diff options
Diffstat (limited to 'chromium/content/browser/frame_host/render_frame_host_impl.cc')
-rw-r--r-- | chromium/content/browser/frame_host/render_frame_host_impl.cc | 837 |
1 files changed, 810 insertions, 27 deletions
diff --git a/chromium/content/browser/frame_host/render_frame_host_impl.cc b/chromium/content/browser/frame_host/render_frame_host_impl.cc index 658e834230d..397fd915ea4 100644 --- a/chromium/content/browser/frame_host/render_frame_host_impl.cc +++ b/chromium/content/browser/frame_host/render_frame_host_impl.cc @@ -4,31 +4,136 @@ #include "content/browser/frame_host/render_frame_host_impl.h" +#include "base/bind.h" #include "base/containers/hash_tables.h" #include "base/lazy_instance.h" +#include "base/metrics/user_metrics_action.h" +#include "content/browser/child_process_security_policy_impl.h" +#include "content/browser/frame_host/cross_process_frame_connector.h" +#include "content/browser/frame_host/cross_site_transferring_request.h" #include "content/browser/frame_host/frame_tree.h" #include "content/browser/frame_host/frame_tree_node.h" #include "content/browser/frame_host/navigator.h" #include "content/browser/frame_host/render_frame_host_delegate.h" +#include "content/browser/frame_host/render_frame_proxy_host.h" +#include "content/browser/renderer_host/input/input_router.h" +#include "content/browser/renderer_host/input/timeout_monitor.h" #include "content/browser/renderer_host/render_view_host_impl.h" +#include "content/browser/renderer_host/render_widget_host_impl.h" +#include "content/common/desktop_notification_messages.h" #include "content/common/frame_messages.h" +#include "content/common/input_messages.h" +#include "content/common/inter_process_time_ticks_converter.h" +#include "content/common/swapped_out_messages.h" #include "content/public/browser/browser_thread.h" +#include "content/public/browser/content_browser_client.h" +#include "content/public/browser/desktop_notification_delegate.h" #include "content/public/browser/render_process_host.h" +#include "content/public/browser/render_widget_host_view.h" #include "content/public/browser/user_metrics.h" +#include "content/public/common/content_constants.h" +#include "content/public/common/url_constants.h" +#include "content/public/common/url_utils.h" #include "url/gurl.h" +using base::TimeDelta; + namespace content { +namespace { + // The (process id, routing id) pair that identifies one RenderFrame. typedef std::pair<int32, int32> RenderFrameHostID; typedef base::hash_map<RenderFrameHostID, RenderFrameHostImpl*> RoutingIDFrameMap; -static base::LazyInstance<RoutingIDFrameMap> g_routing_id_frame_map = +base::LazyInstance<RoutingIDFrameMap> g_routing_id_frame_map = LAZY_INSTANCE_INITIALIZER; +class DesktopNotificationDelegateImpl : public DesktopNotificationDelegate { + public: + DesktopNotificationDelegateImpl(RenderFrameHost* render_frame_host, + int notification_id) + : render_process_id_(render_frame_host->GetProcess()->GetID()), + render_frame_id_(render_frame_host->GetRoutingID()), + notification_id_(notification_id) {} + + virtual ~DesktopNotificationDelegateImpl() {} + + virtual void NotificationDisplayed() OVERRIDE { + RenderFrameHost* rfh = + RenderFrameHost::FromID(render_process_id_, render_frame_id_); + if (!rfh) + return; + + rfh->Send(new DesktopNotificationMsg_PostDisplay( + rfh->GetRoutingID(), notification_id_)); + } + + virtual void NotificationError() OVERRIDE { + RenderFrameHost* rfh = + RenderFrameHost::FromID(render_process_id_, render_frame_id_); + if (!rfh) + return; + + rfh->Send(new DesktopNotificationMsg_PostError( + rfh->GetRoutingID(), notification_id_)); + delete this; + } + + virtual void NotificationClosed(bool by_user) OVERRIDE { + RenderFrameHost* rfh = + RenderFrameHost::FromID(render_process_id_, render_frame_id_); + if (!rfh) + return; + + rfh->Send(new DesktopNotificationMsg_PostClose( + rfh->GetRoutingID(), notification_id_, by_user)); + static_cast<RenderFrameHostImpl*>(rfh)->NotificationClosed( + notification_id_); + delete this; + } + + virtual void NotificationClick() OVERRIDE { + RenderFrameHost* rfh = + RenderFrameHost::FromID(render_process_id_, render_frame_id_); + if (!rfh) + return; + + rfh->Send(new DesktopNotificationMsg_PostClick( + rfh->GetRoutingID(), notification_id_)); + } + + private: + int render_process_id_; + int render_frame_id_; + int notification_id_; +}; + +// Translate a WebKit text direction into a base::i18n one. +base::i18n::TextDirection WebTextDirectionToChromeTextDirection( + blink::WebTextDirection