host_.matchesIgnoringPath(uri))) { return false; } if (this.exclude_matches_.matches(uri)) { return false; } diff --git a/toolkit/components/extensions/test/mochitest/mochitest.ini b/toolkit/components/extensions/test/mochitest/mochitest.ini --- a/toolkit/components/extensions/test/mochitest/mochitest.ini +++ b/toolkit/components/extensions/test/mochitest/mochitest.ini @@ -47,16 +47,17 @@ skip-if = os == 'android' # Android does [test_ext_contentscript.html] skip-if = buildapp == 'b2g' # runat != document_idle is not supported. [test_ext_contentscript_api_injection.html] [test_ext_contentscript_context.html] [test_ext_contentscript_create_iframe.html] [test_ext_contentscript_devtools_metadata.html] [test_ext_contentscript_exporthelpers.html] [test_ext_contentscript_css.html] +[test_ext_contentscript_permission.html] [test_ext_contentscript_teardown.html] skip-if = (os == 'android') # Android does not support tabs API. Bug 1260250 [test_ext_exclude_include_globs.html] [test_ext_i18n_css.html] [test_ext_generate.html] [test_ext_notifications.html] [test_ext_permission_xhr.html] skip-if = buildapp == 'b2g' # JavaScript error: jar:remoteopenfile:///data/local/tmp/generated-extension.xpi!/content.js, line 46: NS_ERROR_ILLEGAL_VALUE: diff --git a/toolkit/components/extensions/test/mochitest/test_ext_contentscript_permission.html b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_permission.html new file mode 100644 --- /dev/null +++ b/toolkit/components/extensions/test/mochitest/test_ext_contentscript_permission.html @@ -0,0 +1,59 @@ + + + + Test for content script + + + + + + + + + + + +