X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fchrome%2Frenderer%2Fpepper%2Fpepper_flash_renderer_host.cc;h=e8b7bf69c4a3697748546b4fd17a591b9de2c479;hb=ff3e2503a20db9193d323c1d19c38c68004dec4a;hp=e978b6a4e71fc68ce5656ad803d8ea3237c9a63a;hpb=7338fba38ba696536d1cc9d389afd716a6ab2fe6;p=platform%2Fframework%2Fweb%2Fcrosswalk.git diff --git a/src/chrome/renderer/pepper/pepper_flash_renderer_host.cc b/src/chrome/renderer/pepper/pepper_flash_renderer_host.cc index e978b6a..e8b7bf6 100644 --- a/src/chrome/renderer/pepper/pepper_flash_renderer_host.cc +++ b/src/chrome/renderer/pepper/pepper_flash_renderer_host.cc @@ -4,13 +4,18 @@ #include "chrome/renderer/pepper/pepper_flash_renderer_host.h" +#include #include +#include "base/lazy_instance.h" +#include "base/metrics/histogram.h" +#include "base/strings/string_util.h" #include "chrome/renderer/pepper/ppb_pdf_impl.h" #include "content/public/renderer/pepper_plugin_instance.h" #include "content/public/renderer/render_thread.h" #include "content/public/renderer/renderer_ppapi_host.h" #include "ipc/ipc_message_macros.h" +#include "net/http/http_util.h" #include "ppapi/c/pp_errors.h" #include "ppapi/c/trusted/ppb_browser_font_trusted.h" #include "ppapi/host/dispatch_host_message.h" @@ -33,6 +38,100 @@ using ppapi::thunk::EnterResourceNoLock; using ppapi::thunk::PPB_ImageData_API; +namespace { + +// Some non-simple HTTP request headers that Flash may set. +// (Please see http://www.w3.org/TR/cors/#simple-header for the definition of +// simple headers.) +// +// The list and the enum defined below are used to collect data about request +// headers used in PPB_Flash.Navigate() calls, in order to understand the impact +// of rejecting PPB_Flash.Navigate() requests with non-simple headers. +// +// TODO(yzshen): We should be able to remove the histogram recording code once +// we get the answer. +const char* kRejectedHttpRequestHeaders[] = { + "authorization", + "cache-control", + "content-encoding", + "content-md5", + "content-type", // If the media type is not one of those covered by the + // simple header definition. + "expires", + "from", + "if-match", + "if-none-match", + "if-range", + "if-unmodified-since", + "pragma", + "referer" +}; + +// Please note that new entries should be added right above +// FLASH_NAVIGATE_USAGE_ENUM_COUNT, and existing entries shouldn't be re-ordered +// or removed, since this ordering is used in a histogram. +enum FlashNavigateUsage { + // This section must be in the same order as kRejectedHttpRequestHeaders. + REJECT_AUTHORIZATION = 0, + REJECT_CACHE_CONTROL, + REJECT_CONTENT_ENCODING, + REJECT_CONTENT_MD5, + REJECT_CONTENT_TYPE, + REJECT_EXPIRES, + REJECT_FROM, + REJECT_IF_MATCH, + REJECT_IF_NONE_MATCH, + REJECT_IF_RANGE, + REJECT_IF_UNMODIFIED_SINCE, + REJECT_PRAGMA, + REJECT_REFERER, + + // The navigate request is rejected because of headers not listed above + // (e.g., custom headers). + REJECT_OTHER_HEADERS, + + // Total number of rejected navigate requests. + TOTAL_REJECTED_NAVIGATE_REQUESTS, + + // Total number of navigate requests. + TOTAL_NAVIGATE_REQUESTS, + + FLASH_NAVIGATE_USAGE_ENUM_COUNT +}; + +static base::LazyInstance > + g_rejected_headers = LAZY_INSTANCE_INITIALIZER; + +bool IsSimpleHeader(const std::string& lower_case_header_name, + const std::string& header_value) { + if (lower_case_header_name == "accept" || + lower_case_header_name == "accept-language" || + lower_case_header_name == "content-language") { + return true; + } + + if (lower_case_header_name == "content-type") { + std::string lower_case_mime_type; + std::string lower_case_charset; + bool had_charset = false; + net::HttpUtil::ParseContentType(header_value, &lower_case_mime_type, + &lower_case_charset, &had_charset, NULL); + return lower_case_mime_type == "application/x-www-form-urlencoded" || + lower_case_mime_type == "multipart/form-data" || + lower_case_mime_type == "text/plain"; + } + + return false; +} + +void RecordFlashNavigateUsage(FlashNavigateUsage usage) { + DCHECK_NE(FLASH_NAVIGATE_USAGE_ENUM_COUNT, usage); + UMA_HISTOGRAM_ENUMERATION("Plugin.FlashNavigateUsage", usage, + FLASH_NAVIGATE_USAGE_ENUM_COUNT); +} + +} // namespace + PepperFlashRendererHost::PepperFlashRendererHost( content::RendererPpapiHost* host, PP_Instance instance, @@ -210,6 +309,37 @@ int32_t PepperFlashRendererHost::OnNavigate( if (!plugin_instance) return PP_ERROR_FAILED; + std::map& rejected_headers = + g_rejected_headers.Get(); + if (rejected_headers.empty()) { + for (size_t i = 0; i < arraysize(kRejectedHttpRequestHeaders); ++i) + rejected_headers[kRejectedHttpRequestHeaders[i]] = + static_cast(i); + } + + net::HttpUtil::HeadersIterator header_iter(data.headers.begin(), + data.headers.end(), + "\n\r"); + bool rejected = false; + while (header_iter.GetNext()) { + std::string lower_case_header_name = StringToLowerASCII(header_iter.name()); + if (!IsSimpleHeader(lower_case_header_name, header_iter.values())) { + rejected = true; + + std::map::const_iterator iter = + rejected_headers.find(lower_case_header_name); + FlashNavigateUsage usage = iter != rejected_headers.end() ? + iter->second : REJECT_OTHER_HEADERS; + RecordFlashNavigateUsage(usage); + } + } + + RecordFlashNavigateUsage(TOTAL_NAVIGATE_REQUESTS); + if (rejected) { + RecordFlashNavigateUsage(TOTAL_REJECTED_NAVIGATE_REQUESTS); + return PP_ERROR_NOACCESS; + } + // Navigate may call into Javascript (e.g. with a "javascript:" URL), // or do things like navigate away from the page, either one of which will // need to re-enter into the plugin. It is safe, because it is essentially