1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/renderer/chrome_content_renderer_client.h"
6
7 #include "base/command_line.h"
8 #include "base/debug/crash_logging.h"
9 #include "base/logging.h"
10 #include "base/metrics/field_trial.h"
11 #include "base/metrics/histogram.h"
12 #include "base/metrics/user_metrics_action.h"
13 #include "base/path_service.h"
14 #include "base/strings/string_number_conversions.h"
15 #include "base/strings/string_util.h"
16 #include "base/strings/utf_string_conversions.h"
17 #include "base/values.h"
18 #include "chrome/common/chrome_content_client.h"
19 #include "chrome/common/chrome_paths.h"
20 #include "chrome/common/chrome_switches.h"
21 #include "chrome/common/content_settings_pattern.h"
22 #include "chrome/common/crash_keys.h"
23 #include "chrome/common/extensions/chrome_extensions_client.h"
24 #include "chrome/common/extensions/extension_constants.h"
25 #include "chrome/common/extensions/extension_process_policy.h"
26 #include "chrome/common/localized_error.h"
27 #include "chrome/common/pepper_permission_util.h"
28 #include "chrome/common/render_messages.h"
29 #include "chrome/common/url_constants.h"
30 #include "chrome/renderer/benchmarking_extension.h"
31 #include "chrome/renderer/chrome_render_frame_observer.h"
32 #include "chrome/renderer/chrome_render_process_observer.h"
33 #include "chrome/renderer/chrome_render_view_observer.h"
34 #include "chrome/renderer/content_settings_observer.h"
35 #include "chrome/renderer/extensions/chrome_extension_helper.h"
36 #include "chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h"
37 #include "chrome/renderer/extensions/chrome_extensions_renderer_client.h"
38 #include "chrome/renderer/extensions/extension_frame_helper.h"
39 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
40 #include "chrome/renderer/extensions/resource_request_policy.h"
41 #include "chrome/renderer/external_extension.h"
42 #include "chrome/renderer/loadtimes_extension_bindings.h"
43 #include "chrome/renderer/media/cast_ipc_dispatcher.h"
44 #include "chrome/renderer/media/chrome_key_systems.h"
45 #include "chrome/renderer/net/net_error_helper.h"
46 #include "chrome/renderer/net/prescient_networking_dispatcher.h"
47 #include "chrome/renderer/net/renderer_net_predictor.h"
48 #include "chrome/renderer/net_benchmarking_extension.h"
49 #include "chrome/renderer/page_load_histograms.h"
50 #include "chrome/renderer/pepper/pepper_helper.h"
51 #include "chrome/renderer/pepper/ppb_pdf_impl.h"
52 #include "chrome/renderer/playback_extension.h"
53 #include "chrome/renderer/plugins/chrome_plugin_placeholder.h"
54 #include "chrome/renderer/plugins/plugin_uma.h"
55 #include "chrome/renderer/prefetch_helper.h"
56 #include "chrome/renderer/prerender/prerender_dispatcher.h"
57 #include "chrome/renderer/prerender/prerender_helper.h"
58 #include "chrome/renderer/prerender/prerender_media_load_deferrer.h"
59 #include "chrome/renderer/prerender/prerenderer_client.h"
60 #include "chrome/renderer/principals_extension_bindings.h"
61 #include "chrome/renderer/printing/print_web_view_helper.h"
62 #include "chrome/renderer/safe_browsing/malware_dom_details.h"
63 #include "chrome/renderer/safe_browsing/phishing_classifier_delegate.h"
64 #include "chrome/renderer/searchbox/search_bouncer.h"
65 #include "chrome/renderer/searchbox/searchbox.h"
66 #include "chrome/renderer/searchbox/searchbox_extension.h"
67 #include "chrome/renderer/tts_dispatcher.h"
68 #include "chrome/renderer/worker_permission_client_proxy.h"
69 #include "components/autofill/content/renderer/autofill_agent.h"
70 #include "components/autofill/content/renderer/password_autofill_agent.h"
71 #include "components/autofill/content/renderer/password_generation_agent.h"
72 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
73 #include "components/plugins/renderer/mobile_youtube_plugin.h"
74 #include "components/signin/core/common/profile_management_switches.h"
75 #include "components/visitedlink/renderer/visitedlink_slave.h"
76 #include "content/public/common/content_constants.h"
77 #include "content/public/renderer/render_frame.h"
78 #include "content/public/renderer/render_thread.h"
79 #include "content/public/renderer/render_view.h"
80 #include "content/public/renderer/render_view_visitor.h"
81 #include "extensions/common/constants.h"
82 #include "extensions/common/extension.h"
83 #include "extensions/common/extension_set.h"
84 #include "extensions/common/extension_urls.h"
85 #include "extensions/common/switches.h"
86 #include "extensions/renderer/dispatcher.h"
87 #include "extensions/renderer/extension_helper.h"
88 #include "extensions/renderer/script_context.h"
89 #include "grit/generated_resources.h"
90 #include "grit/locale_settings.h"
91 #include "grit/renderer_resources.h"
92 #include "ipc/ipc_sync_channel.h"
93 #include "net/base/net_errors.h"
94 #include "ppapi/c/private/ppb_nacl_private.h"
95 #include "ppapi/c/private/ppb_pdf.h"
96 #include "ppapi/shared_impl/ppapi_switches.h"
97 #include "third_party/WebKit/public/platform/WebURL.h"
98 #include "third_party/WebKit/public/platform/WebURLError.h"
99 #include "third_party/WebKit/public/platform/WebURLRequest.h"
100 #include "third_party/WebKit/public/web/WebCache.h"
101 #include "third_party/WebKit/public/web/WebDataSource.h"
102 #include "third_party/WebKit/public/web/WebDocument.h"
103 #include "third_party/WebKit/public/web/WebElement.h"
104 #include "third_party/WebKit/public/web/WebLocalFrame.h"
105 #include "third_party/WebKit/public/web/WebPluginContainer.h"
106 #include "third_party/WebKit/public/web/WebPluginParams.h"
107 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
108 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
109 #include "ui/base/l10n/l10n_util.h"
110 #include "ui/base/layout.h"