dir) { + switch (dir) { + case blink::WebTextDirectionLeftToRight: + return base::i18n::LEFT_TO_RIGHT; + case blink::WebTextDirectionRightToLeft: + return base::i18n::RIGHT_TO_LEFT; + default: + NOTREACHED(); + return base::i18n::UNKNOWN_DIRECTION; + } +} + +} // namespace + +RenderFrameHost* RenderFrameHost::FromID(int render_process_id, + int render_frame_id) { + return RenderFrameHostImpl::FromID(render_process_id, render_frame_id); +} + // static RenderFrameHostImpl* RenderFrameHostImpl::FromID( int process_id, int routing_id) { + DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer(); RoutingIDFrameMap::iterator it = frames->find( RenderFrameHostID(process_id, routing_id)); @@ -44,10 +149,14 @@ RenderFrameHostImpl::RenderFrameHostImpl( bool is_swapped_out) : render_view_host_(render_view_host), delegate_(delegate), + cross_process_frame_connector_(NULL), + render_frame_proxy_host_(NULL), frame_tree_(frame_tree), frame_tree_node_(frame_tree_node), routing_id_(routing_id), - is_swapped_out_(is_swapped_out) { + is_swapped_out_(is_swapped_out), + weak_ptr_factory_(this) { + frame_tree_->RegisterRenderFrameHost(this); GetProcess()->AddRoute(routing_id_, this); g_routing_id_frame_map.Get().insert(std::make_pair( RenderFrameHostID(GetProcess()->GetID(), routing_id_), @@ -60,69 +169,743 @@ RenderFrameHostImpl::~RenderFrameHostImpl() { RenderFrameHostID(GetProcess()->GetID(), routing_id_)); if (delegate_) delegate_->RenderFrameDeleted(this); + + // Notify the FrameTree that this RFH is going away, allowing it to shut down + // the corresponding RenderViewHost if it is no longer needed. + frame_tree_->UnregisterRenderFrameHost(this); } int RenderFrameHostImpl::GetRoutingID() { return routing_id_; } +SiteInstance* RenderFrameHostImpl::GetSiteInstance() { + return render_view_host_->GetSiteInstance(); +} + +RenderProcessHost* RenderFrameHostImpl::GetProcess() { + // TODO(nasko): This should return its own process, once we have working + // cross-process navigation for subframes. + return render_view_host_->GetProcess(); +} + +RenderFrameHost* RenderFrameHostImpl::GetParent() { + FrameTreeNode* parent_node = frame_tree_node_->parent(); + if (!parent_node) + return NULL; + return parent_node->current_frame_host(); +} + +const std::string& RenderFrameHostImpl::GetFrameName() { + return frame_tree_node_->frame_name(); +} + +bool RenderFrameHostImpl::IsCrossProcessSubframe() { + FrameTreeNode* parent_node = frame_tree_node_->parent(); + if (!parent_node) + return false; + return GetSiteInstance() != + parent_node->current_frame_host()->GetSiteInstance(); +} + +GURL RenderFrameHostImpl::GetLastCommittedURL() { + return frame_tree_node_->current_url(); +} + +gfx::NativeView RenderFrameHostImpl::GetNativeView() { + RenderWidgetHostView* view = render_view_host_->GetView(); + if (!view) + return NULL; + return view->GetNativeView(); +} + +void RenderFrameHostImpl::ExecuteJavaScript( + const base::string16& javascript) { + Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_, + javascript, + 0, false)); +} + +void RenderFrameHostImpl::ExecuteJavaScript( + const base::string16& javascript, + const JavaScriptResultCallback& callback) { + static int next_id = 1; + int key = next_id++; + Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_, + javascript, + key, true)); + javascript_callbacks_.insert(std::make_pair(key, callback)); +} + +RenderViewHost* RenderFrameHostImpl::GetRenderViewHost() { + return render_view_host_; +} + bool RenderFrameHostImpl::Send(IPC::Message* message) { + if (IPC_MESSAGE_ID_CLASS(message->type()) == InputMsgStart) { + return render_view_host_->input_router()->SendInput( + make_scoped_ptr(message)); + } + + if (render_view_host_->IsSwappedOut()) { + DCHECK(render_frame_proxy_host_); + return render_frame_proxy_host_->Send(message); + } + return GetProcess()->Send(message); } bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) { + // Filter out most IPC messages if this renderer is swapped out. + // We still want to handle certain ACKs to keep our state consistent. + // TODO(nasko): Only check RenderViewHost state, as this object's own state + // isn't yet properly updated. Transition this check once the swapped out + // state is correct in RenderFrameHost itself. + if (render_view_host_->IsSwappedOut()) { + if (!SwappedOutMessages::CanHandleWhileSwappedOut(msg)) { + // If this is a synchronous message and we decided not to handle it, + // we must send an error reply, or else the renderer will be stuck + // and won't respond