1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/frame_host/render_frame_host_impl.h"
6
7 #include "base/bind.h"
8 #include "base/containers/hash_tables.h"
9 #include "base/lazy_instance.h"
10 #include "base/metrics/user_metrics_action.h"
11 #include "content/browser/child_process_security_policy_impl.h"
12 #include "content/browser/frame_host/cross_process_frame_connector.h"
13 #include "content/browser/frame_host/cross_site_transferring_request.h"
14 #include "content/browser/frame_host/frame_tree.h"
15 #include "content/browser/frame_host/frame_tree_node.h"
16 #include "content/browser/frame_host/navigator.h"
17 #include "content/browser/frame_host/render_frame_host_delegate.h"
18 #include "content/browser/frame_host/render_frame_proxy_host.h"
19 #include "content/browser/renderer_host/input/input_router.h"
20 #include "content/browser/renderer_host/input/timeout_monitor.h"
21 #include "content/browser/renderer_host/render_view_host_impl.h"
22 #include "content/browser/renderer_host/render_widget_host_impl.h"
23 #include "content/common/desktop_notification_messages.h"
24 #include "content/common/frame_messages.h"
25 #include "content/common/input_messages.h"
26 #include "content/common/inter_process_time_ticks_converter.h"
27 #include "content/common/swapped_out_messages.h"
28 #include "content/public/browser/browser_thread.h"
29 #include "content/public/browser/content_browser_client.h"
30 #include "content/public/browser/desktop_notification_delegate.h"
31 #include "content/public/browser/render_process_host.h"
32 #include "content/public/browser/render_widget_host_view.h"
33 #include "content/public/browser/user_metrics.h"
34 #include "content/public/common/content_constants.h"
35 #include "content/public/common/url_constants.h"
36 #include "content/public/common/url_utils.h"
37 #include "url/gurl.h"
38
39 using base::TimeDelta;
40
41 namespace content {
42
43 namespace {
44
45 // The (process id, routing id) pair that identifies one RenderFrame.
46 typedef std::pair<int32, int32> RenderFrameHostID;
47 typedef base::hash_map<RenderFrameHostID, RenderFrameHostImpl*>
48 RoutingIDFrameMap;
49 base::LazyInstance<RoutingIDFrameMap> g_routing_id_frame_map =
50 LAZY_INSTANCE_INITIALIZER;
51
52 class DesktopNotificationDelegateImpl : public DesktopNotificationDelegate {
53 public:
DesktopNotificationDelegateImpl(RenderFrameHost * render_frame_host,int notification_id)54 DesktopNotificationDelegateImpl(RenderFrameHost* render_frame_host,
55 int notification_id)
56 : render_process_id_(render_frame_host->GetProcess()->GetID()),
57 render_frame_id_(render_frame_host->GetRoutingID()),
58 notification_id_(notification_id) {}
59
~DesktopNotificationDelegateImpl()60 virtual ~DesktopNotificationDelegateImpl() {}
61
NotificationDisplayed()62 virtual void NotificationDisplayed() OVERRIDE {
63 RenderFrameHost* rfh =
64 RenderFrameHost::FromID(render_process_id_, render_frame_id_);
65 if (!rfh)
66 return;
67
68 rfh->Send(new DesktopNotificationMsg_PostDisplay(
69 rfh->GetRoutingID(), notification_id_));
70 }
71
NotificationError()72 virtual void NotificationError() OVERRIDE {
73 RenderFrameHost* rfh =
74 RenderFrameHost::FromID(render_process_id_, render_frame_id_);
75 if (!rfh)
76 return;
77
78 rfh->Send(new DesktopNotificationMsg_PostError(
79 rfh->GetRoutingID(), notification_id_));
80 delete this;
81 }
82
NotificationClosed(bool by_user)83 virtual void NotificationClosed(bool by_user) OVERRIDE {
84 RenderFrameHost* rfh =
85 RenderFrameHost::FromID(render_process_id_, render_frame_id_);
86 if (!rfh)
87 return;
88
89 rfh->Send(new DesktopNotificationMsg_PostClose(
90 rfh->GetRoutingID(), notification_id_, by_user));
91 static_cast<RenderFrameHostImpl*>(rfh)->NotificationClosed(
92 notification_id_);
93 delete this;
94 }
95
NotificationClick()96 virtual void NotificationClick() OVERRIDE {
97 RenderFrameHost* rfh =
98 RenderFrameHost::FromID(render_process_id_, render_frame_id_);
99 if (!rfh)
100 return;
101
102 rfh->Send(new DesktopNotificationMsg_PostClick(
103 rfh->GetRoutingID(), notification_id_));
104 }
105
106 private:
107 int render_process_id_;
108 int render_frame_id_;
109 int notification_id_;
110 };
111
112 // Translate a WebKit text direction into a base::i18n one.
