#include "base/debug/alias.h"
#include "base/debug/dump_without_crashing.h"
#include "base/i18n/char_iterator.h"
+#include "base/metrics/histogram.h"
+#include "base/process/kill.h"
+#include "base/process/process.h"
#include "base/strings/utf_string_conversions.h"
#include "base/time/time.h"
#include "content/child/appcache/appcache_dispatcher.h"
#include "content/common/view_messages.h"
#include "content/public/common/content_constants.h"
#include "content/public/common/content_switches.h"
+#include "content/public/common/context_menu_params.h"
#include "content/public/common/url_constants.h"
+#include "content/public/common/url_utils.h"
#include "content/public/renderer/content_renderer_client.h"
+#include "content/public/renderer/context_menu_client.h"
#include "content/public/renderer/document_state.h"
+#include "content/public/renderer/history_item_serialization.h"
#include "content/public/renderer/navigation_state.h"
#include "content/public/renderer/render_frame_observer.h"
#include "content/renderer/accessibility/renderer_accessibility.h"
#include "content/renderer/browser_plugin/browser_plugin.h"
#include "content/renderer/browser_plugin/browser_plugin_manager.h"
#include "content/renderer/child_frame_compositing_helper.h"
+#include "content/renderer/context_menu_params_builder.h"
#include "content/renderer/internal_document_state_data.h"
#include "content/renderer/npapi/plugin_channel_host.h"
#include "content/renderer/render_thread_impl.h"
#include "content/renderer/renderer_webapplicationcachehost_impl.h"
#include "content/renderer/shared_worker_repository.h"
#include "content/renderer/websharedworker_proxy.h"
+#include "net/base/data_url.h"
#include "net/base/net_errors.h"
#include "net/http/http_util.h"
#include "third_party/WebKit/public/platform/WebStorageQuotaCallbacks.h"
#include "third_party/WebKit/public/platform/WebVector.h"
#include "third_party/WebKit/public/web/WebDocument.h"
#include "third_party/WebKit/public/web/WebFrame.h"
+#include "third_party/WebKit/public/web/WebGlyphCache.h"
#include "third_party/WebKit/public/web/WebNavigationPolicy.h"
#include "third_party/WebKit/public/web/WebPlugin.h"
#include "third_party/WebKit/public/web/WebPluginParams.h"
#include "third_party/WebKit/public/web/WebSearchableFormData.h"
#include "third_party/WebKit/public/web/WebSecurityOrigin.h"
+#include "third_party/WebKit/public/web/WebSecurityPolicy.h"
#include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
#include "third_party/WebKit/public/web/WebView.h"
#include "webkit/child/weburlresponse_extradata_impl.h"
#include "content/renderer/media/rtc_peer_connection_handler.h"
#endif
+using blink::WebContextMenuData;
+using blink::WebData;
using blink::WebDataSource;
using blink::WebDocument;
using blink::WebFrame;
+using blink::WebHistoryItem;
+using blink::WebHTTPBody;
using blink::WebNavigationPolicy;
using blink::WebPluginParams;
using blink::WebReferrerPolicy;
using blink::WebSearchableFormData;
using blink::WebSecurityOrigin;
+using blink::WebSecurityPolicy;
using blink::WebServiceWorkerProvider;
using blink::WebStorageQuotaCallbacks;
using blink::WebString;
typedef std::map<blink::WebFrame*, RenderFrameImpl*> FrameMap;
base::LazyInstance<FrameMap> g_frame_map = LAZY_INSTANCE_INITIALIZER;
+int64 ExtractPostId(const WebHistoryItem& item) {
+ if (item.isNull())
+ return -1;
+
+ if (item.httpBody().isNull())
+ return -1;
+
+ return item.httpBody().identifier();
+}
+
+WebURLResponseExtraDataImpl* GetExtraDataFromResponse(
+ const WebURLResponse& response) {
+ return static_cast<WebURLResponseExtraDataImpl*>(
+ response.extraData());
+}
+
+void GetRedirectChain(WebDataSource* ds, std::vector<GURL>* result) {
+ // Replace any occurrences of swappedout:// with about:blank.
+ const WebURL& blank_url = GURL(kAboutBlankURL);
+ WebVector<WebURL> urls;
+ ds->redirectChain(urls);
+ result->reserve(urls.size());
+ for (size_t i = 0; i < urls.size(); ++i) {
+ if (urls[i] != GURL(kSwappedOutURL))
+ result->push_back(urls[i]);
+ else
+ result->push_back(blank_url);
+ }
+}
+
+NOINLINE static void CrashIntentionally() {
+ // NOTE(shess): Crash directly rather than using NOTREACHED() so
+ // that the signature is easier to triage in crash reports.
+ volatile int* zero = NULL;
+ *zero = 0;
+}
+
+#if defined(ADDRESS_SANITIZER)
+NOINLINE static void MaybeTriggerAsanError(const GURL& url) {
+ // NOTE(rogerm): We intentionally perform an invalid heap access here in
+ // order to trigger an Address Sanitizer (ASAN) error report.
+ static const char kCrashDomain[] = "crash";
+ static const char kHeapOverflow[] = "/heap-overflow";
+ static const char kHeapUnderflow[] = "/heap-underflow";
+ static const char kUseAfterFree[] = "/use-after-free";
+ static const int kArraySize = 5;
+
+ if (!url.DomainIs(kCrashDomain, sizeof(kCrashDomain) - 1))
+ return;
+
+ if (!url.has_path())
+ return;
+
+ scoped_ptr<int[]> array(new int[kArraySize]);
+ std::string crash_type(url.path());
+ int dummy = 0;
+ if (crash_type == kHeapOverflow) {
+ dummy = array[kArraySize];
+ } else if (crash_type == kHeapUnderflow ) {
+ dummy = array[-1];
+ } else if (crash_type == kUseAfterFree) {
+ int* dangling = array.get();
+ array.reset();
+ dummy = dangling[kArraySize / 2];
+ }
+
+ // Make sure the assignments to the dummy value aren't optimized away.