to future requests. + if (msg.is_sync()) { + IPC::Message* reply = IPC::SyncMessage::GenerateReply(&msg); + reply->set_reply_error(); + Send(reply); + } + // Don't continue looking for someone to handle it. + return true; + } + } + if (delegate_->OnMessageReceived(this, msg)) return true; + RenderFrameProxyHost* proxy = + frame_tree_node_->render_manager()->GetProxyToParent(); + if (proxy && proxy->cross_process_frame_connector() && + proxy->cross_process_frame_connector()->OnMessageReceived(msg)) + return true; + bool handled = true; - bool msg_is_ok = true; - IPC_BEGIN_MESSAGE_MAP_EX(RenderFrameHostImpl, msg, msg_is_ok) + IPC_BEGIN_MESSAGE_MAP(RenderFrameHostImpl, msg) + IPC_MESSAGE_HANDLER(FrameHostMsg_AddMessageToConsole, OnAddMessageToConsole) IPC_MESSAGE_HANDLER(FrameHostMsg_Detach, OnDetach) + IPC_MESSAGE_HANDLER(FrameHostMsg_FrameFocused, OnFrameFocused) IPC_MESSAGE_HANDLER(FrameHostMsg_DidStartProvisionalLoadForFrame, OnDidStartProvisionalLoadForFrame) - IPC_END_MESSAGE_MAP_EX() - - if (!msg_is_ok) { - // The message had a handler, but its de-serialization failed. - // Kill the renderer. - RecordAction(UserMetricsAction("BadMessageTerminate_RFH")); - GetProcess()->ReceivedBadMessage(); - } + IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailProvisionalLoadWithError, + OnDidFailProvisionalLoadWithError) + IPC_MESSAGE_HANDLER(FrameHostMsg_DidRedirectProvisionalLoad, + OnDidRedirectProvisionalLoad) + IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailLoadWithError, + OnDidFailLoadWithError) + IPC_MESSAGE_HANDLER_GENERIC(FrameHostMsg_DidCommitProvisionalLoad, + OnNavigate(msg)) + IPC_MESSAGE_HANDLER(FrameHostMsg_OpenURL, OnOpenURL) + IPC_MESSAGE_HANDLER(FrameHostMsg_DocumentOnLoadCompleted, + OnDocumentOnLoadCompleted) + IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnload_ACK, OnBeforeUnloadACK) + IPC_MESSAGE_HANDLER(FrameHostMsg_SwapOut_ACK, OnSwapOutACK) + IPC_MESSAGE_HANDLER(FrameHostMsg_ContextMenu, OnContextMenu) + IPC_MESSAGE_HANDLER(FrameHostMsg_JavaScriptExecuteResponse, + OnJavaScriptExecuteResponse) + IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunJavaScriptMessage, + OnRunJavaScriptMessage) + IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunBeforeUnloadConfirm, + OnRunBeforeUnloadConfirm) + IPC_MESSAGE_HANDLER(FrameHostMsg_DidAccessInitialDocument, + OnDidAccessInitialDocument) + IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisownOpener, OnDidDisownOpener) + IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateTitle, OnUpdateTitle) + IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateEncoding, OnUpdateEncoding) + IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_RequestPermission, + OnRequestDesktopNotificationPermission) + IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_Show, + OnShowDesktopNotification) + IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_Cancel, + OnCancelDesktopNotification) + IPC_MESSAGE_HANDLER(FrameHostMsg_TextSurroundingSelectionResponse, + OnTextSurroundingSelectionResponse) + IPC_END_MESSAGE_MAP() return handled; } void RenderFrameHostImpl::Init() { - GetProcess()->ResumeRequestsForView(routing_id()); + GetProcess()->ResumeRequestsForView(routing_id_); } -RenderProcessHost* RenderFrameHostImpl::GetProcess() const { - // TODO(nasko): This should return its own process, once we have working - // cross-process navigation for subframes. - return render_view_host_->GetProcess(); +void RenderFrameHostImpl::OnAddMessageToConsole( + int32 level, + const base::string16& message, + int32 line_no, + const base::string16& source_id) { + if (delegate_->AddMessageToConsole(level, message, line_no, source_id)) + return; + + // Pass through log level only on WebUI pages to limit console spew. + int32 resolved_level = + HasWebUIScheme(delegate_->GetMainFrameLastCommittedURL()) ? level : 0; + + if (resolved_level >= ::logging::GetMinLogLevel()) { + logging::LogMessage("CONSOLE", line_no, resolved_level).stream() << "\"" << + message << "\", source: " << source_id << " (" << line_no << ")"; + } } -void RenderFrameHostImpl::OnCreateChildFrame(int new_frame_routing_id, - int64 parent_frame_id, - int64 frame_id, +void RenderFrameHostImpl::OnCreateChildFrame(int new_routing_id, const std::string& frame_name) { RenderFrameHostImpl* new_frame = frame_tree_->AddFrame( - new_frame_routing_id, parent_frame_id, frame_id, frame_name); + frame_tree_node_, new_routing_id, frame_name); if (delegate_) delegate_->RenderFrameCreated(new_frame); } -void RenderFrameHostImpl::OnDetach(int64 