1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
5 * Copyright (C) 2009 Adam Barth. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "config.h"
33 #include "core/loader/NavigationScheduler.h"
34
35 #include "bindings/v8/ScriptController.h"
36 #include "core/events/Event.h"
37 #include "core/html/HTMLFormElement.h"
38 #include "core/inspector/InspectorInstrumentation.h"
39 #include "core/loader/DocumentLoader.h"
40 #include "core/loader/FormState.h"
41 #include "core/loader/FormSubmission.h"
42 #include "core/loader/FrameLoadRequest.h"
43 #include "core/loader/FrameLoader.h"
44 #include "core/loader/FrameLoaderClient.h"
45 #include "core/loader/FrameLoaderStateMachine.h"
46 #include "core/frame/Frame.h"
47 #include "core/page/BackForwardClient.h"
48 #include "core/page/Page.h"
49 #include "platform/UserGestureIndicator.h"
50 #include "wtf/CurrentTime.h"
51
52 namespace WebCore {
53
54 unsigned NavigationDisablerForBeforeUnload::s_navigationDisableCount = 0;
55
56 class ScheduledNavigation {
57 WTF_MAKE_NONCOPYABLE(ScheduledNavigation); WTF_MAKE_FAST_ALLOCATED;
58 public:
ScheduledNavigation(double delay,bool lockBackForwardList,bool isLocationChange)59 ScheduledNavigation(double delay, bool lockBackForwardList, bool isLocationChange)
60 : m_delay(delay)
61 , m_lockBackForwardList(lockBackForwardList)
62 , m_isLocationChange(isLocationChange)
63 , m_wasUserGesture(UserGestureIndicator::processingUserGesture())
64 {
65 if (m_wasUserGesture)
66 m_userGestureToken = UserGestureIndicator::currentToken();
67 }
~ScheduledNavigation()68 virtual ~ScheduledNavigation() { }
69
70 virtual void fire(Frame*) = 0;
71
shouldStartTimer(Frame *)72 virtual bool shouldStartTimer(Frame*) { return true; }
73
delay() const74 double delay() const { return m_delay; }
lockBackForwardList() const75 bool lockBackForwardList() const { return m_lockBackForwardList; }
isLocationChange() const76 bool isLocationChange() const { return m_isLocationChange; }
createUserGestureIndicator()77 PassOwnPtr<UserGestureIndicator> createUserGestureIndicator()
78 {
79 if (m_wasUserGesture && m_userGestureToken)
80 return adoptPtr(new UserGestureIndicator(m_userGestureToken));
81 return adoptPtr(new UserGestureIndicator(DefinitelyNotProcessingUserGesture));
82 }
83
isForm() const84 virtual bool isForm() const { return false; }
85
86 protected:
clearUserGesture()87 void clearUserGesture() { m_wasUserGesture = false; }
88
89 private:
90 double m_delay;
91 bool m_lockBackForwardList;
92 bool m_isLocationChange;
93 bool m_wasUserGesture;
94 RefPtr<UserGestureToken> m_userGestureToken;
95 };
96
97 class ScheduledURLNavigation : public ScheduledNavigation {
98 protected:
ScheduledURLNavigation(double delay,Document * originDocument,const String & url,const String & referrer,bool lockBackForwardList,bool isLocationChange)99 ScheduledURLNavigation(double delay, Document* originDocument, const String& url, const String& referrer, bool lockBackForwardList, bool isLocationChange)
100 : ScheduledNavigation(delay, lockBackForwardList, isLocationChange)
101 , m_originDocument(originDocument)
102 , m_url(url)
103 , m_referrer(referrer)
104 {
105 }
106
fire(Frame * frame)107 virtual void fire(Frame* frame)
108 {
109 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
110 FrameLoadRequest request(m_originDocument.get(), ResourceRequest(KURL(ParsedURLString, m_url), m_referrer), "_self");
111 request.setLockBackForwardList(lockBackForwardList());
112 request.setClientRedirect(ClientRedirect);
113 frame->loader().load(request);
114 }
115