+ base::debug::Alias(&dummy);
+}
+#endif // ADDRESS_SANITIZER
+
+static void MaybeHandleDebugURL(const GURL& url) {
+ if (!url.SchemeIs(kChromeUIScheme))
+ return;
+ if (url == GURL(kChromeUICrashURL)) {
+ CrashIntentionally();
+ } else if (url == GURL(kChromeUIKillURL)) {
+ base::KillProcess(base::GetCurrentProcessHandle(), 1, false);
+ } else if (url == GURL(kChromeUIHangURL)) {
+ for (;;) {
+ base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(1));
+ }
+ } else if (url == GURL(kChromeUIShorthangURL)) {
+ base::PlatformThread::Sleep(base::TimeDelta::FromSeconds(20));
+ }
+
+#if defined(ADDRESS_SANITIZER)
+ MaybeTriggerAsanError(url);
+#endif // ADDRESS_SANITIZER
+}
+
} // namespace
static RenderFrameImpl* (*g_create_render_frame_impl)(RenderViewImpl*, int32) =
RenderThread::Get()->RemoveRoute(routing_id_);
}
-// TODO(nasko): Overload the delete operator to overwrite the freed
-// RenderFrameImpl object and help detect potential use-after-free bug.
-// See https://crbug.com/245126#c34.
-void RenderFrameImpl::operator delete(void* ptr) {
- memset(ptr, 0xAF, sizeof(RenderFrameImpl));
-}
-
void RenderFrameImpl::SetWebFrame(blink::WebFrame* web_frame) {
DCHECK(!frame_);
bool handled = true;
bool msg_is_ok = true;
IPC_BEGIN_MESSAGE_MAP_EX(RenderFrameImpl, msg, msg_is_ok)
+ IPC_MESSAGE_HANDLER(FrameMsg_Navigate, OnNavigate)
IPC_MESSAGE_HANDLER(FrameMsg_SwapOut, OnSwapOut)
IPC_MESSAGE_HANDLER(FrameMsg_BuffersSwapped, OnBuffersSwapped)
IPC_MESSAGE_HANDLER_GENERIC(FrameMsg_CompositorFrameSwapped,
OnCompositorFrameSwapped(msg))
+ IPC_MESSAGE_HANDLER(FrameMsg_ChildFrameProcessGone, OnChildFrameProcessGone)
+ IPC_MESSAGE_HANDLER(FrameMsg_ContextMenuClosed, OnContextMenuClosed)
+ IPC_MESSAGE_HANDLER(FrameMsg_CustomContextMenuAction,
+ OnCustomContextMenuAction)
IPC_END_MESSAGE_MAP_EX()
if (!msg_is_ok) {
}
return handled;
- }
+}
+
+void RenderFrameImpl::OnNavigate(const FrameMsg_Navigate_Params& params) {
+ MaybeHandleDebugURL(params.url);
+ if (!render_view_->webview())
+ return;
+
+ render_view_->OnNavigate(params);
+
+ bool is_reload = RenderViewImpl::IsReload(params);
+ WebURLRequest::CachePolicy cache_policy =
+ WebURLRequest::UseProtocolCachePolicy;
+
+ // If this is a stale back/forward (due to a recent navigation the browser
+ // didn't know about), ignore it.
+ if (render_view_->IsBackForwardToStaleEntry(params, is_reload))
+ return;
+
+ // Swap this renderer back in if necessary.
+ if (render_view_->is_swapped_out_) {
+ // We marked the view as hidden when swapping the view out, so be sure to
+ // reset the visibility state before navigating to the new URL.
+ render_view_->webview()->setVisibilityState(
+ render_view_->visibilityState(), false);
+
+ // If this is an attempt to reload while we are swapped out, we should not
+ // reload swappedout://, but the previous page, which is stored in
+ // params.state. Setting is_reload to false will treat this like a back
+ // navigation to accomplish that.
+ is_reload = false;
+ cache_policy = WebURLRequest::ReloadIgnoringCacheData;
+
+ // We refresh timezone when a view is swapped in since timezone
+ // can get out of sync when the system timezone is updated while
+ // the view is swapped out.
+ RenderViewImpl::NotifyTimezoneChange(render_view_->webview()->mainFrame());
+
+ render_view_->SetSwappedOut(false);
+ is_swapped_out_ = false;
+ }
+
+ if (params.should_clear_history_list) {
+ CHECK_EQ(params.pending_history_list_offset, -1);
+ CHECK_EQ(params.current_history_list_offset, -1);
+ CHECK_EQ(params.current_history_list_length, 0);
+ }
+ render_view_->history_list_offset_ = params.current_history_list_offset;
+ render_view_->history_list_length_ = params.current_history_list_length;
+ if (render_view_->history_list_length_ >= 0) {
+ render_view_->history_page_ids_.resize(
+ render_view_->history_list_length_, -1);
+ }
+ if (params.pending_history_list_offset >= 0 &&
+ params.pending_history_list_offset < render_view_->history_list_length_) {
+ render_view_->history_page_ids_[params.pending_history_list_offset] =
+ params.page_id;
+ }
+
+ GetContentClient()->SetActiveURL(params.url);
+
+ WebFrame* frame = frame_;
+ if (!params.frame_to_navigate.empty()) {
+ // TODO(nasko): Move this lookup to the browser process.