WebTextDirectionToChromeTextDirection(blink::WebTextDirection dir)113 base::i18n::TextDirection WebTextDirectionToChromeTextDirection(
114 blink::WebTextDirection dir) {
115 switch (dir) {
116 case blink::WebTextDirectionLeftToRight:
117 return base::i18n::LEFT_TO_RIGHT;
118 case blink::WebTextDirectionRightToLeft:
119 return base::i18n::RIGHT_TO_LEFT;
120 default:
121 NOTREACHED();
122 return base::i18n::UNKNOWN_DIRECTION;
123 }
124 }
125
126 } // namespace
127
FromID(int render_process_id,int render_frame_id)128 RenderFrameHost* RenderFrameHost::FromID(int render_process_id,
129 int render_frame_id) {
130 return RenderFrameHostImpl::FromID(render_process_id, render_frame_id);
131 }
132
133 // static
FromID(int process_id,int routing_id)134 RenderFrameHostImpl* RenderFrameHostImpl::FromID(
135 int process_id, int routing_id) {
136 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
137 RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer();
138 RoutingIDFrameMap::iterator it = frames->find(
139 RenderFrameHostID(process_id, routing_id));
140 return it == frames->end() ? NULL : it->second;
141 }
142
RenderFrameHostImpl(RenderViewHostImpl * render_view_host,RenderFrameHostDelegate * delegate,FrameTree * frame_tree,FrameTreeNode * frame_tree_node,int routing_id,bool is_swapped_out)143 RenderFrameHostImpl::RenderFrameHostImpl(
144 RenderViewHostImpl* render_view_host,
145 RenderFrameHostDelegate* delegate,
146 FrameTree* frame_tree,
147 FrameTreeNode* frame_tree_node,
148 int routing_id,
149 bool is_swapped_out)
150 : render_view_host_(render_view_host),
151 delegate_(delegate),
152 cross_process_frame_connector_(NULL),
153 render_frame_proxy_host_(NULL),
154 frame_tree_(frame_tree),
155 frame_tree_node_(frame_tree_node),
156 routing_id_(routing_id),
157 is_swapped_out_(is_swapped_out),
158 weak_ptr_factory_(this) {
159 frame_tree_->RegisterRenderFrameHost(this);
160 GetProcess()->AddRoute(routing_id_, this);
161 g_routing_id_frame_map.Get().insert(std::make_pair(
162 RenderFrameHostID(GetProcess()->GetID(), routing_id_),
163 this));
164 }
165
~RenderFrameHostImpl()166 RenderFrameHostImpl::~RenderFrameHostImpl() {
167 GetProcess()->RemoveRoute(routing_id_);
168 g_routing_id_frame_map.Get().erase(
169 RenderFrameHostID(GetProcess()->GetID(), routing_id_));
170 if (delegate_)
171 delegate_->RenderFrameDeleted(this);
172
173 // Notify the FrameTree that this RFH is going away, allowing it to shut down
174 // the corresponding RenderViewHost if it is no longer needed.
175 frame_tree_->UnregisterRenderFrameHost(this);
176 }
177
GetRoutingID()178 int RenderFrameHostImpl::GetRoutingID() {
179 return routing_id_;
180 }
181
GetSiteInstance()182 SiteInstance* RenderFrameHostImpl::GetSiteInstance() {
183 return render_view_host_->GetSiteInstance();
184 }
185
GetProcess()186 RenderProcessHost* RenderFrameHostImpl::GetProcess() {
187 // TODO(nasko): This should return its own process, once we have working
188 // cross-process navigation for subframes.
189 return render_view_host_->GetProcess();
190 }
191
GetParent()192 RenderFrameHost* RenderFrameHostImpl::GetParent() {
193 FrameTreeNode* parent_node = frame_tree_node_->parent();
194 if (!parent_node)
195 return NULL;
196 return parent_node->current_frame_host();
197 }
198
GetFrameName()199 const std::string& RenderFrameHostImpl::GetFrameName() {
200 return frame_tree_node_->frame_name();
201 }
202
IsCrossProcessSubframe()203 bool RenderFrameHostImpl::IsCrossProcessSubframe() {
204 FrameTreeNode* parent_node = frame_tree_node_->parent();
205 if (!parent_node)
206 return false;
207 return GetSiteInstance() !=
208 parent_node->current_frame_host()->GetSiteInstance();
209 }
210
GetLastCommittedURL()211 GURL RenderFrameHostImpl::GetLastCommittedURL() {
212 return frame_tree_node_->current_url();
213 }
214
GetNativeView()215 gfx::NativeView RenderFrameHostImpl::GetNativeView() {
216 RenderWidgetHostView* view = render_view_host_->GetView();
217 if (!view)
218 return NULL;
219 return view->GetNativeView();
220 }
221
ExecuteJavaScript(const base::string16 & javascript)222 void RenderFrameHostImpl::ExecuteJavaScript(
223 const base::string16& javascript) {
224 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
225 javascript,
226 0, false));
227 }
228
ExecuteJavaScript(const base::string16 & javascript,const JavaScriptResultCallback & callback)229 void RenderFrameHostImpl::ExecuteJavaScript(
230 const base::string16& javascript,
231 const JavaScriptResultCallback& callback) {
232 static int next_id = 1;
233 int key = next_id++;
234 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
235 javascript,
236 key, true));
237 javascript_callbacks_.insert(std::make_pair(key, callback));
238 }
239
GetRenderViewHost()240 RenderViewHost* RenderFrameHostImpl::GetRenderViewHost() {
241 return render_view_host_;
242 }
243
Send(IPC::Message * message)244 bool RenderFrameHostImpl::Send(IPC::Message* message) {
245 if (IPC_MESSAGE_ID_CLASS(message->type()) == InputMsgStart) {
246 return render_view_host_->input_router()->SendInput(
247 make_scoped_ptr(message));
248 }
249
250 if (render_view_host_->IsSwappedOut()) {
251 DCHECK(render_frame_proxy_host_);
252 return render_frame_proxy_host_->Send(message);
253 }
254
255 return GetProcess()->Send(message);
256 }
257
OnMessageReceived(const IPC::Message & msg)258 bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) {
259 // Filter out most IPC messages if this renderer is swapped out.