parent_frame_id, int64 frame_id) { - frame_tree_->RemoveFrame(this, parent_frame_id, frame_id); +void RenderFrameHostImpl::OnDetach() { + frame_tree_->RemoveFrame(frame_tree_node_); +} + +void RenderFrameHostImpl::OnFrameFocused() { + frame_tree_->SetFocusedFrame(frame_tree_node_); +} + +void RenderFrameHostImpl::OnOpenURL( + const FrameHostMsg_OpenURL_Params& params) { + GURL validated_url(params.url); + GetProcess()->FilterURL(false, &validated_url); + + frame_tree_node_->navigator()->RequestOpenURL( + this, validated_url, params.referrer, params.disposition, + params.should_replace_current_entry, params.user_gesture); +} + +void RenderFrameHostImpl::OnDocumentOnLoadCompleted() { + // This message is only sent for top-level frames. TODO(avi): when frame tree + // mirroring works correctly, add a check here to enforce it. + delegate_->DocumentOnLoadCompleted(this); } void RenderFrameHostImpl::OnDidStartProvisionalLoadForFrame( - int64 frame_id, - int64 parent_frame_id, - bool is_main_frame, + int parent_routing_id, const GURL& url) { frame_tree_node_->navigator()->DidStartProvisionalLoad( - this, frame_id, parent_frame_id, is_main_frame, url); + this, parent_routing_id, url); +} + +void RenderFrameHostImpl::OnDidFailProvisionalLoadWithError( + const FrameHostMsg_DidFailProvisionalLoadWithError_Params& params) { + frame_tree_node_->navigator()->DidFailProvisionalLoadWithError(this, params); +} + +void RenderFrameHostImpl::OnDidFailLoadWithError( + const GURL& url, + int error_code, + const base::string16& error_description) { + GURL validated_url(url); + GetProcess()->FilterURL(false, &validated_url); + + frame_tree_node_->navigator()->DidFailLoadWithError( + this, validated_url, error_code, error_description); +} + +void RenderFrameHostImpl::OnDidRedirectProvisionalLoad( + int32 page_id, + const GURL& source_url, + const GURL& target_url) { + frame_tree_node_->navigator()->DidRedirectProvisionalLoad( + this, page_id, source_url, target_url); +} + +// Called when the renderer navigates. For every frame loaded, we'll get this +// notification containing parameters identifying the navigation. +// +// Subframes are identified by the page transition type. For subframes loaded +// as part of a wider page load, the page_id will be the same as for the top +// level frame. If the user explicitly requests a subframe navigation, we will +// get a new page_id because we need to create a new navigation entry for that +// action. +void RenderFrameHostImpl::OnNavigate(const IPC::Message& msg) { + // Read the parameters out of the IPC message directly to avoid making another + // copy when we filter the URLs. + PickleIterator iter(msg); + FrameHostMsg_DidCommitProvisionalLoad_Params validated_params; + if (!IPC::ParamTraits<FrameHostMsg_DidCommitProvisionalLoad_Params>:: + Read(&msg, &iter, &validated_params)) + return; + + // If we're waiting for a cross-site beforeunload ack from this renderer and + // we receive a Navigate message from the main frame, then the renderer was + // navigating already and sent it before hearing the ViewMsg_Stop message. + // We do not want to cancel the pending navigation in this case, since the + // old page will soon be stopped. Instead, treat this as a beforeunload ack + // to allow the pending navigation to continue. + if (render_view_host_->is_waiting_for_beforeunload_ack_ && + render_view_host_->unload_ack_is_for_cross_site_transition_ && + PageTransitionIsMainFrame(validated_params.transition)) { + OnBeforeUnloadACK(true, send_before_unload_start_time_, + base::TimeTicks::Now()); + return; + } + + // If we're waiting for an unload ack from this renderer and we receive a + // Navigate message, then the renderer was navigating before it received the + // unload request. It will either respond to the unload request soon or our + // timer will expire. Either way, we should ignore this message, because we + // have already committed to closing this renderer. + if (render_view_host_->IsWaitingForUnloadACK()) + return; + + RenderProcessHost* process = GetProcess(); + + // Attempts to commit certain off-limits URL should be caught more strictly + // than our FilterURL checks below. If a renderer violates this policy, it + // should be killed. + if (!CanCommitURL(validated_params.url)) { + VLOG(1) << "Blocked URL " << validated_params.url.spec(); + validated_params.url = GURL(url::kAboutBlankURL); + RecordAction(base::UserMetricsAction("CanCommitURL_BlockedAndKilled")); + // Kills the process. + process->ReceivedBadMessage(); + } + + // Without