+ frame = render_view_->webview()->findFrameByName(
+ WebString::fromUTF8(params.frame_to_navigate));
+ CHECK(frame) << "Invalid frame name passed: " << params.frame_to_navigate;
+ }
+
+ if (is_reload && frame->currentHistoryItem().isNull()) {
+ // We cannot reload if we do not have any history state. This happens, for
+ // example, when recovering from a crash.
+ is_reload = false;
+ cache_policy = WebURLRequest::ReloadIgnoringCacheData;
+ }
+
+ render_view_->pending_navigation_params_.reset(
+ new FrameMsg_Navigate_Params(params));
+
+ // If we are reloading, then WebKit will use the history state of the current
+ // page, so we should just ignore any given history state. Otherwise, if we
+ // have history state, then we need to navigate to it, which corresponds to a
+ // back/forward navigation event.
+ if (is_reload) {
+ bool reload_original_url =
+ (params.navigation_type ==
+ FrameMsg_Navigate_Type::RELOAD_ORIGINAL_REQUEST_URL);
+ bool ignore_cache = (params.navigation_type ==
+ FrameMsg_Navigate_Type::RELOAD_IGNORING_CACHE);
+
+ if (reload_original_url)
+ frame->reloadWithOverrideURL(params.url, true);
+ else
+ frame->reload(ignore_cache);
+ } else if (params.page_state.IsValid()) {
+ // We must know the page ID of the page we are navigating back to.
+ DCHECK_NE(params.page_id, -1);
+ WebHistoryItem item = PageStateToHistoryItem(params.page_state);
+ if (!item.isNull()) {
+ // Ensure we didn't save the swapped out URL in UpdateState, since the
+ // browser should never be telling us to navigate to swappedout://.
+ CHECK(item.urlString() != WebString::fromUTF8(kSwappedOutURL));
+ frame->loadHistoryItem(item, cache_policy);
+ }
+ } else if (!params.base_url_for_data_url.is_empty()) {
+ // A loadData request with a specified base URL.
+ std::string mime_type, charset, data;
+ if (net::DataURL::Parse(params.url, &mime_type, &charset, &data)) {
+ frame->loadData(
+ WebData(data.c_str(), data.length()),
+ WebString::fromUTF8(mime_type),
+ WebString::fromUTF8(charset),
+ params.base_url_for_data_url,
+ params.history_url_for_data_url,
+ false);
+ } else {
+ CHECK(false) <<
+ "Invalid URL passed: " << params.url.possibly_invalid_spec();
+ }
+ } else {
+ // Navigate to the given URL.
+ WebURLRequest request(params.url);
+
+ // A session history navigation should have been accompanied by state.
+ CHECK_EQ(params.page_id, -1);
+
+ if (frame->isViewSourceModeEnabled())
+ request.setCachePolicy(WebURLRequest::ReturnCacheDataElseLoad);
+
+ if (params.referrer.url.is_valid()) {
+ WebString referrer = WebSecurityPolicy::generateReferrerHeader(
+ params.referrer.policy,
+ params.url,
+ WebString::fromUTF8(params.referrer.url.spec()));
+ if (!referrer.isEmpty())
+ request.setHTTPReferrer(referrer, params.referrer.policy);
+ }
+
+ if (!params.extra_headers.empty()) {
+ for (net::HttpUtil::HeadersIterator i(params.extra_headers.begin(),
+ params.extra_headers.end(), "\n");
+ i.GetNext(); ) {
+ request.addHTTPHeaderField(WebString::fromUTF8(i.name()),
+ WebString::fromUTF8(i.values()));
+ }
+ }
+
+ if (params.is_post) {
+ request.setHTTPMethod(WebString::fromUTF8("POST"));
+
+ // Set post data.
+ WebHTTPBody http_body;
+ http_body.initialize();
+ const char* data = NULL;
+ if (params.browser_initiated_post_data.size()) {
+ data = reinterpret_cast<const char*>(
+ ¶ms.browser_initiated_post_data.front());
+ }
+ http_body.appendData(
+ WebData(data, params.browser_initiated_post_data.size()));
+ request.setHTTPBody(http_body);
+ }
+
+ frame->loadRequest(request);
+
+ // If this is a cross-process navigation, the browser process will send
+ // along the proper navigation start value.
+ if (!params.browser_navigation_start.is_null() &&
+ frame->provisionalDataSource()) {
+ // browser_navigation_start is likely before this process existed, so we
+ // can't use InterProcessTimeTicksConverter. Instead, the best we can do
+ // is just ensure we don't report a bogus value in the future.
+ base::TimeTicks navigation_start = std::min(
+ base::TimeTicks::Now(), params.browser_navigation_start);
+ double navigation_start_seconds =
+ (navigation_start - base::TimeTicks()).InSecondsF();
+ frame->provisionalDataSource()->setNavigationStartTime(
+ navigation_start_seconds);
+ }
+ }
+
+ // In case LoadRequest failed before DidCreateDataSource was called.
+ render_view_->pending_navigation_params_.reset();
+}
void RenderFrameImpl::OnSwapOut() {
// Only run unload if we're not swapped out yet, but send the ack either way.
}
compositing_helper_->OnBuffersSwapped(
params.size,
- params.mailbox_name,
+ params.mailbox,
params.gpu_route_id,
params.gpu_host_id,
render_view_->GetWebView()->deviceScaleFactor());
param.a.producing_host_id);
}
+void RenderFrameImpl::OnContextMenuClosed(
+ const CustomContextMenuContext& custom_context) {
+ if (custom_context.request_id) {
+ // External request, should be in our map.