260 // We still want to handle certain ACKs to keep our state consistent.
261 // TODO(nasko): Only check RenderViewHost state, as this object's own state
262 // isn't yet properly updated. Transition this check once the swapped out
263 // state is correct in RenderFrameHost itself.
264 if (render_view_host_->IsSwappedOut()) {
265 if (!SwappedOutMessages::CanHandleWhileSwappedOut(msg)) {
266 // If this is a synchronous message and we decided not to handle it,
267 // we must send an error reply, or else the renderer will be stuck
268 // and won't respond to future requests.
269 if (msg.is_sync()) {
270 IPC::Message* reply = IPC::SyncMessage::GenerateReply(&msg);
271 reply->set_reply_error();
272 Send(reply);
273 }
274 // Don't continue looking for someone to handle it.
275 return true;
276 }
277 }
278
279 if (delegate_->OnMessageReceived(this, msg))
280 return true;
281
282 RenderFrameProxyHost* proxy =
283 frame_tree_node_->render_manager()->GetProxyToParent();
284 if (proxy && proxy->cross_process_frame_connector() &&
285 proxy->cross_process_frame_connector()->OnMessageReceived(msg))
286 return true;
287
288 bool handled = true;
289 IPC_BEGIN_MESSAGE_MAP(RenderFrameHostImpl, msg)
290 IPC_MESSAGE_HANDLER(FrameHostMsg_AddMessageToConsole, OnAddMessageToConsole)
291 IPC_MESSAGE_HANDLER(FrameHostMsg_Detach, OnDetach)
292 IPC_MESSAGE_HANDLER(FrameHostMsg_FrameFocused, OnFrameFocused)
293 IPC_MESSAGE_HANDLER(FrameHostMsg_DidStartProvisionalLoadForFrame,
294 OnDidStartProvisionalLoadForFrame)
295 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailProvisionalLoadWithError,
296 OnDidFailProvisionalLoadWithError)
297 IPC_MESSAGE_HANDLER(FrameHostMsg_DidRedirectProvisionalLoad,
298 OnDidRedirectProvisionalLoad)
299 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailLoadWithError,
300 OnDidFailLoadWithError)
301 IPC_MESSAGE_HANDLER_GENERIC(FrameHostMsg_DidCommitProvisionalLoad,
302 OnNavigate(msg))
303 IPC_MESSAGE_HANDLER(FrameHostMsg_OpenURL, OnOpenURL)
304 IPC_MESSAGE_HANDLER(FrameHostMsg_DocumentOnLoadCompleted,
305 OnDocumentOnLoadCompleted)
306 IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnload_ACK, OnBeforeUnloadACK)
307 IPC_MESSAGE_HANDLER(FrameHostMsg_SwapOut_ACK, OnSwapOutACK)
308 IPC_MESSAGE_HANDLER(FrameHostMsg_ContextMenu, OnContextMenu)
309 IPC_MESSAGE_HANDLER(FrameHostMsg_JavaScriptExecuteResponse,
310 OnJavaScriptExecuteResponse)
311 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunJavaScriptMessage,
312 OnRunJavaScriptMessage)
313 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunBeforeUnloadConfirm,
314 OnRunBeforeUnloadConfirm)
315 IPC_MESSAGE_HANDLER(FrameHostMsg_DidAccessInitialDocument,
316 OnDidAccessInitialDocument)
317 IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisownOpener, OnDidDisownOpener)
318 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateTitle, OnUpdateTitle)
319 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateEncoding, OnUpdateEncoding)
320 IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_RequestPermission,
321 OnRequestDesktopNotificationPermission)
322 IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_Show,
323 OnShowDesktopNotification)
324 IPC_MESSAGE_HANDLER(DesktopNotificationHostMsg_Cancel,
325 OnCancelDesktopNotification)
326 IPC_MESSAGE_HANDLER(FrameHostMsg_TextSurroundingSelectionResponse,
327 OnTextSurroundingSelectionResponse)
328 IPC_END_MESSAGE_MAP()
329
330 return handled;
331 }
332
Init()333 void RenderFrameHostImpl::Init() {
334 GetProcess()->ResumeRequestsForView(routing_id_);
335 }
336
OnAddMessageToConsole(int32 level,const base::string16 & message,int32 line_no,const base::string16 & source_id)337 void RenderFrameHostImpl::OnAddMessageToConsole(
338 int32 level,
339 const base::string16& message,
340 int32 line_no,
341 const base::string16& source_id) {
342 if (delegate_->AddMessageToConsole(level, message, line_no, source_id))
343 return;
344
345 // Pass through log level only on WebUI pages to limit console spew.
