feat: partially support chrome.tabs.update (#30069)

shell/browser/extensions/api/tabs/tabs_api.cc

@@ -7,6 +7,9 @@
 #include <memory>
 #include <utility>
 
+#include "chrome/common/url_constants.h"
+#include "components/url_formatter/url_fixer.h"
+#include "content/public/browser/navigation_entry.h"
 #include "extensions/browser/extension_api_frame_id_map.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/manifest_constants.h"
@@ -319,4 +322,182 @@ ExtensionFunction::ResponseAction TabsSetZoomSettingsFunction::Run() {
   return RespondNow(NoArguments());
 }
 
+bool IsKillURL(const GURL& url) {
+#if DCHECK_IS_ON()
+  // Caller should ensure that |url| is already "fixed up" by
+  // url_formatter::FixupURL, which (among many other things) takes care
+  // of rewriting about:kill into chrome://kill/.
+  if (url.SchemeIs(url::kAboutScheme))
+    DCHECK(url.IsAboutBlank() || url.IsAboutSrcdoc());
+#endif
+
+  static const char* const kill_hosts[] = {
+      chrome::kChromeUICrashHost,         chrome::kChromeUIDelayedHangUIHost,
+      chrome::kChromeUIHangUIHost,        chrome::kChromeUIKillHost,
+      chrome::kChromeUIQuitHost,          chrome::kChromeUIRestartHost,
+      content::kChromeUIBrowserCrashHost, content::kChromeUIMemoryExhaustHost,
+  };
+
+  if (!url.SchemeIs(content::kChromeUIScheme))
+    return false;
+
+  return base::Contains(kill_hosts, url.host_piece());
+}
+
+GURL ResolvePossiblyRelativeURL(const std::string& url_string,
+                                const Extension* extension) {
+  GURL url = GURL(url_string);
+  if (!url.is_valid() && extension)
+    url = extension->GetResourceURL(url_string);
+
+  return url;
+}
+bool PrepareURLForNavigation(const std::string& url_string,
+                             const Extension* extension,
+                             GURL* return_url,
+                             std::string* error) {
+  GURL url = ResolvePossiblyRelativeURL(url_string, extension);
+
+  // Ideally, the URL would only be "fixed" for user input (e.g. for URLs
+  // entered into the Omnibox), but some extensions rely on the legacy behavior
+  // where all navigations were subject to the "fixing".  See also
+  // https://crbug.com/1145381.
+  url = url_formatter::FixupURL(url.spec(), "" /* = desired_tld */);
+
+  // Reject invalid URLs.
+  if (!url.is_valid()) {
+    const char kInvalidUrlError[] = "Invalid url: \"*\".";
+    *error = ErrorUtils::FormatErrorMessage(kInvalidUrlError, url_string);
+    return false;
+  }
+
+  // Don't let the extension crash the browser or renderers.
+  if (IsKillURL(url)) {
+    const char kNoCrashBrowserError[] =
+        "I'm sorry. I'm afraid I can't do that.";
+    *error = kNoCrashBrowserError;
+    return false;
+  }
+
+  // Don't let the extension navigate directly to devtools scheme pages, unless
+  // they have applicable permissions.
+  if (url.SchemeIs(content::kChromeDevToolsScheme) &&
+      !(extension->permissions_data()->HasAPIPermission(
+            extensions::mojom::APIPermissionID::kDevtools) ||
+        extension->permissions_data()->HasAPIPermission(
+            extensions::mojom::APIPermissionID::kDebugger))) {
+    const char kCannotNavigateToDevtools[] =
+        "Cannot navigate to a devtools:// page without either the devtools or "
+        "debugger permission.";
+    *error = kCannotNavigateToDevtools;
+    return false;
+  }
+
+  return_url->Swap(&url);
+  return true;
+}
+
+TabsUpdateFunction::TabsUpdateFunction() : web_contents_(nullptr) {}
+
+ExtensionFunction::ResponseAction TabsUpdateFunction::Run() {
+  std::unique_ptr<tabs::Update::Params> params(
+      tabs::Update::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params.get());
+
+  int tab_id = params->tab_id ? *params->tab_id : -1;
+  auto* contents = electron::api::WebContents::FromID(tab_id);
+  if (!contents)
+    return RespondNow(Error("No such tab"));
+
+  web_contents_ = contents->web_contents();
+
+  // Navigate the tab to a new location if the url is different.
+  std::string error;