originDocument() const116 Document* originDocument() const { return m_originDocument.get(); }
url() const117 String url() const { return m_url; }
referrer() const118 String referrer() const { return m_referrer; }
119
120 private:
121 RefPtr<Document> m_originDocument;
122 String m_url;
123 String m_referrer;
124 };
125
126 class ScheduledRedirect : public ScheduledURLNavigation {
127 public:
ScheduledRedirect(double delay,Document * originDocument,const String & url,bool lockBackForwardList)128 ScheduledRedirect(double delay, Document* originDocument, const String& url, bool lockBackForwardList)
129 : ScheduledURLNavigation(delay, originDocument, url, String(), lockBackForwardList, false)
130 {
131 clearUserGesture();
132 }
133
shouldStartTimer(Frame * frame)134 virtual bool shouldStartTimer(Frame* frame) { return frame->loader().allAncestorsAreComplete(); }
135
fire(Frame * frame)136 virtual void fire(Frame* frame)
137 {
138 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
139 FrameLoadRequest request(originDocument(), ResourceRequest(KURL(ParsedURLString, url()), referrer()), "_self");
140 request.setLockBackForwardList(lockBackForwardList());
141 if (equalIgnoringFragmentIdentifier(frame->document()->url(), request.resourceRequest().url()))
142 request.resourceRequest().setCachePolicy(ReloadIgnoringCacheData);
143 request.setClientRedirect(ClientRedirect);
144 frame->loader().load(request);
145 }
146 };
147
148 class ScheduledLocationChange : public ScheduledURLNavigation {
149 public:
ScheduledLocationChange(Document * originDocument,const String & url,const String & referrer,bool lockBackForwardList)150 ScheduledLocationChange(Document* originDocument, const String& url, const String& referrer, bool lockBackForwardList)
151 : ScheduledURLNavigation(0.0, originDocument, url, referrer, lockBackForwardList, true) { }
152 };
153
154 class ScheduledRefresh : public ScheduledURLNavigation {
155 public:
ScheduledRefresh(Document * originDocument,const String & url,const String & referrer)156 ScheduledRefresh(Document* originDocument, const String& url, const String& referrer)
157 : ScheduledURLNavigation(0.0, originDocument, url, referrer, true, true)
158 {
159 }
160
fire(Frame * frame)161 virtual void fire(Frame* frame)
162 {
163 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
164 FrameLoadRequest request(originDocument(), ResourceRequest(KURL(ParsedURLString, url()), referrer(), ReloadIgnoringCacheData), "_self");
165 request.setLockBackForwardList(lockBackForwardList());
166 request.setClientRedirect(ClientRedirect);
167 frame->loader().load(request);
168 }
169 };
170
171 class ScheduledHistoryNavigation : public ScheduledNavigation {
172 public:
ScheduledHistoryNavigation(int historySteps)173 explicit ScheduledHistoryNavigation(int historySteps)
174 : ScheduledNavigation(0, false, true)
175 , m_historySteps(historySteps)
176 {
177 }
178
fire(Frame * frame)179 virtual void fire(Frame* frame)
180 {
181 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
182
183 if (!m_historySteps) {
184 FrameLoadRequest frameRequest(frame->document(), ResourceRequest(frame->document()->url()));
185 frameRequest.setLockBackForwardList(lockBackForwardList());
186 // Special case for go(0) from a frame -> reload only the frame
187 // To follow Firefox and IE's behavior, history reload can only navigate the self frame.
188 frame->loader().load(frameRequest);
189 return;
190 }
191 // go(i!=0) from a frame navigates into the history of the frame only,
192 // in both IE and NS (but not in Mozilla). We can't easily do that.