346 int32 resolved_level =
347 HasWebUIScheme(delegate_->GetMainFrameLastCommittedURL()) ? level : 0;
348
349 if (resolved_level >= ::logging::GetMinLogLevel()) {
350 logging::LogMessage("CONSOLE", line_no, resolved_level).stream() << "\"" <<
351 message << "\", source: " << source_id << " (" << line_no << ")";
352 }
353 }
354
OnCreateChildFrame(int new_routing_id,const std::string & frame_name)355 void RenderFrameHostImpl::OnCreateChildFrame(int new_routing_id,
356 const std::string& frame_name) {
357 RenderFrameHostImpl* new_frame = frame_tree_->AddFrame(
358 frame_tree_node_, new_routing_id, frame_name);
359 if (delegate_)
360 delegate_->RenderFrameCreated(new_frame);
361 }
362
OnDetach()363 void RenderFrameHostImpl::OnDetach() {
364 frame_tree_->RemoveFrame(frame_tree_node_);
365 }
366
OnFrameFocused()367 void RenderFrameHostImpl::OnFrameFocused() {
368 frame_tree_->SetFocusedFrame(frame_tree_node_);
369 }
370
OnOpenURL(const FrameHostMsg_OpenURL_Params & params)371 void RenderFrameHostImpl::OnOpenURL(
372 const FrameHostMsg_OpenURL_Params& params) {
373 GURL validated_url(params.url);
374 GetProcess()->FilterURL(false, &validated_url);
375
376 frame_tree_node_->navigator()->RequestOpenURL(
377 this, validated_url, params.referrer, params.disposition,
378 params.should_replace_current_entry, params.user_gesture);
379 }
380
OnDocumentOnLoadCompleted()381 void RenderFrameHostImpl::OnDocumentOnLoadCompleted() {
382 // This message is only sent for top-level frames. TODO(avi): when frame tree
383 // mirroring works correctly, add a check here to enforce it.
384 delegate_->DocumentOnLoadCompleted(this);
385 }
386
OnDidStartProvisionalLoadForFrame(int parent_routing_id,const GURL & url)387 void RenderFrameHostImpl::OnDidStartProvisionalLoadForFrame(
388 int parent_routing_id,
389 const GURL& url) {
390 frame_tree_node_->navigator()->DidStartProvisionalLoad(
391 this, parent_routing_id, url);
392 }
393
OnDidFailProvisionalLoadWithError(const FrameHostMsg_DidFailProvisionalLoadWithError_Params & params)394 void RenderFrameHostImpl::OnDidFailProvisionalLoadWithError(
395 const FrameHostMsg_DidFailProvisionalLoadWithError_Params& params) {
396 frame_tree_node_->navigator()->DidFailProvisionalLoadWithError(this, params);
397 }
398
OnDidFailLoadWithError(const GURL & url,int error_code,const base::string16 & error_description)399 void RenderFrameHostImpl::OnDidFailLoadWithError(
400 const GURL& url,
401 int error_code,
402 const base::string16& error_description) {
403 GURL validated_url(url);
404 GetProcess()->FilterURL(false, &validated_url);
405
406 frame_tree_node_->navigator()->DidFailLoadWithError(
407 this, validated_url, error_code, error_description);
408 }
409
OnDidRedirectProvisionalLoad(int32 page_id,const GURL & source_url,const GURL & target_url)410 void RenderFrameHostImpl::OnDidRedirectProvisionalLoad(
411 int32 page_id,
412 const GURL& source_url,
413 const GURL& target_url) {
414 frame_tree_node_->navigator()->DidRedirectProvisionalLoad(
415 this, page_id, source_url, target_url);
416 }
417
418 // Called when the renderer navigates. For every frame loaded, we'll get this
419 // notification containing parameters identifying the navigation.
420 //
421 // Subframes are identified by the page transition type. For subframes loaded
422 // as part of a wider page load, the page_id will be the same as for the top
423 // level frame. If the user explicitly requests a subframe navigation, we will
424 // get a new page_id because we need to create a new navigation entry for that
425 // action.
OnNavigate(const IPC::Message & msg)426 void RenderFrameHostImpl::OnNavigate(const IPC::Message& msg) {
427 // Read the parameters out of the IPC message directly to avoid making another
428 // copy when we filter the URLs.
429 PickleIterator iter(msg);
430 FrameHostMsg_DidCommitProvisionalLoad_Params validated_params;
431 if (!IPC::ParamTraits<FrameHostMsg_DidCommitProvisionalLoad_Params>::
432 Read(&msg, &iter, &validated_params))
433 return;
434
435 // If we're waiting for a cross-site beforeunload ack from this renderer and
436 // we receive a Navigate message from the main frame, then the renderer was
437 // navigating already and sent it before hearing the ViewMsg_Stop message.
438 // We do not want to cancel the pending navigation in this case, since the
439 // old page will soon be stopped. Instead, treat this as a beforeunload ack
440 // to allow the pending navigation to continue.
441 if (render_view_host_->is_waiting_for_beforeunload_ack_ &&
442 render_view_host_->unload_ack_is_for_cross_site_transition_ &&
443 PageTransitionIsMainFrame(validated_params.transition)) {
444 OnBeforeUnloadACK(true, send_before_unload_start_time_,
445 base::TimeTicks::Now());
446 return;
447 }
448
449 // If we're waiting for an unload ack from this renderer and we receive a
450 // Navigate message, then the renderer was navigating before it received the
451 // unload request. It will either respond to the unload request soon or our
452 // timer will expire. Either way, we should ignore this message, because we
453 // have already committed to closing this renderer.
454 if (render_view_host_->IsWaitingForUnloadACK())
455 return;
456
457 RenderProcessHost* process = GetProcess();
458
459 // Attempts to commit certain off-limits URL should be caught more strictly
460 // than our FilterURL checks below. If a renderer violates this policy, it
461 // should be killed.
462 if (!CanCommitURL(validated_params.url)) {
463 VLOG(1) << "Blocked URL " << validated_params.url.spec();
464 validated_params.url = GURL(url::kAboutBlankURL);
465 RecordAction(base::UserMetricsAction("CanCommitURL_BlockedAndKilled"));
466 // Kills the process.