this check, an evil renderer can trick the browser into creating + // a navigation entry for a banned URL. If the user clicks the back button + // followed by the forward button (or clicks reload, or round-trips through + // session restore, etc), we'll think that the browser commanded the + // renderer to load the URL and grant the renderer the privileges to request + // the URL. To prevent this attack, we block the renderer from inserting + // banned URLs into the navigation controller in the first place. + process->FilterURL(false, &validated_params.url); + process->FilterURL(true, &validated_params.referrer.url); + for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); + it != validated_params.redirects.end(); ++it) { + process->FilterURL(false, &(*it)); + } + process->FilterURL(true, &validated_params.searchable_form_url); + + // Without this check, the renderer can trick the browser into using + // filenames it can't access in a future session restore. + if (!render_view_host_->CanAccessFilesOfPageState( + validated_params.page_state)) { + GetProcess()->ReceivedBadMessage(); + return; + } + + frame_tree_node()->navigator()->DidNavigate(this, validated_params); +} + +RenderWidgetHostImpl* RenderFrameHostImpl::GetRenderWidgetHost() { + return static_cast<RenderWidgetHostImpl*>(render_view_host_); +} + +int RenderFrameHostImpl::GetEnabledBindings() { + return render_view_host_->GetEnabledBindings(); +} + +void RenderFrameHostImpl::OnCrossSiteResponse( + const GlobalRequestID& global_request_id, + scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request, + const std::vector<GURL>& transfer_url_chain, + const Referrer& referrer, + PageTransition page_transition, + bool should_replace_current_entry) { + frame_tree_node_->render_manager()->OnCrossSiteResponse( + this, global_request_id, cross_site_transferring_request.Pass(), + transfer_url_chain, referrer, page_transition, + should_replace_current_entry); +} + +void RenderFrameHostImpl::SwapOut(RenderFrameProxyHost* proxy) { + // TODO(creis): Move swapped out state to RFH. Until then, only update it + // when swapping out the main frame. + if (!GetParent()) { + // If this RenderViewHost is not in the default state, it must have already + // gone through this, therefore just return. + if (render_view_host_->rvh_state_ != RenderViewHostImpl::STATE_DEFAULT) + return; + + render_view_host_->SetState( + RenderViewHostImpl::STATE_WAITING_FOR_UNLOAD_ACK); + render_view_host_->unload_event_monitor_timeout_->Start( + base::TimeDelta::FromMilliseconds( + RenderViewHostImpl::kUnloadTimeoutMS)); + } + + set_render_frame_proxy_host(proxy); + + if (render_view_host_->IsRenderViewLive()) + Send(new FrameMsg_SwapOut(routing_id_, proxy->GetRoutingID())); + + if (!GetParent()) + delegate_->SwappedOut(this); + + // Allow the navigation to proceed. + frame_tree_node_->render_manager()->SwappedOut(this); +} + +void RenderFrameHostImpl::OnBeforeUnloadACK( + bool proceed, + const base::TimeTicks& renderer_before_unload_start_time, + const base::TimeTicks& renderer_before_unload_end_time) { + // TODO(creis): Support properly beforeunload on subframes. For now just + // pretend that the handler ran and allowed the navigation to proceed. + if (GetParent()) { + render_view_host_->is_waiting_for_beforeunload_ack_ = false; + frame_tree_node_->render_manager()->OnBeforeUnloadACK( + render_view_host_->unload_ack_is_for_cross_site_transition_, proceed, + renderer_before_unload_end_time); + return; + } + + render_view_host_->decrement_in_flight_event_count(); + render_view_host_->StopHangMonitorTimeout(); + // If this renderer navigated while the beforeunload request was in flight, we + // may have cleared this state in OnNavigate, in which case we can ignore + // this message. + // However renderer might also be swapped out but we still want to proceed + // with navigation, otherwise it would block future navigations. This can + // happen when pending cross-site navigation is canceled by a second one just + // before OnNavigate while current RVH is waiting for commit but second + // navigation is started from the beginning. + if (!render_view_host_->is_waiting_for_beforeunload_ack_) { + return; + } + + render_view_host_->is_waiting_for_beforeunload_ack_ = false; + + base::TimeTicks before_unload_end_time; + if (!send_before_unload_start_time_.is_null() && + !renderer_before_unload_start_time.is_null() && + !renderer_before_unload_end_time.is_null()) { + // When passing TimeTicks across process