Bug 1226423: Don't inject WebExtension APIs into documents without WebExtension principals. r=billm
authorKris Maglione <maglione.k@gmail.com>
Fri, 20 Nov 2015 15:09:28 -0800
changeset 310804 2948ba54950b65cadcacf16a75828e56e164998d
parent 310803 dcae05a0b0da59b35f21c6427efbbcba3f1b357d
child 310805 f127897cdf0193ac09fa96f6f5bec5d2ae2d2331
push id7797
push usermaglione.k@gmail.com
push dateTue, 24 Nov 2015 01:52:57 +0000
reviewersbillm
bugs1226423
milestone45.0a1
Bug 1226423: Don't inject WebExtension APIs into documents without WebExtension principals. r=billm
toolkit/components/extensions/Extension.jsm
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -282,44 +282,44 @@ var GlobalManager = {
   observe(contentWindow, topic, data) {
     function inject(extension, context) {
       let chromeObj = Cu.createObjectIn(contentWindow, {defineAs: "browser"});
       contentWindow.wrappedJSObject.chrome = contentWindow.wrappedJSObject.browser;
       let api = Management.generateAPIs(extension, context);
       injectAPI(api, chromeObj);
     }
 
+    // Find the add-on associated with this document via the
+    // principal's originAttributes. This value is computed by
+    // extensionURIToAddonID, which ensures that we don't inject our
+    // API into webAccessibleResources or remote web pages.
+    let principal = contentWindow.document.nodePrincipal;
+    let id = principal.originAttributes.addonId;
+    if (!this.extensionMap.has(id)) {
+      return;
+    }
+
     let docShell = contentWindow.QueryInterface(Ci.nsIInterfaceRequestor)
                                 .getInterface(Ci.nsIWebNavigation)
                                 .QueryInterface(Ci.nsIDocShellTreeItem)
                                 .sameTypeRootTreeItem
                                 .QueryInterface(Ci.nsIDocShell);
 
     if (this.docShells.has(docShell)) {
       let {extension, context} = this.docShells.get(docShell);
-      if (context) {
+      if (context && extension.id == id) {
         inject(extension, context);
       }
       return;
     }
 
     // We don't inject into sub-frames of a UI page.
     if (contentWindow != contentWindow.top) {
       return;
     }
-
-    // Find the add-on associated with this document via the
-    // principal's originAttributes. This value is computed by
-    // extensionURIToAddonID, which ensures that we don't inject our
-    // API into webAccessibleResources.
-    let principal = contentWindow.document.nodePrincipal;
-    let id = principal.originAttributes.addonId;
-    if (!this.extensionMap.has(id)) {
-      return;
-    }
     let extension = this.extensionMap.get(id);
     let uri = contentWindow.document.documentURIObject;
     let incognito = PrivateBrowsingUtils.isContentWindowPrivate(contentWindow);
     let context = new ExtensionPage(extension, {type: "tab", contentWindow, uri, docShell, incognito});
     inject(extension, context);
 
     let eventHandler = docShell.chromeEventHandler;
     let listener = event => {