467 process->ReceivedBadMessage();
468 }
469
470 // Without this check, an evil renderer can trick the browser into creating
471 // a navigation entry for a banned URL. If the user clicks the back button
472 // followed by the forward button (or clicks reload, or round-trips through
473 // session restore, etc), we'll think that the browser commanded the
474 // renderer to load the URL and grant the renderer the privileges to request
475 // the URL. To prevent this attack, we block the renderer from inserting
476 // banned URLs into the navigation controller in the first place.
477 process->FilterURL(false, &validated_params.url);
478 process->FilterURL(true, &validated_params.referrer.url);
479 for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
480 it != validated_params.redirects.end(); ++it) {
481 process->FilterURL(false, &(*it));
482 }
483 process->FilterURL(true, &validated_params.searchable_form_url);
484
485 // Without this check, the renderer can trick the browser into using
486 // filenames it can't access in a future session restore.
487 if (!render_view_host_->CanAccessFilesOfPageState(
488 validated_params.page_state)) {
489 GetProcess()->ReceivedBadMessage();
490 return;
491 }
492
493 frame_tree_node()->navigator()->DidNavigate(this, validated_params);
494 }
495
GetRenderWidgetHost()496 RenderWidgetHostImpl* RenderFrameHostImpl::GetRenderWidgetHost() {
497 return static_cast<RenderWidgetHostImpl*>(render_view_host_);
498 }
499
GetEnabledBindings()500 int RenderFrameHostImpl::GetEnabledBindings() {
501 return render_view_host_->GetEnabledBindings();
502 }
503
OnCrossSiteResponse(const GlobalRequestID & global_request_id,scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request,const std::vector<GURL> & transfer_url_chain,const Referrer & referrer,PageTransition page_transition,bool should_replace_current_entry)504 void RenderFrameHostImpl::OnCrossSiteResponse(
505 const GlobalRequestID& global_request_id,
506 scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request,
507 const std::vector<GURL>& transfer_url_chain,
508 const Referrer& referrer,
509 PageTransition page_transition,
510 bool should_replace_current_entry) {
511 frame_tree_node_->render_manager()->OnCrossSiteResponse(
512 this, global_request_id, cross_site_transferring_request.Pass(),
513 transfer_url_chain, referrer, page_transition,
514 should_replace_current_entry);
515 }
516
SwapOut(RenderFrameProxyHost * proxy)517 void RenderFrameHostImpl::SwapOut(RenderFrameProxyHost* proxy) {
518 // TODO(creis): Move swapped out state to RFH. Until then, only update it
519 // when swapping out the main frame.
520 if (!GetParent()) {
521 // If this RenderViewHost is not in the default state, it must have already
522 // gone through this, therefore just return.
523 if (render_view_host_->rvh_state_ != RenderViewHostImpl::STATE_DEFAULT)
524 return;
525
526 render_view_host_->SetState(
527 RenderViewHostImpl::STATE_WAITING_FOR_UNLOAD_ACK);
528 render_view_host_->unload_event_monitor_timeout_->Start(
529 base::TimeDelta::FromMilliseconds(
530 RenderViewHostImpl::kUnloadTimeoutMS));
531 }
532
533 set_render_frame_proxy_host(proxy);
534
535 if (render_view_host_->IsRenderViewLive())
536 Send(new FrameMsg_SwapOut(routing_id_, proxy->GetRoutingID()));
537
538 if (!GetParent())
539 delegate_->SwappedOut(this);
540
541 // Allow the navigation to proceed.
542 frame_tree_node_->render_manager()->SwappedOut(this);
543 }
544
OnBeforeUnloadACK(bool proceed,const base::TimeTicks & renderer_before_unload_start_time,const base::TimeTicks & renderer_before_unload_end_time)545 void RenderFrameHostImpl::OnBeforeUnloadACK(
546 bool proceed,
547 const base::TimeTicks& renderer_before_unload_start_time,
548 const base::TimeTicks& renderer_before_unload_end_time) {
549 // TODO(creis): Support properly beforeunload on subframes. For now just
550 // pretend that the handler ran and allowed the navigation to proceed.
551 if (GetParent()) {
552 render_view_host_->is_waiting_for_beforeunload_ack_ = false;
553 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
554 render_view_host_->unload_ack_is_for_cross_site_transition_, proceed,
555 renderer_before_unload_end_time);
556 return;
557 }
558
559 render_view_host_->decrement_in_flight_event_count();
560 render_view_host_->StopHangMonitorTimeout();
561 // If this renderer navigated while the beforeunload request was in flight, we
562 // may have cleared this state in OnNavigate, in which case we can ignore
563 // this message.
564 // However renderer might also be swapped out but we still want to proceed
565 // with navigation, otherwise it would block future navigations. This can
566 // happen when pending cross-site navigation is canceled by a second one just
567 // before OnNavigate while current RVH is waiting for commit but second
568 // navigation is started from the beginning.
569 if (!render_view_host_->is_waiting_for_beforeunload_ack_) {
570 return;
571 }
572
573 render_view_host_->is_waiting_for_beforeunload_ack_ = false;
574
575 base::TimeTicks before_unload_end_time;
576 if (!send_before_unload_start_time_.is_null() &&
577 !renderer_before_unload_start_time.is_null() &&
578 !renderer_before_unload_end_time.is_null()) {
579 // When passing TimeTicks across process boundaries, we need to compensate
580 // for any skew between the processes. Here we are converting the
581 // renderer's notion of before_unload_end_time to TimeTicks in the browser
582 // process. See comments in inter_process_time_ticks_converter.h for more.