193 frame->page()->mainFrame()->loader().client()->navigateBackForward(m_historySteps);
194 }
195
196 private:
197 int m_historySteps;
198 };
199
200 class ScheduledFormSubmission : public ScheduledNavigation {
201 public:
ScheduledFormSubmission(PassRefPtr<FormSubmission> submission,bool lockBackForwardList)202 ScheduledFormSubmission(PassRefPtr<FormSubmission> submission, bool lockBackForwardList)
203 : ScheduledNavigation(0, lockBackForwardList, true)
204 , m_submission(submission)
205 {
206 ASSERT(m_submission->state());
207 }
208
fire(Frame * frame)209 virtual void fire(Frame* frame)
210 {
211 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
212 FrameLoadRequest frameRequest(m_submission->state()->sourceDocument());
213 m_submission->populateFrameLoadRequest(frameRequest);
214 frameRequest.setLockBackForwardList(lockBackForwardList());
215 frameRequest.setTriggeringEvent(m_submission->event());
216 frameRequest.setFormState(m_submission->state());
217 frame->loader().load(frameRequest);
218 }
219
isForm() const220 virtual bool isForm() const { return true; }
submission() const221 FormSubmission* submission() const { return m_submission.get(); }
222
223 private:
224 RefPtr<FormSubmission> m_submission;
225 };
226
NavigationScheduler(Frame * frame)227 NavigationScheduler::NavigationScheduler(Frame* frame)
228 : m_frame(frame)
229 , m_timer(this, &NavigationScheduler::timerFired)
230 {
231 }
232
~NavigationScheduler()233 NavigationScheduler::~NavigationScheduler()
234 {
235 }
236
locationChangePending()237 bool NavigationScheduler::locationChangePending()
238 {
239 return m_redirect && m_redirect->isLocationChange();
240 }
241
clear()242 void NavigationScheduler::clear()
243 {
244 if (m_timer.isActive())
245 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
246 m_timer.stop();
247 m_redirect.clear();
248 }
249
shouldScheduleNavigation() const250 inline bool NavigationScheduler::shouldScheduleNavigation() const
251 {
252 return m_frame->page();
253 }
254
shouldScheduleNavigation(const String & url) const255 inline bool NavigationScheduler::shouldScheduleNavigation(const String& url) const
256 {
257 return shouldScheduleNavigation() && (protocolIsJavaScript(url) || NavigationDisablerForBeforeUnload::isNavigationAllowed());
258 }
259
scheduleRedirect(double delay,const String & url)260 void NavigationScheduler::scheduleRedirect(double delay, const String& url)
261 {
262 if (!shouldScheduleNavigation(url))
263 return;
264 if (delay < 0 || delay > INT_MAX / 1000)
265 return;
266 if (url.isEmpty())
267 return;
268
269 // We want a new back/forward list item if the refresh timeout is > 1 second.
270 if (!m_redirect || delay <= m_redirect->delay())
271 schedule(adoptPtr(new ScheduledRedirect(delay, m_frame->document(), url, delay <= 1)));
272 }
273
mustLockBackForwardList(Frame * targetFrame)274 bool NavigationScheduler::mustLockBackForwardList(Frame* targetFrame)
275 {
276 // Non-user navigation before the page has finished firing onload should not create a new back/forward item.
277 // See https://webkit.org/b/42861 for the original motivation for this.
278 if (!UserGestureIndicator::processingUserGesture() && !targetFrame->document()->loadEventFinished())
279 return true;
280
281 // From the HTML5 spec for location.assign():
282 // "If the browsing context's session history contains only one Document,
283 // and that was the about:blank Document created when the browsing context
284 // was created, then the navigation must be done with replacement enabled."
285 if (!targetFrame->loader().stateMachine()->committedMultipleRealLoads()
286 && equalIgnoringCase(targetFrame->document()->url(), blankURL()))
287 return true;
288
289 // Navigation of a subframe during loading of an ancestor frame does not create a new back/forward item.
290 // The definition of "during load" is any time before all handlers for the load event have been run.
291 // See https://bugs.webkit.org/show_bug.cgi?id=14957 for the original motivation for this.
292 return targetFrame->tree().parent() && !targetFrame->tree().parent()->loader().allAncestorsAreComplete();
293 }
294
scheduleLocationChange(Document * originDocument,const String & url,const String & referrer,bool lockBackForwardList)295 void NavigationScheduler::scheduleLocationChange(Document* originDocument, const String& url, const String& referrer, bool lockBackForwardList)
296 {
297 if (!shouldScheduleNavigation(url))
298 return;
299 if (url.isEmpty())
300 return;
301
302 lockBackForwardList = lockBackForwardList || mustLockBackForwardList(m_frame);
303
304 // If the URL we're going to navigate to is the same as the current one, except for the
305 // fragment part, we don't need to schedule the location change. We'll skip this
306 // optimization for cross-origin navigations to minimize the navigator's ability to
307 // execute timing attacks.