111 #include "ui/base/resource/resource_bundle.h"
112 #include "ui/base/webui/jstemplate_builder.h"
113 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
114
115 #if !defined(DISABLE_NACL)
116 #include "components/nacl/renderer/nacl_helper.h"
117 #endif
118
119 #if defined(ENABLE_EXTENSIONS)
120 #include "chrome/renderer/extensions/chrome_extensions_render_frame_observer.h"
121 #endif
122
123 #if defined(ENABLE_SPELLCHECK)
124 #include "chrome/renderer/spellchecker/spellcheck.h"
125 #include "chrome/renderer/spellchecker/spellcheck_provider.h"
126 #endif
127
128 #if defined(ENABLE_WEBRTC)
129 #include "chrome/renderer/media/webrtc_logging_message_filter.h"
130 #endif
131
132 #if defined(OS_WIN)
133 #include "chrome_elf/blacklist/blacklist.h"
134 #endif
135
136 using autofill::AutofillAgent;
137 using autofill::PasswordAutofillAgent;
138 using autofill::PasswordGenerationAgent;
139 using base::ASCIIToUTF16;
140 using base::UserMetricsAction;
141 using content::RenderThread;
142 using content::WebPluginInfo;
143 using extensions::Extension;
144 using blink::WebCache;
145 using blink::WebConsoleMessage;
146 using blink::WebDataSource;
147 using blink::WebDocument;
148 using blink::WebFrame;
149 using blink::WebLocalFrame;
150 using blink::WebPlugin;
151 using blink::WebPluginParams;
152 using blink::WebSecurityOrigin;
153 using blink::WebSecurityPolicy;
154 using blink::WebString;
155 using blink::WebURL;
156 using blink::WebURLError;
157 using blink::WebURLRequest;
158 using blink::WebURLResponse;
159 using blink::WebVector;
160
161 namespace {
162
163 ChromeContentRendererClient* g_current_client;
164
AppendParams(const std::vector<base::string16> & additional_names,const std::vector<base::string16> & additional_values,WebVector<WebString> * existing_names,WebVector<WebString> * existing_values)165 static void AppendParams(const std::vector<base::string16>& additional_names,
166 const std::vector<base::string16>& additional_values,
167 WebVector<WebString>* existing_names,
168 WebVector<WebString>* existing_values) {
169 DCHECK(additional_names.size() == additional_values.size());
170 DCHECK(existing_names->size() == existing_values->size());
171
172 size_t existing_size = existing_names->size();
173 size_t total_size = existing_size + additional_names.size();
174
175 WebVector<WebString> names(total_size);
176 WebVector<WebString> values(total_size);
177
178 for (size_t i = 0; i < existing_size; ++i) {
179 names[i] = (*existing_names)[i];
180 values[i] = (*existing_values)[i];
181 }
182
183 for (size_t i = 0; i < additional_names.size(); ++i) {
184 names[existing_size + i] = additional_names[i];
185 values[existing_size + i] = additional_values[i];
186 }
187
188 existing_names->swap(names);
189 existing_values->swap(values);
190 }
191
192 #if defined(ENABLE_SPELLCHECK)
193 class SpellCheckReplacer : public content::RenderViewVisitor {
194 public:
SpellCheckReplacer(SpellCheck * spellcheck)195 explicit SpellCheckReplacer(SpellCheck* spellcheck)
196 : spellcheck_(spellcheck) {}
197 virtual bool Visit(content::RenderView* render_view) OVERRIDE;
198
199 private:
200 SpellCheck* spellcheck_; // New shared spellcheck for all views. Weak Ptr.
201 DISALLOW_COPY_AND_ASSIGN(SpellCheckReplacer);
202 };
203
Visit(content::RenderView * render_view)204 bool SpellCheckReplacer::Visit(content::RenderView* render_view) {
205 SpellCheckProvider* provider = SpellCheckProvider::Get(render_view);
206 DCHECK(provider);
207 provider->set_spellcheck(spellcheck_);
208 return true;
209 }
210 #endif
211
212 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo & plugin)213 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
214 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
215 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
216 return false;
217 }
218
219 // Treat Native Client invocations like JavaScript.
220 if (plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName))
221 return true;
222
223 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
224 // Treat CDM invocations like JavaScript.
225 if (plugin.name == ASCIIToUTF16(kWidevineCdmDisplayName)) {
226 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
227 return true;
228 }
229 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
230
231 return false;
232 }
233
234 } // namespace
235
ChromeContentRendererClient()236 ChromeContentRendererClient::ChromeContentRendererClient() {
237 g_current_client = this;
238
239 extensions::ExtensionsClient::Set(
240 extensions::ChromeExtensionsClient::GetInstance());
241 extensions::ExtensionsRendererClient::Set(
242 ChromeExtensionsRendererClient::GetInstance());
243 }
244
~ChromeContentRendererClient()245 ChromeContentRendererClient::~ChromeContentRendererClient() {
246 g_current_client = NULL;
247 }
248
RenderThreadStarted()249 void ChromeContentRendererClient::RenderThreadStarted() {
250 RenderThread* thread = RenderThread::Get();
251
252 chrome_observer_.reset(new ChromeRenderProcessObserver(this));
253
254 extension_dispatcher_delegate_.reset(
255 new ChromeExtensionsDispatcherDelegate());
256 // ChromeRenderViewTest::SetUp() creates its own ExtensionDispatcher and
257 // injects it using SetExtensionDispatcher(). Don't overwrite it.
258 if (!extension_dispatcher_) {
259 extension_dispatcher_.reset(
260 new extensions::Dispatcher(extension_dispatcher_delegate_.get()));
261 }
262 permissions_policy_delegate_.reset(
263 new extensions::RendererPermissionsPolicyDelegate(
264 extension_dispatcher_.get()));
265 prescient_networking_dispatcher_.reset(new PrescientNetworkingDispatcher());
266 net_predictor_.reset(new RendererNetPredictor());
267 #if defined(ENABLE_SPELLCHECK)
268 // ChromeRenderViewTest::SetUp() creates a Spellcheck and injects it using
269 // SetSpellcheck(). Don't overwrite it.