+ ContextMenuClient* client =
+ pending_context_menus_.Lookup(custom_context.request_id);
+ if (client) {
+ client->OnMenuClosed(custom_context.request_id);
+ pending_context_menus_.Remove(custom_context.request_id);
+ }
+ } else {
+ // Internal request, forward to WebKit.
+ render_view_->context_menu_node_.reset();
+ }
+}
+
+void RenderFrameImpl::OnCustomContextMenuAction(
+ const CustomContextMenuContext& custom_context,
+ unsigned action) {
+ if (custom_context.request_id) {
+ // External context menu request, look in our map.
+ ContextMenuClient* client =
+ pending_context_menus_.Lookup(custom_context.request_id);
+ if (client)
+ client->OnMenuAction(custom_context.request_id, action);
+ } else {
+ // Internal request, forward to WebKit.
+ render_view_->webview()->performCustomContextMenuAction(action);
+ }
+}
+
+bool RenderFrameImpl::ShouldUpdateSelectionTextFromContextMenuParams(
+ const base::string16& selection_text,
+ size_t selection_text_offset,
+ const gfx::Range& selection_range,
+ const ContextMenuParams& params) {
+ base::string16 trimmed_selection_text;
+ if (!selection_text.empty() && !selection_range.is_empty()) {
+ const int start = selection_range.GetMin() - selection_text_offset;
+ const size_t length = selection_range.length();
+ if (start >= 0 && start + length <= selection_text.length()) {
+ TrimWhitespace(selection_text.substr(start, length), TRIM_ALL,
+ &trimmed_selection_text);
+ }
+ }
+ base::string16 trimmed_params_text;
+ TrimWhitespace(params.selection_text, TRIM_ALL, &trimmed_params_text);
+ return trimmed_params_text != trimmed_selection_text;
+}
+
void RenderFrameImpl::DidCommitCompositorFrame() {
if (compositing_helper_)
compositing_helper_->DidCommitCompositorFrame();
int RenderFrameImpl::ShowContextMenu(ContextMenuClient* client,
const ContextMenuParams& params) {
- return render_view_->ShowContextMenu(client, params);
+ DCHECK(client); // A null client means "internal" when we issue callbacks.
+ ContextMenuParams our_params(params);
+ our_params.custom_context.request_id = pending_context_menus_.Add(client);
+ Send(new FrameHostMsg_ContextMenu(routing_id_, our_params));
+ return our_params.custom_context.request_id;
}
void RenderFrameImpl::CancelContextMenu(int request_id) {
- return render_view_->CancelContextMenu(request_id);
+ DCHECK(pending_context_menus_.Lookup(request_id));
+ pending_context_menus_.Remove(request_id);
}
blink::WebPlugin* RenderFrameImpl::CreatePlugin(
loadURLExternally(frame, request, policy);
}
+void RenderFrameImpl::OnChildFrameProcessGone() {
+ if (compositing_helper_)
+ compositing_helper_->ChildFrameGone();
+}
+
// blink::WebFrameClient implementation ----------------------------------------
blink::WebPlugin* RenderFrameImpl::createPlugin(
RenderFrameImpl* child_render_frame = RenderFrameImpl::Create(
render_view_.get(), routing_id);
- // TODO(nasko): Over-conservative check for debugging.
- CHECK(child_render_frame);
blink::WebFrame* web_frame = WebFrame::create(child_render_frame,
child_frame_identifier);
- // TODO(nasko): Over-conservative check for debugging.
- CHECK(web_frame);
+ parent->appendChild(web_frame);
child_render_frame->SetWebFrame(web_frame);
return web_frame;
// the parent frame. This is different from createChildFrame() which is
// called on the parent frame.
CHECK(!is_detaching_);
- // TODO(nasko): Remove all debug::Alias lines after diagnosing failures.
- base::debug::Alias(frame);
bool is_subframe = !!frame->parent();
- base::debug::Alias(&is_subframe);
int64 parent_frame_id = -1;
- base::debug::Alias(&parent_frame_id);
if (is_subframe)
parent_frame_id = frame->parent()->identifier();
CHECK_EQ(it->second, this);
g_frame_map.Get().erase(it);
+ if (is_subframe)
+ frame->parent()->removeChild(frame);
+
// |frame| is invalid after here.
frame->close();
RenderViewObserver, render_view_->observers(),
DidStartProvisionalLoad(frame));
+ FOR_EACH_OBSERVER(
+ RenderFrameObserver, observers_,
+ DidStartProvisionalLoad());
+
Send(new FrameHostMsg_DidStartProvisionalLoadForFrame(
routing_id_, frame->identifier(),
frame->parent() ? frame->parent()->identifier() : -1,
return;
}
std::vector<GURL> redirects;
- RenderViewImpl::GetRedirectChain(data_source, &redirects);
+ GetRedirectChain(data_source, &redirects);
if (redirects.size() >= 2) {
Send(new FrameHostMsg_DidRedirectProvisionalLoad(
routing_id_,
// Call out to RenderViewImpl, so observers are notified.
render_view_->didFailProvisionalLoad(frame, error);
+ FOR_EACH_OBSERVER(RenderFrameObserver, observers_,
+ DidFailProvisionalLoad(error));
+
bool show_repost_interstitial =
(error.reason == net::ERR_CACHE_MISS &&
EqualsASCII(failed_request.httpMethod(), "POST"));
// If we failed on a browser initiated request, then make sure that our error
// page load is regarded as the same browser initiated request.