583 InterProcessTimeTicksConverter converter(
584 LocalTimeTicks::FromTimeTicks(send_before_unload_start_time_),
585 LocalTimeTicks::FromTimeTicks(base::TimeTicks::Now()),
586 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_start_time),
587 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
588 LocalTimeTicks browser_before_unload_end_time =
589 converter.ToLocalTimeTicks(
590 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
591 before_unload_end_time = browser_before_unload_end_time.ToTimeTicks();
592 }
593 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
594 render_view_host_->unload_ack_is_for_cross_site_transition_, proceed,
595 before_unload_end_time);
596
597 // If canceled, notify the delegate to cancel its pending navigation entry.
598 if (!proceed)
599 render_view_host_->GetDelegate()->DidCancelLoading();
600 }
601
OnSwapOutACK()602 void RenderFrameHostImpl::OnSwapOutACK() {
603 OnSwappedOut(false);
604 }
605
OnSwappedOut(bool timed_out)606 void RenderFrameHostImpl::OnSwappedOut(bool timed_out) {
607 // For now, we only need to update the RVH state machine for top-level swaps.
608 // Subframe swaps (in --site-per-process) can just continue via RFHM.
609 if (!GetParent())
610 render_view_host_->OnSwappedOut(timed_out);
611 else
612 frame_tree_node_->render_manager()->SwappedOut(this);
613 }
614
OnContextMenu(const ContextMenuParams & params)615 void RenderFrameHostImpl::OnContextMenu(const ContextMenuParams& params) {
616 // Validate the URLs in |params|. If the renderer can't request the URLs
617 // directly, don't show them in the context menu.
618 ContextMenuParams validated_params(params);
619 RenderProcessHost* process = GetProcess();
620
621 // We don't validate |unfiltered_link_url| so that this field can be used
622 // when users want to copy the original link URL.
623 process->FilterURL(true, &validated_params.link_url);
624 process->FilterURL(true, &validated_params.src_url);
625 process->FilterURL(false, &validated_params.page_url);
626 process->FilterURL(true, &validated_params.frame_url);
627
628 delegate_->ShowContextMenu(this, validated_params);
629 }
630
OnJavaScriptExecuteResponse(int id,const base::ListValue & result)631 void RenderFrameHostImpl::OnJavaScriptExecuteResponse(
632 int id, const base::ListValue& result) {
633 const base::Value* result_value;
634 if (!result.Get(0, &result_value)) {
635 // Programming error or rogue renderer.
636 NOTREACHED() << "Got bad arguments for OnJavaScriptExecuteResponse";
637 return;
638 }
639
640 std::map<int, JavaScriptResultCallback>::iterator it =
641 javascript_callbacks_.find(id);
642 if (it != javascript_callbacks_.end()) {
643 it->second.Run(result_value);
644 javascript_callbacks_.erase(it);
645 } else {
646 NOTREACHED() << "Received script response for unknown request";
647 }
648 }
649
OnRunJavaScriptMessage(const base::string16 & message,const base::string16 & default_prompt,const GURL & frame_url,JavaScriptMessageType type,IPC::Message * reply_msg)650 void RenderFrameHostImpl::OnRunJavaScriptMessage(
651 const base::string16& message,
652 const base::string16& default_prompt,
653 const GURL& frame_url,
654 JavaScriptMessageType type,
655 IPC::Message* reply_msg) {
656 // While a JS message dialog is showing, tabs in the same process shouldn't
657 // process input events.
658 GetProcess()->SetIgnoreInputEvents(true);
659 render_view_host_->StopHangMonitorTimeout();
660 delegate_->RunJavaScriptMessage(this, message, default_prompt,
661 frame_url, type, reply_msg);
662 }
663
OnRunBeforeUnloadConfirm(const GURL & frame_url,const base::string16 & message,bool is_reload,IPC::Message * reply_msg)664 void RenderFrameHostImpl::OnRunBeforeUnloadConfirm(
665 const GURL& frame_url,
666 const base::string16& message,
667 bool is_reload,
668 IPC::Message* reply_msg) {
669 // While a JS before unload dialog is showing, tabs in the same process
670 // shouldn't process input events.