270 if (!spellcheck_) {
271 spellcheck_.reset(new SpellCheck());
272 thread->AddObserver(spellcheck_.get());
273 }
274 #endif
275 visited_link_slave_.reset(new visitedlink::VisitedLinkSlave());
276 #if defined(FULL_SAFE_BROWSING)
277 phishing_classifier_.reset(safe_browsing::PhishingClassifierFilter::Create());
278 #endif
279 prerender_dispatcher_.reset(new prerender::PrerenderDispatcher());
280 #if defined(ENABLE_WEBRTC)
281 webrtc_logging_message_filter_ = new WebRtcLoggingMessageFilter(
282 content::RenderThread::Get()->GetIOMessageLoopProxy());
283 #endif
284 search_bouncer_.reset(new SearchBouncer());
285
286 thread->AddObserver(chrome_observer_.get());
287 thread->AddObserver(extension_dispatcher_.get());
288 #if defined(FULL_SAFE_BROWSING)
289 thread->AddObserver(phishing_classifier_.get());
290 #endif
291 thread->AddObserver(visited_link_slave_.get());
292 thread->AddObserver(prerender_dispatcher_.get());
293 thread->AddObserver(search_bouncer_.get());
294
295 #if defined(ENABLE_WEBRTC)
296 thread->AddFilter(webrtc_logging_message_filter_.get());
297 #endif
298 thread->AddFilter(new CastIPCDispatcher(
299 content::RenderThread::Get()->GetIOMessageLoopProxy()));
300
301 thread->RegisterExtension(extensions_v8::ExternalExtension::Get());
302 thread->RegisterExtension(extensions_v8::LoadTimesExtension::Get());
303
304 CommandLine* command_line = CommandLine::ForCurrentProcess();
305 if (command_line->HasSwitch(switches::kEnableBenchmarking))
306 thread->RegisterExtension(extensions_v8::BenchmarkingExtension::Get());
307 if (command_line->HasSwitch(switches::kEnableNetBenchmarking))
308 thread->RegisterExtension(extensions_v8::NetBenchmarkingExtension::Get());
309 if (command_line->HasSwitch(switches::kInstantProcess))
310 thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
311
312 if (command_line->HasSwitch(switches::kPlaybackMode) ||
313 command_line->HasSwitch(switches::kRecordMode)) {
314 thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
315 }
316
317 // TODO(guohui): needs to forward the new-profile-management switch to
318 // renderer processes.
319 if (switches::IsNewProfileManagement())
320 thread->RegisterExtension(extensions_v8::PrincipalsExtension::Get());
321
322 // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
323 // should not be accessible by normal content, and should also be unable to
324 // script anything but themselves (to help limit the damage that a corrupt
325 // page could cause).
326 WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
327 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
328
329 WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
330 // The Instant process can only display the content but not read it. Other
331 // processes can't display it or read it.
332 if (!command_line->HasSwitch(switches::kInstantProcess))
333 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
334
335 WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
336 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
337
338 WebString dom_distiller_scheme(ASCIIToUTF16(chrome::kDomDistillerScheme));
339 // TODO(nyquist): Add test to ensure this happens when the flag is set.
340 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dom_distiller_scheme);
341
342 #if defined(OS_CHROMEOS)
343 WebString drive_scheme(ASCIIToUTF16(chrome::kDriveScheme));
344 WebSecurityPolicy::registerURLSchemeAsLocal(drive_scheme);
345 #endif
346
347 // chrome: and chrome-search: pages should not be accessible by bookmarklets
348 // or javascript: URLs typed in the omnibox.
349 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
350 chrome_ui_scheme);
351 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
352 chrome_search_scheme);
353
354 // chrome:, chrome-search:, and chrome-extension: resources shouldn't trigger
355 // insecure content warnings.
356 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
357 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
358
359 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
360 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
361
362 // chrome-extension: resources should be allowed to receive CORS requests.
363 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
364
365 WebString extension_resource_scheme(
366 ASCIIToUTF16(extensions::kExtensionResourceScheme));
367 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
368
369 // chrome-extension-resource: resources should be allowed to receive CORS
370 // requests.
371 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
372
373 // chrome-extension: resources should bypass Content Security Policy checks
374 // when included in protected resources.
375 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
376 extension_scheme);
377 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
378 extension_resource_scheme);
379
380 #if defined(OS_WIN)
381 // Report if the renderer process has been patched by chrome_elf.
382 // TODO(csharp): Remove once the renderer is no longer getting
383 // patched this way.
384 if (blacklist::IsBlacklistInitialized())
385 UMA_HISTOGRAM_BOOLEAN("Blacklist.PatchedInRenderer", true);
386 #endif
387 }
388
RenderFrameCreated(content::RenderFrame * render_frame)389 void ChromeContentRendererClient::RenderFrameCreated(
390 content::RenderFrame* render_frame) {
391 new ChromeRenderFrameObserver(render_frame);
392
393 ContentSettingsObserver* content_settings =
394 new ContentSettingsObserver(render_frame, extension_dispatcher_.get());
395 if (chrome_observer_.get()) {
396 content_settings->SetContentSettingRules(
397 chrome_observer_->content_setting_rules());
398 }
399
400 #if defined(ENABLE_EXTENSIONS)
401 new extensions::ChromeExtensionsRenderFrameObserver(render_frame);
402 #endif
403 new extensions::ExtensionFrameHelper(render_frame,
404 extension_dispatcher_.get());
405
406 #if defined(ENABLE_PLUGINS)
407 new PepperHelper(render_frame);
408 #endif
409
410 #if !defined(DISABLE_NACL)
411 new nacl::NaClHelper(render_frame);
412 #endif
413
414 // TODO(jam): when the frame tree moves into content and parent() works at
415 // RenderFrame construction, simplify this by just checking parent().
416 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) {
417 // Avoid any race conditions from having the browser tell subframes that
418 // they're prerendering.
419 if (prerender::PrerenderHelper::IsPrerendering(
420 render_frame->GetRenderView()->GetMainRenderFrame())) {
421 new prerender::PrerenderHelper(render_frame);
422 }
423 }
424
425 if (render_frame->GetRenderView()->GetMainRenderFrame() == render_frame) {
426 // Only attach NetErrorHelper to the main frame, since only the main frame
427 // should get error pages.