if (!navigation_state->is_content_initiated()) {
- render_view_->pending_navigation_params_.reset(new ViewMsg_Navigate_Params);
+ render_view_->pending_navigation_params_.reset(
+ new FrameMsg_Navigate_Params);
render_view_->pending_navigation_params_->page_id =
navigation_state->pending_page_id();
render_view_->pending_navigation_params_->pending_history_list_offset =
void RenderFrameImpl::didCommitProvisionalLoad(blink::WebFrame* frame,
bool is_new_navigation) {
- // TODO(nasko): Move implementation here. Needed state:
- // * page_id_
- // * next_page_id_
- // * history_list_offset_
- // * history_list_length_
- // * history_page_ids_
- // Needed methods
- // * webview
- // * UpdateSessionHistory
- // * GetLoadingUrl
- render_view_->didCommitProvisionalLoad(frame, is_new_navigation);
+ DocumentState* document_state =
+ DocumentState::FromDataSource(frame->dataSource());
+ NavigationState* navigation_state = document_state->navigation_state();
+ InternalDocumentStateData* internal_data =
+ InternalDocumentStateData::FromDocumentState(document_state);
+
+ if (document_state->commit_load_time().is_null())
+ document_state->set_commit_load_time(Time::Now());
+
+ if (internal_data->must_reset_scroll_and_scale_state()) {
+ render_view_->webview()->resetScrollAndScaleState();
+ internal_data->set_must_reset_scroll_and_scale_state(false);
+ }
+ internal_data->set_use_error_page(false);
+
+ if (is_new_navigation) {
+ // When we perform a new navigation, we need to update the last committed
+ // session history entry with state for the page we are leaving.
+ render_view_->UpdateSessionHistory(frame);
+
+ // We bump our Page ID to correspond with the new session history entry.
+ render_view_->page_id_ = render_view_->next_page_id_++;
+
+ // Don't update history_page_ids_ (etc) for kSwappedOutURL, since
+ // we don't want to forget the entry that was there, and since we will
+ // never come back to kSwappedOutURL. Note that we have to call
+ // UpdateSessionHistory and update page_id_ even in this case, so that
+ // the current entry gets a state update and so that we don't send a
+ // state update to the wrong entry when we swap back in.
+ if (render_view_->GetLoadingUrl(frame) != GURL(kSwappedOutURL)) {
+ // Advance our offset in session history, applying the length limit.
+ // There is now no forward history.
+ render_view_->history_list_offset_++;
+ if (render_view_->history_list_offset_ >= kMaxSessionHistoryEntries)
+ render_view_->history_list_offset_ = kMaxSessionHistoryEntries - 1;
+ render_view_->history_list_length_ =
+ render_view_->history_list_offset_ + 1;
+ render_view_->history_page_ids_.resize(
+ render_view_->history_list_length_, -1);
+ render_view_->history_page_ids_[render_view_->history_list_offset_] =
+ render_view_->page_id_;
+ }
+ } else {
+ // Inspect the navigation_state on this frame to see if the navigation
+ // corresponds to a session history navigation... Note: |frame| may or
+ // may not be the toplevel frame, but for the case of capturing session
+ // history, the first committed frame suffices. We keep track of whether
+ // we've seen this commit before so that only capture session history once
+ // per navigation.
+ //
+ // Note that we need to check if the page ID changed. In the case of a
+ // reload, the page ID doesn't change, and UpdateSessionHistory gets the
+ // previous URL and the current page ID, which would be wrong.
+ if (navigation_state->pending_page_id() != -1 &&
+ navigation_state->pending_page_id() != render_view_->page_id_ &&
+ !navigation_state->request_committed()) {
+ // This is a successful session history navigation!
+ render_view_->UpdateSessionHistory(frame);
+ render_view_->page_id_ = navigation_state->pending_page_id();
+
+ render_view_->history_list_offset_ =
+ navigation_state->pending_history_list_offset();
+
+ // If the history list is valid, our list of page IDs should be correct.
+ DCHECK(render_view_->history_list_length_ <= 0 ||
+ render_view_->history_list_offset_ < 0 ||
+ render_view_->history_list_offset_ >=
+ render_view_->history_list_length_ ||
+ render_view_->history_page_ids_[render_view_->history_list_offset_]
+ == render_view_->page_id_);
+ }
+ }
+ render_view_->didCommitProvisionalLoad(frame, is_new_navigation);
FOR_EACH_OBSERVER(RenderFrameObserver, observers_,
DidCommitProvisionalLoad(is_new_navigation));
+
+ // Remember that we've already processed this request, so we don't update
+ // the session history again. We do this regardless of whether this is
+ // a session history navigation, because if we attempted a session history
+ // navigation without valid HistoryItem state, WebCore will think it is a
+ // new navigation.
+ navigation_state->set_request_committed(true);
+
+ UpdateURL(frame);
+
+ // Check whether we have new encoding name.
+ render_view_->UpdateEncoding(frame, frame->view()->pageEncoding().utf8());
}
void RenderFrameImpl::didClearWindowObject(blink::WebFrame* frame,
}
void RenderFrameImpl::didFinishDocumentLoad(blink::WebFrame* frame) {
- // TODO(nasko): Move implementation here. No state needed, just observers
- // notification in before updating encoding.
+ WebDataSource* ds = frame->dataSource();
+ DocumentState* document_state = DocumentState::FromDataSource(ds);
+ document_state->set_finish_document_load_time(Time::Now());
+
+ Send(
+ new FrameHostMsg_DidFinishDocumentLoad(routing_id_, frame->identifier()));
+
+ // Call back to RenderViewImpl for observers to be notified.
+ // TODO(nasko): Remove once we have RenderFrameObserver for this method.
render_view_->didFinishDocumentLoad(frame);
+
+ // Check whether we have new encoding name.
+ render_view_->UpdateEncoding(frame, frame->view()->pageEncoding().utf8());
}
void RenderFrameImpl::didHandleOnloadEvents(blink::WebFrame* frame) {
void RenderFrameImpl::didFailLoad(blink::WebFrame* frame,
const blink::WebURLError& error) {
// TODO(nasko): Move implementation here. No state needed.