671 GetProcess()->SetIgnoreInputEvents(true);
672 render_view_host_->StopHangMonitorTimeout();
673 delegate_->RunBeforeUnloadConfirm(this, message, is_reload, reply_msg);
674 }
675
OnRequestDesktopNotificationPermission(const GURL & source_origin,int callback_context)676 void RenderFrameHostImpl::OnRequestDesktopNotificationPermission(
677 const GURL& source_origin, int callback_context) {
678 base::Closure done_callback = base::Bind(
679 &RenderFrameHostImpl::DesktopNotificationPermissionRequestDone,
680 weak_ptr_factory_.GetWeakPtr(), callback_context);
681 GetContentClient()->browser()->RequestDesktopNotificationPermission(
682 source_origin, this, done_callback);
683 }
684
OnShowDesktopNotification(int notification_id,const ShowDesktopNotificationHostMsgParams & params)685 void RenderFrameHostImpl::OnShowDesktopNotification(
686 int notification_id,
687 const ShowDesktopNotificationHostMsgParams& params) {
688 base::Closure cancel_callback;
689 GetContentClient()->browser()->ShowDesktopNotification(
690 params, this,
691 new DesktopNotificationDelegateImpl(this, notification_id),
692 &cancel_callback);
693 cancel_notification_callbacks_[notification_id] = cancel_callback;
694 }
695
OnCancelDesktopNotification(int notification_id)696 void RenderFrameHostImpl::OnCancelDesktopNotification(int notification_id) {
697 if (!cancel_notification_callbacks_.count(notification_id)) {
698 NOTREACHED();
699 return;
700 }
701 cancel_notification_callbacks_[notification_id].Run();
702 cancel_notification_callbacks_.erase(notification_id);
703 }
704
OnTextSurroundingSelectionResponse(const base::string16 & content,size_t start_offset,size_t end_offset)705 void RenderFrameHostImpl::OnTextSurroundingSelectionResponse(
706 const base::string16& content,
707 size_t start_offset,
708 size_t end_offset) {
709 render_view_host_->OnTextSurroundingSelectionResponse(
710 content, start_offset, end_offset);
711 }
712
OnDidAccessInitialDocument()713 void RenderFrameHostImpl::OnDidAccessInitialDocument() {
714 delegate_->DidAccessInitialDocument();
715 }
716
OnDidDisownOpener()717 void RenderFrameHostImpl::OnDidDisownOpener() {
718 // This message is only sent for top-level frames. TODO(avi): when frame tree
719 // mirroring works correctly, add a check here to enforce it.
720 delegate_->DidDisownOpener(this);
721 }
722
OnUpdateTitle(int32 page_id,const base::string16 & title,blink::WebTextDirection title_direction)723 void RenderFrameHostImpl::OnUpdateTitle(
724 int32 page_id,
725 const base::string16& title,
726 blink::WebTextDirection title_direction) {
727 // This message is only sent for top-level frames. TODO(avi): when frame tree
728 // mirroring works correctly, add a check here to enforce it.
729 if (title.length() > kMaxTitleChars) {
730 NOTREACHED() << "Renderer sent too many characters in title.";
731 return;
732 }
733
734 delegate_->UpdateTitle(this, page_id, title,
735 WebTextDirectionToChromeTextDirection(
736 title_direction));
737 }
738
OnUpdateEncoding(const std::string & encoding_name)739 void RenderFrameHostImpl::OnUpdateEncoding(const std::string& encoding_name) {
740 // This message is only sent for top-level frames. TODO(avi): when frame tree
741 // mirroring works correctly, add a check here to enforce it.
742 delegate_->UpdateEncoding(this, encoding_name);
743 }
744
SetPendingShutdown(const base::Closure & on_swap_out)745 void RenderFrameHostImpl::SetPendingShutdown(const base::Closure& on_swap_out) {
746 render_view_host_->SetPendingShutdown(on_swap_out);
747 }
748
CanCommitURL(const GURL & url)749 bool RenderFrameHostImpl::CanCommitURL(const GURL& url) {
750 // TODO(creis): We should also check for WebUI pages here. Also, when the
751 // out-of-process iframes implementation is ready, we should check for
752 // cross-site URLs that are not allowed to commit in this process.
753
754 // Give the client a chance to disallow URLs from committing.
755 return GetContentClient()->browser()->CanCommitURL(GetProcess(), url);
756 }
757
Navigate(const FrameMsg_Navigate_Params & params)758 void RenderFrameHostImpl::Navigate(const FrameMsg_Navigate_Params& params) {
759 TRACE_EVENT0("frame_host", "RenderFrameHostImpl::Navigate");
760 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
761 // so do not grant them the ability to request additional URLs.
762 if (!GetProcess()->IsIsolatedGuest()) {
763 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
764 GetProcess()->GetID(), params.url);
765 if (params.url.SchemeIs(url::kDataScheme) &&
766 params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
767 // If 'data:' is used, and we have a 'file:' base url, grant access to
768 // local files.
769 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
770 GetProcess()->GetID(), params.base_url_for_data_url);
771 }
772 }
773
774 // Only send the message if we aren't suspended at the start of a cross-site
775 // request.
776 if (render_view_host_->navigations_suspended_) {
777 // Shouldn't be possible to have a second navigation while suspended, since
778 // navigations will only be suspended during a cross-site request. If a
779 // second navigation occurs, RenderFrameHostManager will cancel this pending
780 // RFH and create a new pending RFH.
781 DCHECK(!render_view_host_->suspended_nav_params_.get());
782 render_view_host_->suspended_nav_params_.reset(
783 new FrameMsg_Navigate_Params(params));
784 } else {
785 // Get back to a clean state, in case we start a new navigation without
786 // completing a RVH swap or unload handler.
787 render_view_host_->SetState(RenderViewHostImpl::STATE_DEFAULT);
788
789 Send(new FrameMsg_Navigate(routing_id_, params));
790 }
791
792 // Force the throbber to start. We do this because Blink's "started
793 // loading" message will be received asynchronously from the UI of the
794 // browser. But we want to keep the throbber in sync with what's happening
795 // in the UI. For example, we want to start throbbing immediately when the
796 // user naivgates even if the renderer is delayed. There is also an issue
797 // with the throbber starting because the WebUI (which controls whether the
798 // favicon is displayed) happens synchronously. If the start loading
799 // messages was asynchronous, then the default favicon would flash in.
800 //
801 // Blink doesn't send throb notifications for JavaScript URLs, so we
802 // don't want to either.