428 // PrefetchHelper is also needed only for main frames.
429 new NetErrorHelper(render_frame);
430 new prefetch::PrefetchHelper(render_frame);
431 }
432 }
433
RenderViewCreated(content::RenderView * render_view)434 void ChromeContentRendererClient::RenderViewCreated(
435 content::RenderView* render_view) {
436 new extensions::ExtensionHelper(render_view, extension_dispatcher_.get());
437 new extensions::ChromeExtensionHelper(render_view);
438 new PageLoadHistograms(render_view);
439 #if defined(ENABLE_PRINTING)
440 new printing::PrintWebViewHelper(render_view);
441 #endif
442 #if defined(ENABLE_SPELLCHECK)
443 new SpellCheckProvider(render_view, spellcheck_.get());
444 #endif
445 new prerender::PrerendererClient(render_view);
446 #if defined(FULL_SAFE_BROWSING)
447 safe_browsing::MalwareDOMDetails::Create(render_view);
448 #endif
449
450 PasswordGenerationAgent* password_generation_agent =
451 new PasswordGenerationAgent(render_view);
452 PasswordAutofillAgent* password_autofill_agent =
453 new PasswordAutofillAgent(render_view);
454 new AutofillAgent(render_view,
455 password_autofill_agent,
456 password_generation_agent);
457
458 CommandLine* command_line = CommandLine::ForCurrentProcess();
459 if (command_line->HasSwitch(switches::kInstantProcess))
460 new SearchBox(render_view);
461
462 new ChromeRenderViewObserver(render_view, chrome_observer_.get());
463 }
464
SetNumberOfViews(int number_of_views)465 void ChromeContentRendererClient::SetNumberOfViews(int number_of_views) {
466 base::debug::SetCrashKeyValue(crash_keys::kNumberOfViews,
467 base::IntToString(number_of_views));
468 }
469
GetSadPluginBitmap()470 SkBitmap* ChromeContentRendererClient::GetSadPluginBitmap() {
471 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
472 GetImageNamed(IDR_SAD_PLUGIN).ToSkBitmap());
473 }
474
GetSadWebViewBitmap()475 SkBitmap* ChromeContentRendererClient::GetSadWebViewBitmap() {
476 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
477 GetImageNamed(IDR_SAD_WEBVIEW).ToSkBitmap());
478 }
479
GetDefaultEncoding()480 std::string ChromeContentRendererClient::GetDefaultEncoding() {
481 return l10n_util::GetStringUTF8(IDS_DEFAULT_ENCODING);
482 }
483
GetExtensionByOrigin(const WebSecurityOrigin & origin) const484 const Extension* ChromeContentRendererClient::GetExtensionByOrigin(
485 const WebSecurityOrigin& origin) const {
486 if (!EqualsASCII(origin.protocol(), extensions::kExtensionScheme))
487 return NULL;
488
489 const std::string extension_id = origin.host().utf8().data();
490 return extension_dispatcher_->extensions()->GetByID(extension_id);
491 }
492
OverrideCreatePlugin(content::RenderFrame * render_frame,WebLocalFrame * frame,const WebPluginParams & params,WebPlugin ** plugin)493 bool ChromeContentRendererClient::OverrideCreatePlugin(
494 content::RenderFrame* render_frame,
495 WebLocalFrame* frame,
496 const WebPluginParams& params,
497 WebPlugin** plugin) {
498 std::string orig_mime_type = params.mimeType.utf8();
499 if (orig_mime_type == content::kBrowserPluginMimeType) {
500 WebDocument document = frame->document();
501 const Extension* extension =
502 GetExtensionByOrigin(document.securityOrigin());
503 if (extension) {
504 const extensions::APIPermission::ID perms[] = {
505 extensions::APIPermission::kWebView,
506 };
507 for (size_t i = 0; i < arraysize(perms); ++i) {
508 if (extension->permissions_data()->HasAPIPermission(perms[i]))
509 return false;
510 }
511 }
512 }
513
514 ChromeViewHostMsg_GetPluginInfo_Output output;
515 #if defined(ENABLE_PLUGINS)
516 render_frame->Send(new ChromeViewHostMsg_GetPluginInfo(
517 render_frame->GetRoutingID(), GURL(params.url),
518 frame->top()->document().url(), orig_mime_type, &output));
519
520 if (output.plugin.type == content::WebPluginInfo::PLUGIN_TYPE_BROWSER_PLUGIN)
521 return false;
522 #else
523 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
524 #endif
525 *plugin = CreatePlugin(render_frame, frame, params, output);
526 return true;
527 }
528
CreatePluginReplacement(content::RenderFrame * render_frame,const base::FilePath & plugin_path)529 WebPlugin* ChromeContentRendererClient::CreatePluginReplacement(
530 content::RenderFrame* render_frame,
531 const base::FilePath& plugin_path) {
532 ChromePluginPlaceholder* placeholder =
533 ChromePluginPlaceholder::CreateErrorPlugin(render_frame, plugin_path);
534 return placeholder->plugin();
535 }
536
DeferMediaLoad(content::RenderFrame * render_frame,const base::Closure & closure)537 void ChromeContentRendererClient::DeferMediaLoad(
538 content::RenderFrame* render_frame,
539 const base::Closure& closure) {
540 #if defined(OS_ANDROID)
541 // Chromium for Android doesn't support prerender yet.
542 closure.Run();
543 return;
544 #else
545 if (!prerender::PrerenderHelper::IsPrerendering(render_frame)) {
546 closure.Run();
547 return;
548 }
549
550 // Lifetime is tied to |render_frame| via content::RenderFrameObserver.