+ WebDataSource* ds = frame->dataSource();
+ DCHECK(ds);
+
render_view_->didFailLoad(frame, error);
+
+ const WebURLRequest& failed_request = ds->request();
+ base::string16 error_description;
+ GetContentClient()->renderer()->GetNavigationErrorStrings(
+ render_view_.get(),
+ frame,
+ failed_request,
+ error,
+ NULL,
+ &error_description);
+ Send(new FrameHostMsg_DidFailLoadWithError(routing_id_,
+ frame->identifier(),
+ failed_request.url(),
+ !frame->parent(),
+ error.reason,
+ error_description));
}
void RenderFrameImpl::didFinishLoad(blink::WebFrame* frame) {
// TODO(nasko): Move implementation here. No state needed, just observers
// notification before sending message to the browser process.
render_view_->didFinishLoad(frame);
+ FOR_EACH_OBSERVER(RenderFrameObserver, observers_,
+ DidFinishLoad());
}
void RenderFrameImpl::didNavigateWithinPage(blink::WebFrame* frame,
bool is_new_navigation) {
- // TODO(nasko): Move implementation here. No state needed, just observers
- // notification before sending message to the browser process.
- render_view_->didNavigateWithinPage(frame, is_new_navigation);
+ // If this was a reference fragment navigation that we initiated, then we
+ // could end up having a non-null pending navigation params. We just need to
+ // update the ExtraData on the datasource so that others who read the
+ // ExtraData will get the new NavigationState. Similarly, if we did not
+ // initiate this navigation, then we need to take care to reset any pre-
+ // existing navigation state to a content-initiated navigation state.
+ // DidCreateDataSource conveniently takes care of this for us.
+ didCreateDataSource(frame, frame->dataSource());
+
+ DocumentState* document_state =
+ DocumentState::FromDataSource(frame->dataSource());
+ NavigationState* new_state = document_state->navigation_state();
+ new_state->set_was_within_same_page(true);
+
+ didCommitProvisionalLoad(frame, is_new_navigation);
}
void RenderFrameImpl::didUpdateCurrentHistoryItem(blink::WebFrame* frame) {
void RenderFrameImpl::willRequestAfterPreconnect(
blink::WebFrame* frame,
blink::WebURLRequest& request) {
- blink::WebReferrerPolicy referrer_policy = frame->document().referrerPolicy();
// FIXME(kohei): This will never be set.
WebString custom_user_agent;
// The args after |was_after_preconnect_request| are not used, and set to
// correct values at |willSendRequest|.
request.setExtraData(new webkit_glue::WebURLRequestExtraDataImpl(
- referrer_policy, custom_user_agent, was_after_preconnect_request));
+ custom_user_agent, was_after_preconnect_request));
}
void RenderFrameImpl::willSendRequest(
if (internal_data->is_cache_policy_override_set())
request.setCachePolicy(internal_data->cache_policy_override());
- blink::WebReferrerPolicy referrer_policy;
- if (internal_data->is_referrer_policy_set()) {
- referrer_policy = internal_data->referrer_policy();
- } else {
- referrer_policy = frame->document().referrerPolicy();
- }
-
// The request's extra data may indicate that we should set a custom user
// agent. This needs to be done here, after WebKit is through with setting the
// user agent on its own.
navigation_state->should_replace_current_entry();
}
request.setExtraData(
- new RequestExtraData(referrer_policy,
- render_view_->visibilityState(),
+ new RequestExtraData(render_view_->visibilityState(),
custom_user_agent,
was_after_preconnect_request,
routing_id_,
navigation_state->extra_headers().begin(),
navigation_state->extra_headers().end(), "\n");
i.GetNext(); ) {
- request.setHTTPHeaderField(WebString::fromUTF8(i.name()),
- WebString::fromUTF8(i.values()));
+ if (LowerCaseEqualsASCII(i.name(), "referer")) {
+ WebString referrer = WebSecurityPolicy::generateReferrerHeader(
+ blink::WebReferrerPolicyDefault,
+ request.url(),
+ WebString::fromUTF8(i.values()));
+ request.setHTTPReferrer(referrer, blink::WebReferrerPolicyDefault);
+ } else {
+ request.setHTTPHeaderField(WebString::fromUTF8(i.name()),
+ WebString::fromUTF8(i.values()));
+ }
}
}
if (!render_view_->renderer_preferences_.enable_referrers)
- request.clearHTTPHeaderField("Referer");
+ request.setHTTPReferrer(WebString(), blink::WebReferrerPolicyDefault);
}
void RenderFrameImpl::didReceiveResponse(
int http_status_code = response.httpStatusCode();
// Record page load flags.
- WebURLResponseExtraDataImpl* extra_data =
- RenderViewImpl::GetExtraDataFromResponse(response);
+ WebURLResponseExtraDataImpl* extra_data = GetExtraDataFromResponse(response);
if (extra_data) {
document_state->set_was_fetched_via_spdy(
extra_data->was_fetched_via_spdy());
blink::WebFrame* frame,
blink::WebStorageQuotaType type,
unsigned long long requested_size,
- blink::WebStorageQuotaCallbacks* callbacks) {
+ blink::WebStorageQuotaCallbacks callbacks) {
DCHECK(frame);
WebSecurityOrigin origin = frame->document().securityOrigin();
if (origin.isUnique()) {
// Unique origins cannot store persistent state.
