/**************************************************************************** ** ** Copyright (C) 2015 The Qt Company Ltd. ** Contact: http://www.qt.io/licensing/ ** ** This file is part of the QtWebEngine module of the Qt Toolkit. ** ** $QT_BEGIN_LICENSE:LGPL$ ** Commercial License Usage ** Licensees holding valid commercial Qt licenses may use this file in ** accordance with the commercial license agreement provided with the ** Software or, alternatively, in accordance with the terms contained in ** a written agreement between you and The Qt Company. For licensing terms ** and conditions see http://www.qt.io/terms-conditions. For further ** information use the contact form at http://www.qt.io/contact-us. ** ** GNU Lesser General Public License Usage ** Alternatively, this file may be used under the terms of the GNU Lesser ** General Public License version 3 as published by the Free Software ** Foundation and appearing in the file LICENSE.LGPLv3 included in the ** packaging of this file. Please review the following information to ** ensure the GNU Lesser General Public License version 3 requirements ** will be met: https://www.gnu.org/licenses/lgpl.html. ** ** GNU General Public License Usage ** Alternatively, this file may be used under the terms of the GNU ** General Public License version 2.0 or later as published by the Free ** Software Foundation and appearing in the file LICENSE.GPL included in ** the packaging of this file. Please review the following information to ** ensure the GNU General Public License version 2.0 requirements will be ** met: http://www.gnu.org/licenses/gpl-2.0.html. ** ** $QT_END_LICENSE$ ** ****************************************************************************/ // Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "pepper_flash_renderer_host_qt.h" #include #include #include "base/lazy_instance.h" #include "base/metrics/histogram.h" #include "base/strings/string_util.h" #include "content/public/renderer/pepper_plugin_instance.h" #include "content/public/renderer/render_thread.h" #include "content/public/renderer/renderer_ppapi_host.h" #include "ipc/ipc_message_macros.h" #include "net/http/http_util.h" #include "ppapi/c/pp_errors.h" #include "ppapi/c/trusted/ppb_browser_font_trusted.h" #include "ppapi/host/dispatch_host_message.h" #include "ppapi/proxy/host_dispatcher.h" #include "ppapi/proxy/ppapi_messages.h" #include "ppapi/proxy/resource_message_params.h" #include "ppapi/proxy/serialized_structs.h" #include "ppapi/thunk/enter.h" #include "ppapi/thunk/ppb_image_data_api.h" #include "skia/ext/platform_canvas.h" #include "third_party/skia/include/core/SkCanvas.h" #include "third_party/skia/include/core/SkMatrix.h" #include "third_party/skia/include/core/SkPaint.h" #include "third_party/skia/include/core/SkPoint.h" #include "third_party/skia/include/core/SkTypeface.h" #include "third_party/skia/include/private/SkTemplates.h" #include "ui/gfx/geometry/rect.h" #include "url/gurl.h" using ppapi::thunk::EnterResourceNoLock; using ppapi::thunk::PPB_ImageData_API; namespace { // Some non-simple HTTP request headers that Flash may set. // (Please see http://www.w3.org/TR/cors/#simple-header for the definition of // simple headers.) // // The list and the enum defined below are used to collect data about request // headers used in PPB_Flash.Navigate() calls, in order to understand the impact // of rejecting PPB_Flash.Navigate() requests with non-simple headers. // // TODO(yzshen): We should be able to remove the histogram recording code once // we get the answer. const char* const kRejectedHttpRequestHeaders[] = { "authorization", // "cache-control", // "content-encoding", // "content-md5", // "content-type", // If the media type is not one of those covered by the // simple header