551 new prerender::PrerenderMediaLoadDeferrer(render_frame, closure);
552 #endif
553 }
554
CreatePlugin(content::RenderFrame * render_frame,WebLocalFrame * frame,const WebPluginParams & original_params,const ChromeViewHostMsg_GetPluginInfo_Output & output)555 WebPlugin* ChromeContentRendererClient::CreatePlugin(
556 content::RenderFrame* render_frame,
557 WebLocalFrame* frame,
558 const WebPluginParams& original_params,
559 const ChromeViewHostMsg_GetPluginInfo_Output& output) {
560 const ChromeViewHostMsg_GetPluginInfo_Status& status = output.status;
561 const WebPluginInfo& plugin = output.plugin;
562 const std::string& actual_mime_type = output.actual_mime_type;
563 const base::string16& group_name = output.group_name;
564 const std::string& identifier = output.group_identifier;
565 ChromeViewHostMsg_GetPluginInfo_Status::Value status_value = status.value;
566 GURL url(original_params.url);
567 std::string orig_mime_type = original_params.mimeType.utf8();
568 ChromePluginPlaceholder* placeholder = NULL;
569
570 // If the browser plugin is to be enabled, this should be handled by the
571 // renderer, so the code won't reach here due to the early exit in
572 // OverrideCreatePlugin.
573 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound ||
574 orig_mime_type == content::kBrowserPluginMimeType) {
575 #if defined(OS_ANDROID)
576 if (plugins::MobileYouTubePlugin::IsYouTubeURL(url, orig_mime_type)) {
577 base::StringPiece template_html(
578 ResourceBundle::GetSharedInstance().GetRawDataResource(
579 IDR_MOBILE_YOUTUBE_PLUGIN_HTML));
580 return (new plugins::MobileYouTubePlugin(
581 render_frame,
582 frame,
583 original_params,
584 template_html,
585 GURL(ChromePluginPlaceholder::kPluginPlaceholderDataURL)))
586 ->plugin();
587 }
588 #endif
589 PluginUMAReporter::GetInstance()->ReportPluginMissing(orig_mime_type, url);
590 placeholder = ChromePluginPlaceholder::CreateMissingPlugin(
591 render_frame, frame, original_params);
592 } else {
593 // TODO(bauerb): This should be in content/.
594 WebPluginParams params(original_params);
595 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
596 if (plugin.mime_types[i].mime_type == actual_mime_type) {
597 AppendParams(plugin.mime_types[i].additional_param_names,
598 plugin.mime_types[i].additional_param_values,
599 ¶ms.attributeNames,
600 ¶ms.attributeValues);
601 break;
602 }
603 }
604 if (params.mimeType.isNull() && (actual_mime_type.size() > 0)) {
605 // Webkit might say that mime type is null while we already know the
606 // actual mime type via ChromeViewHostMsg_GetPluginInfo. In that case
607 // we should use what we know since WebpluginDelegateProxy does some
608 // specific initializations based on this information.
609 params.mimeType = WebString::fromUTF8(actual_mime_type.c_str());
610 }
611
612 ContentSettingsObserver* observer =
613 ContentSettingsObserver::Get(render_frame);
614
615 const ContentSettingsType content_type =
616 ShouldUseJavaScriptSettingForPlugin(plugin) ?
617 CONTENT_SETTINGS_TYPE_JAVASCRIPT :
618 CONTENT_SETTINGS_TYPE_PLUGINS;
619
620 if ((status_value ==
621 ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized ||
622 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay ||
623 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kBlocked) &&
624 observer->IsPluginTemporarilyAllowed(identifier)) {
625 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
626 }
627
628 // Allow full-page plug-ins for click-to-play.
629 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay &&
630 !frame->parent() &&
631 !frame->opener() &&
632 frame->document().isPluginDocument()) {
633 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
634 }
635
636 #if defined(OS_WIN)
637 // In Windows we need to check if we can load NPAPI plugins.
638 // For example, if the render view is in the Ash desktop, we should not.
639 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
640 plugin.type == content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
641 if (observer->AreNPAPIPluginsBlocked())
642 status_value =
643 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
644 }
645 #endif
646
647 switch (status_value) {
648 case ChromeViewHostMsg_GetPluginInfo_Status::kNotFound: {
649 NOTREACHED();
650 break;
651 }
652 case ChromeViewHostMsg_GetPluginInfo_Status::kAllowed: {
653 const bool is_nacl_plugin =
654 plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName);
655 const bool is_nacl_mime_type =
656 actual_mime_type == "application/x-nacl";
657 const bool is_pnacl_mime_type =
658 actual_mime_type == "application/x-pnacl";
659 if (is_nacl_plugin || is_nacl_mime_type || is_pnacl_mime_type) {
660 bool is_nacl_unrestricted = false;
661 if (is_nacl_mime_type) {
662 is_nacl_unrestricted =
663 CommandLine::ForCurrentProcess()->HasSwitch(
664 switches::kEnableNaCl);
665 } else if (is_pnacl_mime_type) {
666 is_nacl_unrestricted =
667 !CommandLine::ForCurrentProcess()->HasSwitch(
668 switches::kDisablePnacl);
669 }
670 GURL manifest_url;
671 GURL app_url;
672 if (is_nacl_mime_type || is_pnacl_mime_type) {
673 // Normal NaCl/PNaCl embed. The app URL is the page URL.
674 manifest_url = url;
675 app_url = frame->top()->document().url();
676 } else {
677 // NaCl is being invoked as a content handler. Look up the NaCl
678 // module using the MIME type. The app URL is the manifest URL.
679 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin);
680 app_url = manifest_url;
681 }
682 const Extension* extension =
683 g_current_client->extension_dispatcher_->extensions()->
684 GetExtensionOrAppByURL(manifest_url);
685 if (!IsNaClAllowed(manifest_url,
686 app_url,
687 is_nacl_unrestricted,
688 extension,
689 ¶ms)) {
690 WebString error_message;
691 if (is_nacl_mime_type) {
692 error_message =
693 "Only unpacked extensions and apps installed from the Chrome "
694 "Web Store can load NaCl modules without enabling Native "
695 "Client in about:flags.";
696 } else if (is_pnacl_mime_type) {
697 error_message =
698 "Portable Native Client must not be disabled in about:flags.";
699 }
700 frame->addMessageToConsole(
701 WebConsoleMessage(WebConsoleMessage::LevelError,
702 error_message));
703 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
704 render_frame,
705 frame,
706 params,
707 plugin,
708 identifier,
709 group_name,
710 IDR_BLOCKED_PLUGIN_HTML,
711 #if defined(OS_CHROMEOS)
712 l10n_util::GetStringUTF16(IDS_NACL_PLUGIN_BLOCKED));
713 #else
714 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
715 #endif
716 break;
717 }
718 }
719
720 // Delay loading plugins if prerendering.