- callbacks->didFail(blink::WebStorageQuotaErrorAbort);
+ callbacks.didFail(blink::WebStorageQuotaErrorAbort);
return;
}
ChildThread::current()->quota_dispatcher()->RequestStorageQuota(
arb_robustness_status_code));
}
+void RenderFrameImpl::showContextMenu(const blink::WebContextMenuData& data) {
+ ContextMenuParams params = ContextMenuParamsBuilder::Build(data);
+ params.source_type = GetRenderWidget()->context_menu_source_type();
+ if (params.source_type == ui::MENU_SOURCE_TOUCH_EDIT_MENU) {
+ params.x = GetRenderWidget()->touch_editing_context_menu_location().x();
+ params.y = GetRenderWidget()->touch_editing_context_menu_location().y();
+ }
+ GetRenderWidget()->OnShowHostContextMenu(¶ms);
+
+ // Plugins, e.g. PDF, don't currently update the render view when their
+ // selected text changes, but the context menu params do contain the updated
+ // selection. If that's the case, update the render view's state just prior
+ // to showing the context menu.
+ // TODO(asvitkine): http://crbug.com/152432
+ if (ShouldUpdateSelectionTextFromContextMenuParams(
+ render_view_->selection_text_,
+ render_view_->selection_text_offset_,
+ render_view_->selection_range_,
+ params)) {
+ render_view_->selection_text_ = params.selection_text;
+ // TODO(asvitkine): Text offset and range is not available in this case.
+ render_view_->selection_text_offset_ = 0;
+ render_view_->selection_range_ =
+ gfx::Range(0, render_view_->selection_text_.length());
+ Send(new ViewHostMsg_SelectionChanged(
+ routing_id_,
+ render_view_->selection_text_,
+ render_view_->selection_text_offset_,
+ render_view_->selection_range_));
+ }
+
+ params.frame_id = frame_->identifier();
+
+ // Serializing a GURL longer than kMaxURLChars will fail, so don't do
+ // it. We replace it with an empty GURL so the appropriate items are disabled
+ // in the context menu.
+ // TODO(jcivelli): http://crbug.com/45160 This prevents us from saving large
+ // data encoded images. We should have a way to save them.
+ if (params.src_url.spec().size() > GetMaxURLChars())
+ params.src_url = GURL();
+ render_view_->context_menu_node_ = data.node;
+
+#if defined(OS_ANDROID)
+ gfx::Rect start_rect;
+ gfx::Rect end_rect;
+ render_view_->GetSelectionBounds(&start_rect, &end_rect);
+ params.selection_start = gfx::Point(start_rect.x(), start_rect.bottom());
+ params.selection_end = gfx::Point(end_rect.right(), end_rect.bottom());
+#endif
+
+ Send(new FrameHostMsg_ContextMenu(routing_id_, params));
+}
+
+void RenderFrameImpl::forwardInputEvent(const blink::WebInputEvent* event) {
+ Send(new FrameHostMsg_ForwardInputEvent(routing_id_, event));
+}
+
void RenderFrameImpl::AddObserver(RenderFrameObserver* observer) {
observers_.AddObserver(observer);
}
observers_.RemoveObserver(observer);
}
+void RenderFrameImpl::OnStop() {
+ FOR_EACH_OBSERVER(RenderFrameObserver, observers_, OnStop());
+}
+
+// Tell the embedding application that the URL of the active page has changed.
+void RenderFrameImpl::UpdateURL(WebFrame* frame) {
+ WebDataSource* ds = frame->dataSource();
+ DCHECK(ds);
+
+ const WebURLRequest& request = ds->request();
+ const WebURLRequest& original_request = ds->originalRequest();
+ const WebURLResponse& response = ds->response();
+
+ DocumentState* document_state = DocumentState::FromDataSource(ds);
+ NavigationState* navigation_state = document_state->navigation_state();
+ InternalDocumentStateData* internal_data =
+ InternalDocumentStateData::FromDocumentState(document_state);
+
+ FrameHostMsg_DidCommitProvisionalLoad_Params params;
+ params.http_status_code = response.httpStatusCode();
+ params.is_post = false;
+ params.post_id = -1;
+ params.page_id = render_view_->page_id_;
+ params.frame_id = frame->identifier();
+ params.frame_unique_name = frame->uniqueName();
+ params.socket_address.set_host(response.remoteIPAddress().utf8());
+ params.socket_address.set_port(response.remotePort());
+ WebURLResponseExtraDataImpl* extra_data = GetExtraDataFromResponse(response);
+ if (extra_data)
+ params.was_fetched_via_proxy = extra_data->was_fetched_via_proxy();
+ params.was_within_same_page = navigation_state->was_within_same_page();
+ params.security_info = response.securityInfo();
+
+ // Set the URL to be displayed in the browser UI to the user.
+ params.url = render_view_->GetLoadingUrl(frame);
+ DCHECK(!is_swapped_out_ || params.url == GURL(kSwappedOutURL));
+
+ if (frame->document().baseURL() != params.url)
+ params.base_url = frame->document().baseURL();
+
+ GetRedirectChain(ds, ¶ms.redirects);
+ params.should_update_history = !ds->hasUnreachableURL() &&
+ !response.isMultipartPayload() && (response.httpStatusCode() != 404);
+
+ params.searchable_form_url = internal_data->searchable_form_url();
+ params.searchable_form_encoding = internal_data->searchable_form_encoding();
+
+ params.gesture = render_view_->navigation_gesture_;
+ render_view_->navigation_gesture_ = NavigationGestureUnknown;
+
+ // Make navigation state a part of the DidCommitProvisionalLoad message so
+ // that commited entry has it at all times.
+ WebHistoryItem item = frame->currentHistoryItem();
+ if (item.isNull()) {
+ item.initialize();
+ item.setURLString(request.url().spec().utf16());
+ }
+ params.page_state = HistoryItemToPageState(item);
+
+ if (!frame->parent()) {
+ // Top-level navigation.