definition. "expires", // "from", // "if-match", // "if-none-match", // "if-range", // "if-unmodified-since", // "pragma", // "referer" // }; // Please note that new entries should be added right above // FLASH_NAVIGATE_USAGE_ENUM_COUNT, and existing entries shouldn't be re-ordered // or removed, since this ordering is used in a histogram. enum FlashNavigateUsage { // This section must be in the same order as kRejectedHttpRequestHeaders. REJECT_AUTHORIZATION = 0, REJECT_CACHE_CONTROL, REJECT_CONTENT_ENCODING, REJECT_CONTENT_MD5, REJECT_CONTENT_TYPE, REJECT_EXPIRES, REJECT_FROM, REJECT_IF_MATCH, REJECT_IF_NONE_MATCH, REJECT_IF_RANGE, REJECT_IF_UNMODIFIED_SINCE, REJECT_PRAGMA, REJECT_REFERER, // The navigate request is rejected because of headers not listed above // (e.g., custom headers). REJECT_OTHER_HEADERS, // Total number of rejected navigate requests. TOTAL_REJECTED_NAVIGATE_REQUESTS, // Total number of navigate requests. TOTAL_NAVIGATE_REQUESTS, FLASH_NAVIGATE_USAGE_ENUM_COUNT }; static base::LazyInstance > g_rejected_headers = LAZY_INSTANCE_INITIALIZER; bool IsSimpleHeader(const std::string& lower_case_header_name, const std::string& header_value) { if (lower_case_header_name == "accept" || lower_case_header_name == "accept-language" || lower_case_header_name == "content-language") return true; if (lower_case_header_name == "content-type") { std::string lower_case_mime_type; std::string lower_case_charset; bool had_charset = false; net::HttpUtil::ParseContentType(header_value, &lower_case_mime_type, &lower_case_charset, &had_charset, NULL); return lower_case_mime_type == "application/x-www-form-urlencoded" || lower_case_mime_type == "multipart/form-data" || lower_case_mime_type == "text/plain"; } return false; } void RecordFlashNavigateUsage(FlashNavigateUsage usage) { DCHECK_NE(FLASH_NAVIGATE_USAGE_ENUM_COUNT, usage); UMA_HISTOGRAM_ENUMERATION( "Plugin.FlashNavigateUsage", usage, FLASH_NAVIGATE_USAGE_ENUM_COUNT); } } // namespace namespace QtWebEngineCore { PepperFlashRendererHostQt::PepperFlashRendererHostQt( content::RendererPpapiHost* host, PP_Instance instance, PP_Resource resource) : ResourceHost(host->GetPpapiHost(), instance, resource), host_(host), weak_factory_(this) { } PepperFlashRendererHostQt::~PepperFlashRendererHostQt() { // This object may be destroyed in the middle of a sync message. If that is // the case, make sure we respond to all the pending navigate calls. std::vector::reverse_iterator it; for (it = navigate_replies_.rbegin(); it != navigate_replies_.rend(); ++it) SendReply(*it, IPC::Message()); } int32_t PepperFlashRendererHostQt::OnResourceMessageReceived( const IPC::Message& msg, ppapi::host::HostMessageContext* context) { PPAPI_BEGIN_MESSAGE_MAP(PepperFlashRendererHostQt, msg) PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_GetProxyForURL, OnGetProxyForURL) PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_SetInstanceAlwaysOnTop, OnSetInstanceAlwaysOnTop) PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_DrawGlyphs, OnDrawGlyphs) PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_Navigate, OnNavigate) PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_IsRectTopmost, OnIsRectTopmost) PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_Flash_InvokePrinting, OnInvokePrinting) PPAPI_END_MESSAGE_MAP() return PP_ERROR_FAILED; } int32_t PepperFlashRendererHostQt::OnGetProxyForURL( ppapi::host::HostMessageContext* host_context, const std::string& url) { GURL gurl(url); if (!gurl.is_valid()) return PP_ERROR_FAILED; std::string proxy; bool result = content::RenderThread::Get()->ResolveProxy(gurl, &proxy); if (!result) return PP_ERROR_FAILED; host_context->reply_msg = PpapiPluginMsg_Flash_GetProxyForURLReply(proxy); return PP_OK; } int32_t PepperFlashRendererHostQt::OnSetInstanceAlwaysOnTop( ppapi::host::HostMessageContext* host_context, bool