+  if (params->update_properties.url.get()) {
+    std::string updated_url = *params->update_properties.url;
+    if (!UpdateURL(updated_url, tab_id, &error))
+      return RespondNow(Error(std::move(error)));
+  }
+
+  if (params->update_properties.muted.get()) {
+    contents->SetAudioMuted(*params->update_properties.muted);
+  }
+
+  return RespondNow(GetResult());
+}
+
+bool TabsUpdateFunction::UpdateURL(const std::string& url_string,
+                                   int tab_id,
+                                   std::string* error) {
+  GURL url;
+  if (!PrepareURLForNavigation(url_string, extension(), &url, error)) {
+    return false;
+  }
+
+  const bool is_javascript_scheme = url.SchemeIs(url::kJavaScriptScheme);
+  // JavaScript URLs are forbidden in chrome.tabs.update().
+  if (is_javascript_scheme) {
+    const char kJavaScriptUrlsNotAllowedInTabsUpdate[] =
+        "JavaScript URLs are not allowed in chrome.tabs.update. Use "
+        "chrome.tabs.executeScript instead.";
+    *error = kJavaScriptUrlsNotAllowedInTabsUpdate;
+    return false;
+  }
+
+  content::NavigationController::LoadURLParams load_params(url);
+
+  // Treat extension-initiated navigations as renderer-initiated so that the URL
+  // does not show in the omnibox until it commits.  This avoids URL spoofs
+  // since URLs can be opened on behalf of untrusted content.
+  load_params.is_renderer_initiated = true;
+  // All renderer-initiated navigations need to have an initiator origin.
+  load_params.initiator_origin = extension()->origin();
+  // |source_site_instance| needs to be set so that a renderer process
+  // compatible with |initiator_origin| is picked by Site Isolation.
+  load_params.source_site_instance = content::SiteInstance::CreateForURL(
+      web_contents_->GetBrowserContext(),
+      load_params.initiator_origin->GetURL());
+
+  // Marking the navigation as initiated via an API means that the focus
+  // will stay in the omnibox - see https://crbug.com/1085779.
+  load_params.transition_type = ui::PAGE_TRANSITION_FROM_API;
+
+  web_contents_->GetController().LoadURLWithParams(load_params);
+
+  DCHECK_EQ(url,
+            web_contents_->GetController().GetPendingEntry()->GetVirtualURL());
+
+  return true;
+}
+
+ExtensionFunction::ResponseValue TabsUpdateFunction::GetResult() {
+  if (!has_callback())
+    return NoArguments();
+
+  tabs::Tab tab;
+
+  auto* api_web_contents = electron::api::WebContents::From(web_contents_);
+  tab.id =
+      std::make_unique<int>(api_web_contents ? api_web_contents->ID() : -1);
+  // TODO(nornagon): in Chrome, the tab URL is only available to extensions
+  // that have the "tabs" (or "activeTab") permission. We should do the same
+  // permission check here.
+  tab.url = std::make_unique<std::string>(
+      web_contents_->GetLastCommittedURL().spec());
+
+  return ArgumentList(tabs::Get::Results::Create(std::move(tab)));
+}
+
+void TabsUpdateFunction::OnExecuteCodeFinished(
+    const std::string& error,
+    const GURL& url,
+    const base::ListValue& script_result) {
+  if (!error.empty()) {
+    Respond(Error(error));
+    return;
+  }
+
+  return Respond(GetResult());
+}
+
 }  // namespace extensions

shell/browser/extensions/api/tabs/tabs_api.h

@@ -88,6 +88,25 @@ class TabsGetZoomSettingsFunction : public ExtensionFunction {
   DECLARE_EXTENSION_FUNCTION("tabs.getZoomSettings", TABS_GETZOOMSETTINGS)
 };
 
+class TabsUpdateFunction : public ExtensionFunction {
+ public:
+  TabsUpdateFunction();
+
+ protected:
+  ~TabsUpdateFunction() override {}
+  bool UpdateURL(const std::string& url, int tab_id, std::string* error);
+  ResponseValue GetResult();
+
+  content::WebContents* web_contents_;
+
+ private:
+  ResponseAction Run() override;
+  void OnExecuteCodeFinished(const std::string& error,
+                             const GURL& on_url,
+                             const base::ListValue& script_result);
+
+  DECLARE_EXTENSION_FUNCTION("tabs.update", TABS_UPDATE)
+};
 }  // namespace extensions
 
 #endif  // SHELL_BROWSER_EXTENSIONS_API_TABS_TABS_API_H_