+
+ // Reset the zoom limits in case a plugin had changed them previously. This
+ // will also call us back which will cause us to send a message to
+ // update WebContentsImpl.
+ render_view_->webview()->zoomLimitsChanged(
+ ZoomFactorToZoomLevel(kMinimumZoomFactor),
+ ZoomFactorToZoomLevel(kMaximumZoomFactor));
+
+ // Set zoom level, but don't do it for full-page plugin since they don't use
+ // the same zoom settings.
+ HostZoomLevels::iterator host_zoom =
+ render_view_->host_zoom_levels_.find(GURL(request.url()));
+ if (render_view_->webview()->mainFrame()->document().isPluginDocument()) {
+ // Reset the zoom levels for plugins.
+ render_view_->webview()->setZoomLevel(0);
+ } else {
+ if (host_zoom != render_view_->host_zoom_levels_.end())
+ render_view_->webview()->setZoomLevel(host_zoom->second);
+ }
+
+ if (host_zoom != render_view_->host_zoom_levels_.end()) {
+ // This zoom level was merely recorded transiently for this load. We can
+ // erase it now. If at some point we reload this page, the browser will
+ // send us a new, up-to-date zoom level.
+ render_view_->host_zoom_levels_.erase(host_zoom);
+ }
+
+ // Update contents MIME type for main frame.
+ params.contents_mime_type = ds->response().mimeType().utf8();
+
+ params.transition = navigation_state->transition_type();
+ if (!PageTransitionIsMainFrame(params.transition)) {
+ // If the main frame does a load, it should not be reported as a subframe
+ // navigation. This can occur in the following case:
+ // 1. You're on a site with frames.
+ // 2. You do a subframe navigation. This is stored with transition type
+ // MANUAL_SUBFRAME.
+ // 3. You navigate to some non-frame site, say, google.com.
+ // 4. You navigate back to the page from step 2. Since it was initially
+ // MANUAL_SUBFRAME, it will be that same transition type here.
+ // We don't want that, because any navigation that changes the toplevel
+ // frame should be tracked as a toplevel navigation (this allows us to
+ // update the URL bar, etc).
+ params.transition = PAGE_TRANSITION_LINK;
+ }
+
+ // If the page contained a client redirect (meta refresh, document.loc...),
+ // set the referrer and transition appropriately.
+ if (ds->isClientRedirect()) {
+ params.referrer =
+ Referrer(params.redirects[0], ds->request().referrerPolicy());
+ params.transition = static_cast<PageTransition>(
+ params.transition | PAGE_TRANSITION_CLIENT_REDIRECT);
+ } else {
+ params.referrer = RenderViewImpl::GetReferrerFromRequest(
+ frame, ds->request());
+ }
+
+ base::string16 method = request.httpMethod();
+ if (EqualsASCII(method, "POST")) {
+ params.is_post = true;
+ params.post_id = ExtractPostId(item);
+ }
+
+ // Send the user agent override back.
+ params.is_overriding_user_agent = internal_data->is_overriding_user_agent();
+
+ // Track the URL of the original request. We use the first entry of the
+ // redirect chain if it exists because the chain may have started in another
+ // process.
+ if (params.redirects.size() > 0)
+ params.original_request_url = params.redirects.at(0);
+ else
+ params.original_request_url = original_request.url();
+
+ params.history_list_was_cleared =
+ navigation_state->history_list_was_cleared();
+
+ // Save some histogram data so we can compute the average memory used per
+ // page load of the glyphs.
+ UMA_HISTOGRAM_COUNTS_10000("Memory.GlyphPagesPerLoad",
+ blink::WebGlyphCache::pageCount());
+
+ // This message needs to be sent before any of allowScripts(),
+ // allowImages(), allowPlugins() is called for the new page, so that when
+ // these functions send a ViewHostMsg_ContentBlocked message, it arrives
+ // after the FrameHostMsg_DidCommitProvisionalLoad message.
+ Send(new FrameHostMsg_DidCommitProvisionalLoad(routing_id_, params));
+ } else {
+ // Subframe navigation: the type depends on whether this navigation
+ // generated a new session history entry. When they do generate a session
+ // history entry, it means the user initiated the navigation and we should
+ // mark it as such. This test checks if this is the first time UpdateURL
+ // has been called since WillNavigateToURL was called to initiate the load.
+ if (render_view_->page_id_ > render_view_->last_page_id_sent_to_browser_)
+ params.transition = PAGE_TRANSITION_MANUAL_SUBFRAME;
+ else
+ params.transition = PAGE_TRANSITION_AUTO_SUBFRAME;
+
+ DCHECK(!navigation_state->history_list_was_cleared());
+ params.history_list_was_cleared = false;
+
+ // Don't send this message while the subframe is swapped out.
+ if (!is_swapped_out())
+ Send(new FrameHostMsg_DidCommitProvisionalLoad(routing_id_, params));
+ }
+
+ render_view_->last_page_id_sent_to_browser_ =
+ std::max(render_view_->last_page_id_sent_to_browser_,
+ render_view_->page_id_);
+
+ // If we end up reusing this WebRequest (for example, due to a #ref click),
+ // we don't want the transition type to persist. Just clear it.
+ navigation_state->set_transition_type(PAGE_TRANSITION_LINK);
+}
+
+void RenderFrameImpl::didStartLoading() {
+ Send(new FrameHostMsg_DidStartLoading(routing_id_));
+}
+
+void RenderFrameImpl::didStopLoading() {
+ Send(new FrameHostMsg_DidStopLoading(routing_id_));
+}
+
} // namespace content