721 // TODO(mmenke): In the case of prerendering, feed into
722 // ChromeContentRendererClient::CreatePlugin instead, to
723 // reduce the chance of future regressions.
724 if (prerender::PrerenderHelper::IsPrerendering(render_frame)) {
725 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
726 render_frame,
727 frame,
728 params,
729 plugin,
730 identifier,
731 group_name,
732 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
733 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
734 placeholder->set_blocked_for_prerendering(true);
735 placeholder->set_allow_loading(true);
736 break;
737 }
738
739 return render_frame->CreatePlugin(frame, plugin, params);
740 }
741 case ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported: {
742 RenderThread::Get()->RecordAction(
743 UserMetricsAction("Plugin_NPAPINotSupported"));
744 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
745 render_frame,
746 frame,
747 params,
748 plugin,
749 identifier,
750 group_name,
751 IDR_BLOCKED_PLUGIN_HTML,
752 l10n_util::GetStringUTF16(IDS_PLUGIN_NOT_SUPPORTED_METRO));
753 render_frame->Send(new ChromeViewHostMsg_NPAPINotSupported(
754 render_frame->GetRoutingID(), identifier));
755 break;
756 }
757 case ChromeViewHostMsg_GetPluginInfo_Status::kDisabled: {
758 PluginUMAReporter::GetInstance()->ReportPluginDisabled(orig_mime_type,
759 url);
760 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
761 render_frame,
762 frame,
763 params,
764 plugin,
765 identifier,
766 group_name,
767 IDR_DISABLED_PLUGIN_HTML,
768 l10n_util::GetStringFUTF16(IDS_PLUGIN_DISABLED, group_name));
769 break;
770 }
771 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked: {
772 #if defined(ENABLE_PLUGIN_INSTALLATION)
773 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
774 render_frame,
775 frame,
776 params,
777 plugin,
778 identifier,
779 group_name,
780 IDR_BLOCKED_PLUGIN_HTML,
781 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
782 placeholder->set_allow_loading(true);
783 render_frame->Send(new ChromeViewHostMsg_BlockedOutdatedPlugin(
784 render_frame->GetRoutingID(), placeholder->CreateRoutingId(),
785 identifier));
786 #else
787 NOTREACHED();
788 #endif
789 break;
790 }
791 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed: {
792 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
793 render_frame,
794 frame,
795 params,
796 plugin,
797 identifier,
798 group_name,
799 IDR_BLOCKED_PLUGIN_HTML,
800 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
801 break;
802 }
803 case ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized: {
804 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
805 render_frame,
806 frame,
807 params,
808 plugin,
809 identifier,
810 group_name,
811 IDR_BLOCKED_PLUGIN_HTML,
812 l10n_util::GetStringFUTF16(IDS_PLUGIN_NOT_AUTHORIZED, group_name));
813 placeholder->set_allow_loading(true);
814 // Check to see if old infobar should be displayed.
815 std::string trial_group =
816 base::FieldTrialList::FindFullName("UnauthorizedPluginInfoBar");
817 if (plugin.type != content::WebPluginInfo::PLUGIN_TYPE_NPAPI ||
818 trial_group == "Enabled") {
819 render_frame->Send(new ChromeViewHostMsg_BlockedUnauthorizedPlugin(
820 render_frame->GetRoutingID(),
821 group_name,
822 identifier));
823 } else {
824 // Send IPC for showing blocked plugins page action.
825 observer->DidBlockContentType(content_type);
826 }
827 break;
828 }
829 case ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay: {
830 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
831 render_frame,
832 frame,
833 params,
834 plugin,
835 identifier,
836 group_name,
837 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
838 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
839 placeholder->set_allow_loading(true);
840 RenderThread::Get()->RecordAction(
841 UserMetricsAction("Plugin_ClickToPlay"));
842 observer->DidBlockContentType(content_type);
843 break;
844 }
845 case ChromeViewHostMsg_GetPluginInfo_Status::kBlocked: {
846 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
847 render_frame,
848 frame,
849 params,
850 plugin,
851 identifier,
852 group_name,
853 IDR_BLOCKED_PLUGIN_HTML,
854 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
855 placeholder->set_allow_loading(true);
856 RenderThread::Get()->RecordAction(UserMetricsAction("Plugin_Blocked"));
857 observer->DidBlockContentType(content_type);
858 break;
859 }
860 case ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy: {
861 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
862 render_frame,
863 frame,
864 params,
865 plugin,
866 identifier,
867 group_name,
868 IDR_BLOCKED_PLUGIN_HTML,
869 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
870 placeholder->set_allow_loading(false);
871 RenderThread::Get()->RecordAction(
872 UserMetricsAction("Plugin_BlockedByPolicy"));
873 observer->DidBlockContentType(content_type);
874 break;
875 }
876 }
877 }
878 placeholder->SetStatus(status);
879 return placeholder->plugin();
880 }
881
882 // For NaCl content handling plugins, the NaCl manifest is stored in an
883 // additonal 'nacl' param associated with the MIME type.
884 // static
GetNaClContentHandlerURL(const std::string & actual_mime_type,const content::WebPluginInfo & plugin)885 GURL ChromeContentRendererClient::GetNaClContentHandlerURL(
886 const std::string& actual_mime_type,
887 const content::WebPluginInfo& plugin) {
888 // Look for the manifest URL among the MIME type's additonal parameters.
889 const char* kNaClPluginManifestAttribute = "nacl";
890 base::string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
891 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
892 if (plugin.mime_types[i].mime_type == actual_mime_type) {
893 const content::WebPluginMimeType& content_type = plugin.mime_types[i];
894 for (size_t i = 0; i < content_type.additional_param_names.size(); ++i) {
895 if (content_type.additional_param_names[i] == nacl_attr)
896 return GURL(content_type.additional_param_values[i]);
897 }
898 break;
899 }
900 }
901 return GURL();
902 }
903
904 // static
IsNaClAllowed(const GURL & manifest_url,const GURL & app_url,bool is_nacl_unrestricted,const Extension * extension,WebPluginParams * params)905 bool ChromeContentRendererClient::IsNaClAllowed(
906 const GURL& manifest_url,
907 const GURL& app_url,
908 bool is_nacl_unrestricted,
909 const Extension* extension,
910 WebPluginParams* params) {
911 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.