308 if (originDocument->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) {
309 KURL parsedURL(ParsedURLString, url);
310 if (parsedURL.hasFragmentIdentifier() && equalIgnoringFragmentIdentifier(m_frame->document()->url(), parsedURL)) {
311 FrameLoadRequest request(originDocument, ResourceRequest(m_frame->document()->completeURL(url), referrer), "_self");
312 request.setLockBackForwardList(lockBackForwardList);
313 request.setClientRedirect(ClientRedirect);
314 m_frame->loader().load(request);
315 return;
316 }
317 }
318
319 schedule(adoptPtr(new ScheduledLocationChange(originDocument, url, referrer, lockBackForwardList)));
320 }
321
scheduleFormSubmission(PassRefPtr<FormSubmission> submission)322 void NavigationScheduler::scheduleFormSubmission(PassRefPtr<FormSubmission> submission)
323 {
324 ASSERT(m_frame->page());
325 schedule(adoptPtr(new ScheduledFormSubmission(submission, mustLockBackForwardList(m_frame))));
326 }
327
scheduleRefresh()328 void NavigationScheduler::scheduleRefresh()
329 {
330 if (!shouldScheduleNavigation())
331 return;
332 const KURL& url = m_frame->document()->url();
333 if (url.isEmpty())
334 return;
335
336 schedule(adoptPtr(new ScheduledRefresh(m_frame->document(), url.string(), m_frame->document()->outgoingReferrer())));
337 }
338
scheduleHistoryNavigation(int steps)339 void NavigationScheduler::scheduleHistoryNavigation(int steps)
340 {
341 if (!shouldScheduleNavigation())
342 return;
343
344 // Invalid history navigations (such as history.forward() during a new load) have the side effect of cancelling any scheduled
345 // redirects. We also avoid the possibility of cancelling the current load by avoiding the scheduled redirection altogether.
346 BackForwardClient& backForward = m_frame->page()->backForward();
347 if (steps > backForward.forwardListCount() || -steps > backForward.backListCount()) {
348 cancel();
349 return;
350 }
351
352 // In all other cases, schedule the history traversal to occur asynchronously.
353 schedule(adoptPtr(new ScheduledHistoryNavigation(steps)));
354 }
355
timerFired(Timer<NavigationScheduler> *)356 void NavigationScheduler::timerFired(Timer<NavigationScheduler>*)
357 {
358 if (!m_frame->page())
359 return;
360 if (m_frame->page()->defersLoading()) {
361 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
362 return;
363 }
364
365 RefPtr<Frame> protect(m_frame);
366
367 OwnPtr<ScheduledNavigation> redirect(m_redirect.release());
368 redirect->fire(m_frame);
369 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
370 }
371
schedule(PassOwnPtr<ScheduledNavigation> redirect)372 void NavigationScheduler::schedule(PassOwnPtr<ScheduledNavigation> redirect)
373 {
374 ASSERT(m_frame->page());
375 cancel();
376 m_redirect = redirect;
377 startTimer();
378 }
379
startTimer()380 void NavigationScheduler::startTimer()
381 {
382 if (!m_redirect)
383 return;
384
385 ASSERT(m_frame->page());
386 if (m_timer.isActive())
387 return;
388 if (!m_redirect->shouldStartTimer(m_frame))
389 return;
390
391 m_timer.startOneShot(m_redirect->delay());
392 InspectorInstrumentation::frameScheduledNavigation(m_frame, m_redirect->delay());
393 }
394
cancel()395 void NavigationScheduler::cancel()
396 {
397 if (m_timer.isActive())
398 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
399 m_timer.stop();
400 m_redirect.clear();
401 }
402
403 } // namespace WebCore
404