803 if (!params.url.SchemeIs(url::kJavaScriptScheme))
804 delegate_->DidStartLoading(this, true);
805 }
806
NavigateToURL(const GURL & url)807 void RenderFrameHostImpl::NavigateToURL(const GURL& url) {
808 FrameMsg_Navigate_Params params;
809 params.page_id = -1;
810 params.pending_history_list_offset = -1;
811 params.current_history_list_offset = -1;
812 params.current_history_list_length = 0;
813 params.url = url;
814 params.transition = PAGE_TRANSITION_LINK;
815 params.navigation_type = FrameMsg_Navigate_Type::NORMAL;
816 Navigate(params);
817 }
818
DispatchBeforeUnload(bool for_cross_site_transition)819 void RenderFrameHostImpl::DispatchBeforeUnload(bool for_cross_site_transition) {
820 // TODO(creis): Support subframes.
821 if (!render_view_host_->IsRenderViewLive() || GetParent()) {
822 // We don't have a live renderer, so just skip running beforeunload.
823 render_view_host_->is_waiting_for_beforeunload_ack_ = true;
824 render_view_host_->unload_ack_is_for_cross_site_transition_ =
825 for_cross_site_transition;
826 base::TimeTicks now = base::TimeTicks::Now();
827 OnBeforeUnloadACK(true, now, now);
828 return;
829 }
830
831 // This may be called more than once (if the user clicks the tab close button
832 // several times, or if she clicks the tab close button then the browser close
833 // button), and we only send the message once.
834 if (render_view_host_->is_waiting_for_beforeunload_ack_) {
835 // Some of our close messages could be for the tab, others for cross-site
836 // transitions. We always want to think it's for closing the tab if any
837 // of the messages were, since otherwise it might be impossible to close
838 // (if there was a cross-site "close" request pending when the user clicked
839 // the close button). We want to keep the "for cross site" flag only if
840 // both the old and the new ones are also for cross site.
841 render_view_host_->unload_ack_is_for_cross_site_transition_ =
842 render_view_host_->unload_ack_is_for_cross_site_transition_ &&
843 for_cross_site_transition;
844 } else {
845 // Start the hang monitor in case the renderer hangs in the beforeunload
846 // handler.
847 render_view_host_->is_waiting_for_beforeunload_ack_ = true;
848 render_view_host_->unload_ack_is_for_cross_site_transition_ =
849 for_cross_site_transition;
850 // Increment the in-flight event count, to ensure that input events won't
851 // cancel the timeout timer.
852 render_view_host_->increment_in_flight_event_count();
853 render_view_host_->StartHangMonitorTimeout(
854 TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
855 send_before_unload_start_time_ = base::TimeTicks::Now();
856 Send(new FrameMsg_BeforeUnload(routing_id_));
857 }
858 }
859
ExtendSelectionAndDelete(size_t before,size_t after)860 void RenderFrameHostImpl::ExtendSelectionAndDelete(size_t before,
861 size_t after) {
862 Send(new FrameMsg_ExtendSelectionAndDelete(routing_id_, before, after));
863 }
864
JavaScriptDialogClosed(IPC::Message * reply_msg,bool success,const base::string16 & user_input,bool dialog_was_suppressed)865 void RenderFrameHostImpl::JavaScriptDialogClosed(
866 IPC::Message* reply_msg,
867 bool success,
868 const base::string16& user_input,
869 bool dialog_was_suppressed) {
870 GetProcess()->SetIgnoreInputEvents(false);
871 bool is_waiting = render_view_host_->is_waiting_for_beforeunload_ack() ||
872 render_view_host_->IsWaitingForUnloadACK();
873
874 // If we are executing as part of (before)unload event handling, we don't
875 // want to use the regular hung_renderer_delay_ms_ if the user has agreed to
876 // leave the current page. In this case, use the regular timeout value used
877 // during the (before)unload handling.
878 if (is_waiting) {
879 render_view_host_->StartHangMonitorTimeout(TimeDelta::FromMilliseconds(
880 success ? RenderViewHostImpl::kUnloadTimeoutMS
881 : render_view_host_->hung_renderer_delay_ms_));
882 }
883
884 FrameHostMsg_RunJavaScriptMessage::WriteReplyParams(reply_msg,
885 success, user_input);
886 Send(reply_msg);
887
888 // If we are waiting for an unload or beforeunload ack and the user has
889 // suppressed messages, kill the tab immediately; a page that's spamming
890 // alerts in onbeforeunload is presumably malicious, so there's no point in
891 // continuing to run its script and dragging out the process.
892 // This must be done after sending the reply since RenderView can't close
893 // correctly while waiting for a response.
894 if (is_waiting && dialog_was_suppressed)
895 render_view_host_->delegate_->RendererUnresponsive(
896 render_view_host_,
897 render_view_host_->is_waiting_for_beforeunload_ack(),
898 render_view_host_->IsWaitingForUnloadACK());
899 }
900
NotificationClosed(int notification_id)901 void RenderFrameHostImpl::NotificationClosed(int notification_id) {
902 cancel_notification_callbacks_.erase(notification_id);
903 }
904
DesktopNotificationPermissionRequestDone(int callback_context)905 void RenderFrameHostImpl::DesktopNotificationPermissionRequestDone(
906 int callback_context) {
907 Send(new DesktopNotificationMsg_PermissionRequestDone(
908 routing_id_, callback_context));
909 }
910
911 } // namespace content
912