on_top) { content::PepperPluginInstance* plugin_instance = host_->GetPluginInstance(pp_instance()); if (plugin_instance) plugin_instance->SetAlwaysOnTop(on_top); return PP_OK; } int32_t PepperFlashRendererHostQt::OnDrawGlyphs( ppapi::host::HostMessageContext* host_context, ppapi::proxy::PPBFlash_DrawGlyphs_Params params) { if (params.glyph_indices.size() != params.glyph_advances.size() || params.glyph_indices.empty()) return PP_ERROR_FAILED; return PP_OK; } // CAUTION: This code is subtle because Navigate is a sync call which may // cause re-entrancy or cause the instance to be destroyed. If the instance // is destroyed we need to ensure that we respond to all outstanding sync // messages so that the plugin process does not remain blocked. int32_t PepperFlashRendererHostQt::OnNavigate( ppapi::host::HostMessageContext* host_context, const ppapi::URLRequestInfoData& data, const std::string& target, bool from_user_action) { // If our PepperPluginInstance is already destroyed, just return a failure. content::PepperPluginInstance* plugin_instance = host_->GetPluginInstance(pp_instance()); if (!plugin_instance) return PP_ERROR_FAILED; std::map& rejected_headers = g_rejected_headers.Get(); if (rejected_headers.empty()) { for (size_t i = 0; i < arraysize(kRejectedHttpRequestHeaders); ++i) rejected_headers[kRejectedHttpRequestHeaders[i]] = static_cast(i); } net::HttpUtil::HeadersIterator header_iter( data.headers.begin(), data.headers.end(), "\n\r"); bool rejected = false; while (header_iter.GetNext()) { std::string lower_case_header_name = base::ToLowerASCII(header_iter.name()); if (!IsSimpleHeader(lower_case_header_name, header_iter.values())) { rejected = true; std::map::const_iterator iter = rejected_headers.find(lower_case_header_name); FlashNavigateUsage usage = iter != rejected_headers.end() ? iter->second : REJECT_OTHER_HEADERS; RecordFlashNavigateUsage(usage); } } RecordFlashNavigateUsage(TOTAL_NAVIGATE_REQUESTS); if (rejected) { RecordFlashNavigateUsage(TOTAL_REJECTED_NAVIGATE_REQUESTS); return PP_ERROR_NOACCESS; } // Navigate may call into Javascript (e.g. with a "javascript:" URL), // or do things like navigate away from the page, either one of which will // need to re-enter into the plugin. It is safe, because it is essentially // equivalent to NPN_GetURL, where Flash would expect re-entrancy. ppapi::proxy::HostDispatcher* host_dispatcher = ppapi::proxy::HostDispatcher::GetForInstance(pp_instance()); host_dispatcher->set_allow_plugin_reentrancy(); // Grab a weak pointer to ourselves on the stack so we can check if we are // still alive. base::WeakPtr weak_ptr = weak_factory_.GetWeakPtr(); // Keep track of reply contexts in case we are destroyed during a Navigate // call. Even if we are destroyed, we still need to send these replies to // unblock the plugin process. navigate_replies_.push_back(host_context->MakeReplyMessageContext()); plugin_instance->Navigate(data, target.c_str(), from_user_action); // This object might have been destroyed by this point. If it is destroyed // the reply will be sent in the destructor. Otherwise send the reply here. if (weak_ptr.get()) { SendReply(navigate_replies_.back(), IPC::Message()); navigate_replies_.pop_back(); } // Return PP_OK_COMPLETIONPENDING so that no reply is automatically sent. return PP_OK_COMPLETIONPENDING; } int32_t PepperFlashRendererHostQt::OnIsRectTopmost( ppapi::host::HostMessageContext* host_context, const PP_Rect& rect) { content::PepperPluginInstance* plugin_instance = host_->GetPluginInstance(pp_instance()); if (plugin_instance && plugin_instance->IsRectTopmost( gfx::Rect( rect.point.x, rect.point.y, rect.size.width, rect.size.height))) return PP_OK; return PP_ERROR_FAILED; } int32_t PepperFlashRendererHostQt::OnInvokePrinting( ppapi::host::HostMessageContext* host_context) { return PP_ERROR_FAILED; } } //QtWebEngineCore