912 std::string app_url_host = app_url.host();
913 std::string manifest_url_path = manifest_url.path();
914
915 bool is_whitelisted_web_ui =
916 app_url.spec() == chrome::kChromeUIAppListStartPageURL;
917
918 bool is_photo_app =
919 // Whitelisted apps must be served over https.
920 app_url.SchemeIs("https") &&
921 manifest_url.SchemeIs("https") &&
922 (EndsWith(app_url_host, "plus.google.com", false) ||
923 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
924 manifest_url.DomainIs("ssl.gstatic.com") &&
925 (manifest_url_path.find("s2/oz/nacl/") == 1 ||
926 manifest_url_path.find("photos/nacl/") == 1);
927
928 std::string manifest_fs_host;
929 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {
930 manifest_fs_host = manifest_url.inner_url()->host();
931 }
932 bool is_hangouts_app =
933 // Whitelisted apps must be served over secure scheme.
934 app_url.SchemeIs("https") &&
935 manifest_url.SchemeIsSecure() &&
936 manifest_url.SchemeIsFileSystem() &&
937 (EndsWith(app_url_host, "talkgadget.google.com", false) ||
938 EndsWith(app_url_host, "plus.google.com", false) ||
939 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
940 // The manifest must be loaded from the host's FileSystem.
941 (manifest_fs_host == app_url_host);
942
943 bool is_whitelisted_app = is_photo_app || is_hangouts_app;
944
945 bool is_extension_from_webstore = extension &&
946 extension->from_webstore();
947
948 bool is_invoked_by_hosted_app = extension &&
949 extension->is_hosted_app() &&
950 extension->web_extent().MatchesURL(app_url);
951
952 // Allow built-in extensions and extensions under development.
953 bool is_extension_unrestricted = extension &&
954 (extension->location() == extensions::Manifest::COMPONENT ||
955 extensions::Manifest::IsUnpackedLocation(extension->location()));
956
957 bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
958
959 // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
960 bool is_nacl_pdf_viewer =
961 (is_extension_from_webstore &&
962 manifest_url.SchemeIs("chrome-extension") &&
963 manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
964
965 // Allow Chrome Web Store extensions, built-in extensions and extensions
966 // under development if the invocation comes from a URL with an extension
967 // scheme. Also allow invocations if they are from whitelisted URLs or
968 // if --enable-nacl is set.
969 bool is_nacl_allowed = is_nacl_unrestricted ||
970 is_whitelisted_web_ui ||
971 is_whitelisted_app ||
972 is_nacl_pdf_viewer ||
973 is_invoked_by_hosted_app ||
974 (is_invoked_by_extension &&
975 (is_extension_from_webstore ||
976 is_extension_unrestricted));
977 if (is_nacl_allowed) {
978 bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
979 // Make sure that PPAPI 'dev' interfaces aren't available for production
980 // apps unless they're whitelisted.
981 WebString dev_attribute = WebString::fromUTF8("@dev");
982 if ((!is_whitelisted_app && !is_extension_from_webstore) ||
983 app_can_use_dev_interfaces) {
984 // Add the special '@dev' attribute.
985 std::vector<base::string16> param_names;
986 std::vector<base::string16> param_values;
987 param_names.push_back(dev_attribute);
988 param_values.push_back(WebString());
989 AppendParams(
990 param_names,
991 param_values,
992 ¶ms->attributeNames,
993 ¶ms->attributeValues);
994 } else {
995 // If the params somehow contain '@dev', remove it.
996 size_t attribute_count = params->attributeNames.size();
997 for (size_t i = 0; i < attribute_count; ++i) {
998 if (params->attributeNames[i].equals(dev_attribute))
999 params->attributeNames[i] = WebString();
1000 }
1001 }
1002 }
1003 return is_nacl_allowed;
1004 }
1005
HasErrorPage(int http_status_code,std::string * error_domain)1006 bool ChromeContentRendererClient::HasErrorPage(int http_status_code,
1007 std::string* error_domain) {
1008 // Use an internal error page, if we have one for the status code.
1009 if (!LocalizedError::HasStrings(LocalizedError::kHttpErrorDomain,
1010 http_status_code)) {
1011 return false;
1012 }
1013
1014 *error_domain = LocalizedError::kHttpErrorDomain;
1015 return true;
1016 }
1017
ShouldSuppressErrorPage(content::RenderFrame * render_frame,const GURL & url)1018 bool ChromeContentRendererClient::ShouldSuppressErrorPage(
1019 content::RenderFrame* render_frame,
1020 const GURL& url) {
1021 // Unit tests for ChromeContentRendererClient pass a NULL RenderFrame here.
1022 // Unfortunately it's very difficult to construct a mock RenderView, so skip
1023 // this functionality in this case.
1024 if (render_frame) {
1025 content::RenderView* render_view = render_frame->GetRenderView();
1026 content::RenderFrame* main_render_frame = render_view->GetMainRenderFrame();
1027 blink::WebFrame* web_frame = render_frame->GetWebFrame();
1028 NetErrorHelper* net_error_helper = NetErrorHelper::Get(main_render_frame);
1029 if (net_error_helper->ShouldSuppressErrorPage(web_frame, url))
1030 return true;
1031 }
1032 // Do not flash an error page if the Instant new tab page fails to load.