boundaries, we need to compensate + // for any skew between the processes. Here we are converting the + // renderer's notion of before_unload_end_time to TimeTicks in the browser + // process. See comments in inter_process_time_ticks_converter.h for more. + InterProcessTimeTicksConverter converter( + LocalTimeTicks::FromTimeTicks(send_before_unload_start_time_), + LocalTimeTicks::FromTimeTicks(base::TimeTicks::Now()), + RemoteTimeTicks::FromTimeTicks(renderer_before_unload_start_time), + RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time)); + LocalTimeTicks browser_before_unload_end_time = + converter.ToLocalTimeTicks( + RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time)); + before_unload_end_time = browser_before_unload_end_time.ToTimeTicks(); + } + frame_tree_node_->render_manager()->OnBeforeUnloadACK( + render_view_host_->unload_ack_is_for_cross_site_transition_, proceed, + before_unload_end_time); + + // If canceled, notify the delegate to cancel its pending navigation entry. + if (!proceed) + render_view_host_->GetDelegate()->DidCancelLoading(); +} + +void RenderFrameHostImpl::OnSwapOutACK() { + OnSwappedOut(false); +} + +void RenderFrameHostImpl::OnSwappedOut(bool timed_out) { + // For now, we only need to update the RVH state machine for top-level swaps. + // Subframe swaps (in --site-per-process) can just continue via RFHM. + if (!GetParent()) + render_view_host_->OnSwappedOut(timed_out); + else + frame_tree_node_->render_manager()->SwappedOut(this); +} + +void RenderFrameHostImpl::OnContextMenu(const ContextMenuParams& params) { + // Validate the URLs in |params|. If the renderer can't request the URLs + // directly, don't show them in the context menu. + ContextMenuParams validated_params(params); + RenderProcessHost* process = GetProcess(); + + // We don't validate |unfiltered_link_url| so that this field can be used + // when users want to copy the original link URL. + process->FilterURL(true, &validated_params.link_url); + process->FilterURL(true, &validated_params.src_url); + process->FilterURL(false, &validated_params.page_url); + process->FilterURL(true, &validated_params.frame_url); + + delegate_->ShowContextMenu(this, validated_params); +} + +void RenderFrameHostImpl::OnJavaScriptExecuteResponse( + int id, const base::ListValue& result) { + const base::Value* result_value; + if (!result.Get(0, &result_value)) { + // Programming error or rogue renderer. + NOTREACHED() << "Got bad arguments for OnJavaScriptExecuteResponse"; + return; + } + + std::map<int, JavaScriptResultCallback>::iterator it = + javascript_callbacks_.find(id); + if (it != javascript_callbacks_.end()) { + it->second.Run(result_value); + javascript_callbacks_.erase(it); + } else { + NOTREACHED() << "Received script response for unknown request"; + } +} + +void RenderFrameHostImpl::OnRunJavaScriptMessage( + const base::string16& message, + const base::string16& default_prompt, + const GURL& frame_url, + JavaScriptMessageType type, + IPC::Message* reply_msg) { + // While a JS message dialog is showing, tabs in the same process shouldn't + // process input events. + GetProcess()->SetIgnoreInputEvents(true); + render_view_host_->StopHangMonitorTimeout(); + delegate_->RunJavaScriptMessage(this, message, default_prompt, + frame_url, type, reply_msg); +} + +void RenderFrameHostImpl::OnRunBeforeUnloadConfirm( + const GURL& frame_url, + const base::string16& message, + bool is_reload, + IPC::Message* reply_msg) { + // While a JS before unload dialog is showing, tabs in the same process + // shouldn't process input events. + GetProcess()->SetIgnoreInputEvents(true); + render_view_host_->StopHangMonitorTimeout(); + delegate_->RunBeforeUnloadConfirm(this, message, is_reload, reply_msg); +} + +void RenderFrameHostImpl::OnRequestDesktopNotificationPermission( + const GURL& source_origin, int callback_context) { + base::Closure done_callback = base::Bind( + &RenderFrameHostImpl::DesktopNotificationPermissionRequestDone, + weak_ptr_factory_.GetWeakPtr(), callback_context); + GetContentClient()->browser()->RequestDesktopNotificationPermission( + source_origin, this, done_callback); +} + +void RenderFrameHostImpl::OnShowDesktopNotification( + int notification_id, + const ShowDesktopNotificationHostMsgParams& params) { + base::Closure cancel_callback; + GetContentClient()->browser()->ShowDesktopNotification( + params, this, + new DesktopNotificationDelegateImpl(this, notification_id), + &cancel_callback); + cancel_notification_callbacks_[notification_id] = cancel_callback; +} + +void RenderFrameHostImpl::OnCancelDesktopNotification(int notification_id) { + if (!cancel_notification_callbacks_.count(notification_id)) { + NOTREACHED(); + return; + } + cancel_notification_callbacks_[notification_id].Run(); + cancel_notification_callbacks_.erase(notification_id); +} + +void RenderFrameHostImpl::OnTextSurroundingSelectionResponse( + const base::string16& content, + size_t start_offset, + size_t end_offset) { + render_view_host_->OnTextSurroundingSelectionResponse( + content, start_offset, end_offset); +} + +void RenderFrameHostImpl::OnDidAccessInitialDocument() { + delegate_->DidAccessInitialDocument(); +} + +void RenderFrameHostImpl::OnDidDisownOpener() { + // This message is only sent for top-level frames. TODO(avi): when frame tree + // mirroring works correctly, add a check here to enforce it. + delegate_->DidDisownOpener(this); +} + +void RenderFrameHostImpl::OnUpdateTitle( + int32 page_id, + const base::string16& title, + blink::WebTextDirection title_direction) { + // This message is only sent for top-level frames. TODO(avi): when frame tree + // mirroring works correctly, add a check here to enforce it. + if (title.length() > kMaxTitleChars) { + NOTREACHED() << "Renderer sent too many characters in title."; + return; + } + + delegate_->UpdateTitle(this, page_id, title, + WebTextDirectionToChromeTextDirection( + title_direction)); +} + +void RenderFrameHostImpl::OnUpdateEncoding(const std::string& encoding_name) { + // This message is only sent for top-level frames. TODO(avi): when frame tree + // mirroring works correctly, add a check here to enforce it. + delegate_->UpdateEncoding(this, encoding_name); +} + +void RenderFrameHostImpl::SetPendingShutdown(const base::Closure& on_swap_out) { + render_view_host_->SetPendingShutdown(on_swap_out); +} + +bool RenderFrameHostImpl::CanCommitURL(const GURL& url) { + // TODO(creis): We should also check for WebUI pages here. Also, when the + // out-of-process iframes implementation is ready, we should check for + // cross-site URLs that are not allowed to commit in this process. + + // Give the client a chance to disallow URLs from committing. + return GetContentClient()->browser()->CanCommitURL(GetProcess(), url); +} + +void RenderFrameHostImpl::Navigate(const FrameMsg_Navigate_Params& params) { + TRACE_EVENT0("frame_host", "RenderFrameHostImpl::Navigate"); + // Browser plugin guests are not allowed to navigate outside web-safe schemes, + // so do not grant them the ability to request additional URLs. + if (!GetProcess()->IsIsolatedGuest()) { + ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( + GetProcess()->GetID(), params.url); + if (params.url.SchemeIs(url::kDataScheme) && + params.base_url_for_data_url.SchemeIs(url::kFileScheme)) { + // If 'data:' is used, and we have a 'file:' base url, grant access to + // local files. + ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( + GetProcess()->GetID(), params.base_url_for_data_url); + } + } + + // Only send the message if we aren't suspended at the start of a cross-site + // request. + if (render_view_host_->navigations_suspended_) { + // Shouldn't be possible to have a second navigation while suspended, since + // navigations will only be suspended during a cross-site request. If a + // second navigation occurs, RenderFrameHostManager will cancel this pending + // RFH and create a new pending RFH. + DCHECK(!render_view_host_->suspended_nav_params_.get()); + render_view_host_->suspended_nav_params_.reset( + new FrameMsg_Navigate_Params(params)); + } else { + // Get back to a clean state, in case we start a new navigation without + // completing a RVH swap or unload handler. + render_view_host_->SetState(RenderViewHostImpl::STATE_DEFAULT); + + Send(new FrameMsg_Navigate(routing_id_, params)); + } + + // Force the throbber to start. We do this because Blink's "started + // loading" message will be received asynchronously from the UI of the + // browser. But we want to keep the throbber in sync with what's happening + // in the UI. For example, we want to start throbbing immediately when the + // user naivgates even if the renderer is delayed. There is also an issue + // with the throbber starting because the WebUI (which controls whether the + // favicon is displayed) happens synchronously. If the start loading + // messages was asynchronous, then the default favicon would flash in. + // + // Blink doesn't send throb notifications for JavaScript URLs, so we + // don't want to either. + if (!params.url.SchemeIs(url::kJavaScriptScheme)) + delegate_->DidStartLoading(this, true); +} + +void RenderFrameHostImpl::NavigateToURL(const GURL& url) { + FrameMsg_Navigate_Params params; + params.page_id = -1; + params.pending_history_list_offset = -1; + params.current_history_list_offset = -1; + params.current_history_list_length = 0; + params.url = url; + params.transition = PAGE_TRANSITION_LINK; + params.navigation_type = FrameMsg_Navigate_Type::NORMAL; + Navigate(params); +} + +void RenderFrameHostImpl::DispatchBeforeUnload(bool for_cross_site_transition) { + // TODO(creis): Support subframes. + if (!render_view_host_->IsRenderViewLive() || GetParent()) { + // We don't have a live renderer, so just skip running beforeunload. + render_view_host_->is_waiting_for_beforeunload_ack_ = true; + render_view_host_->unload_ack_is_for_cross_site_transition_ = + for_cross_site_transition; + base::TimeTicks now = base::TimeTicks::Now(); + OnBeforeUnloadACK(true, now, now); + return; + } + + // This may be called more than once (if the user clicks the tab close button + // several times, or if she clicks the tab close button then the browser close + // button), and we only send the message once. + if (render_view_host_->is_waiting_for_beforeunload_ack_) { + // Some of our close messages could be for the tab, others for cross-site + // transitions. We always want to think it's for closing the tab if any + // of the messages were, since otherwise it might be impossible to close + // (if there was a cross-site "close" request pending when the user clicked + // the close button). We want to keep the "for cross site" flag only if + // both the old and the new ones are also for cross site. + render_view_host_->unload_ack_is_for_cross_site_transition_ = + render_view_host_->unload_ack_is_for_cross_site_transition_ && + for_cross_site_transition; + } else { + // Start the hang monitor in case the renderer hangs in the beforeunload + // handler. + render_view_host_->is_waiting_for_beforeunload_ack_ = true; + render_view_host_->unload_ack_is_for_cross_site_transition_ = + for_cross_site_transition; + // Increment the in-flight event count, to ensure that input events won't + // cancel the timeout timer. + render_view_host_->increment_in_flight_event_count(); + render_view_host_->StartHangMonitorTimeout( + TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS)); + send_before_unload_start_time_ = base::TimeTicks::Now(); + Send(new FrameMsg_BeforeUnload(routing_id_)); + } +} + +void RenderFrameHostImpl::ExtendSelectionAndDelete(size_t before, + size_t after) { + Send(new FrameMsg_ExtendSelectionAndDelete(routing_id_, before, after)); +} + +void RenderFrameHostImpl::JavaScriptDialogClosed( + IPC::Message* reply_msg, + bool success, + const base::string16& user_input, + bool dialog_was_suppressed) { + GetProcess()->SetIgnoreInputEvents(false); + bool is_waiting = render_view_host_->is_waiting_for_beforeunload_ack() || + render_view_host_->IsWaitingForUnloadACK(); + + // If we are executing as part of (before)unload event handling, we don't + // want to use the regular hung_renderer_delay_ms_ if the user has agreed to + // leave the current page. In this case, use the regular timeout value used + // during the (before)unload handling. + if (is_waiting) { + render_view_host_->StartHangMonitorTimeout(TimeDelta::FromMilliseconds( + success ? RenderViewHostImpl::kUnloadTimeoutMS + : render_view_host_->hung_renderer_delay_ms_)); + } + + FrameHostMsg_RunJavaScriptMessage::WriteReplyParams(reply_msg, + success, user_input); + Send(reply_msg); + + // If we are waiting for an unload or beforeunload ack and the user has + // suppressed messages, kill the tab immediately; a page that's spamming + // alerts in onbeforeunload is presumably malicious, so there's no point in + // continuing to run its script and dragging out the process. + // This must be done after sending the reply since RenderView can't close + // correctly while waiting for a response. + if (is_waiting && dialog_was_suppressed) + render_view_host_->delegate_->RendererUnresponsive( + render_view_host_, + render_view_host_->is_waiting_for_beforeunload_ack(), + render_view_host_->IsWaitingForUnloadACK()); +} + +void RenderFrameHostImpl::NotificationClosed(int notification_id) { + cancel_notification_callbacks_.erase(notification_id); +} + +void RenderFrameHostImpl::DesktopNotificationPermissionRequestDone( + int callback_context) { + Send(new DesktopNotificationMsg_PermissionRequestDone( + routing_id_, callback_context)); } } // namespace content |