1033 return search_bouncer_.get() && search_bouncer_->IsNewTabPage(url);
1034 }
1035
GetNavigationErrorStrings(content::RenderView * render_view,blink::WebFrame * frame,const blink::WebURLRequest & failed_request,const blink::WebURLError & error,std::string * error_html,base::string16 * error_description)1036 void ChromeContentRendererClient::GetNavigationErrorStrings(
1037 content::RenderView* render_view,
1038 blink::WebFrame* frame,
1039 const blink::WebURLRequest& failed_request,
1040 const blink::WebURLError& error,
1041 std::string* error_html,
1042 base::string16* error_description) {
1043 const GURL failed_url = error.unreachableURL;
1044 const Extension* extension = NULL;
1045
1046 if (failed_url.is_valid() &&
1047 !failed_url.SchemeIs(extensions::kExtensionScheme)) {
1048 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
1049 failed_url);
1050 }
1051
1052 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST");
1053
1054 if (error_html) {
1055 // Use a local error page.
1056 if (extension && !extension->from_bookmark()) {
1057 // TODO(erikkay): Should we use a different template for different
1058 // error messages?
1059 int resource_id = IDR_ERROR_APP_HTML;
1060 const base::StringPiece template_html(
1061 ResourceBundle::GetSharedInstance().GetRawDataResource(
1062 resource_id));
1063 if (template_html.empty()) {
1064 NOTREACHED() << "unable to load template. ID: " << resource_id;
1065 } else {
1066 base::DictionaryValue error_strings;
1067 LocalizedError::GetAppErrorStrings(failed_url, extension,
1068 &error_strings);
1069 // "t" is the id of the template's root node.
1070 *error_html = webui::GetTemplatesHtml(template_html, &error_strings,
1071 "t");
1072 }
1073 } else {
1074 // TODO(ellyjones): change GetNavigationErrorStrings to take a RenderFrame
1075 // instead of a RenderView, then pass that in.
1076 // This is safe for now because we only install the NetErrorHelper on the
1077 // main render frame anyway; see the TODO(ellyjones) in
1078 // RenderFrameCreated.
1079 content::RenderFrame* main_render_frame =
1080 render_view->GetMainRenderFrame();
1081 NetErrorHelper* helper = NetErrorHelper::Get(main_render_frame);
1082 helper->GetErrorHTML(frame, error, is_post, error_html);
1083 }
1084 }
1085
1086 if (error_description) {
1087 if (!extension)
1088 *error_description = LocalizedError::GetErrorDetails(error, is_post);
1089 }
1090 }
1091
RunIdleHandlerWhenWidgetsHidden()1092 bool ChromeContentRendererClient::RunIdleHandlerWhenWidgetsHidden() {
1093 return !extension_dispatcher_->is_extension_process();
1094 }
1095
AllowPopup()1096 bool ChromeContentRendererClient::AllowPopup() {
1097 extensions::ScriptContext* current_context =
1098 extension_dispatcher_->script_context_set().GetCurrent();
1099 if (!current_context || !current_context->extension())
1100 return false;
1101 // See http://crbug.com/117446 for the subtlety of this check.
1102 switch (current_context->context_type()) {
1103 case extensions::Feature::UNSPECIFIED_CONTEXT:
1104 case extensions::Feature::WEB_PAGE_CONTEXT:
1105 case extensions::Feature::UNBLESSED_EXTENSION_CONTEXT:
1106 return false;
1107 case extensions::Feature::BLESSED_EXTENSION_CONTEXT:
1108 case extensions::Feature::CONTENT_SCRIPT_CONTEXT:
1109 return true;
1110 case extensions::Feature::BLESSED_WEB_PAGE_CONTEXT:
1111 return !current_context->web_frame()->parent();
1112 }
1113 NOTREACHED();
1114 return false;
1115 }
1116
ShouldFork(WebFrame * frame,const GURL & url,const std::string & http_method,bool is_initial_navigation,bool is_server_redirect,bool * send_referrer)1117 bool ChromeContentRendererClient::ShouldFork(WebFrame* frame,
1118 const GURL& url,
1119 const std::string& http_method,
1120 bool is_initial_navigation,
1121 bool is_server_redirect,
1122 bool* send_referrer) {
1123 DCHECK(!frame->parent());
1124
1125 // If this is the Instant process, fork all navigations originating from the
1126 // renderer. The destination page will then be bucketed back to this Instant
1127 // process if it is an Instant url, or to another process if not. Conversely,
1128 // fork if this is a non-Instant process navigating to an Instant url, so that
1129 // such navigations can also be bucketed into an Instant renderer.
1130 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kInstantProcess) ||
1131 (search_bouncer_.get() && search_bouncer_->ShouldFork(url))) {
1132 *send_referrer = true;
1133 return true;
1134 }
1135
1136 // For now, we skip the rest for POST submissions. This is because
1137 // http://crbug.com/101395 is more likely to cause compatibility issues
1138 // with hosted apps and extensions than WebUI pages. We will remove this
1139 // check when cross-process POST submissions are supported.
1140 if (http_method != "GET")
1141 return false;
1142
1143 // If this is the Signin process, fork all navigations originating from the
1144 // renderer. The destination page will then be bucketed back to this Signin
1145 // process if it is a Signin url, or to another process if not.
1146 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSigninProcess)) {
1147 // We never want to allow non-signin pages to fork-on-POST to a
1148 // signin-related action URL. We'll need to handle this carefully once
1149 // http://crbug.com/101395 is fixed. The CHECK ensures we don't forget.
1150 CHECK_NE(http_method, "POST");
1151 return true;
1152 }
1153
1154 // If |url| matches one of the prerendered URLs, stop this navigation and try
1155 // to swap in the prerendered page on the browser process. If the prerendered
1156 // page no longer exists by the time the OpenURL IPC is handled, a normal
1157 // navigation is attempted.
1158 if (prerender_dispatcher_.get() &&
1159 prerender_dispatcher_->IsPrerenderURL(url)) {
1160 *send_referrer = true;
1161 return true;
1162 }
1163
1164 const extensions::ExtensionSet* extensions =
1165 extension_dispatcher_->extensions();
1166
1167 // Determine if the new URL is an extension (excluding bookmark apps).
1168 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
1169 *extensions, url);
1170 bool is_extension_url = !!new_url_extension;
1171
1172 // If the navigation would cross an app extent boundary, we also need
1173 // to defer to the browser to ensure process isolation. This is not necessary
1174 // for server redirects, which will be transferred to a new process by the
1175 // browser process when they are ready to commit. It is necessary for client
1176 // redirects, which won't be transferred in the same way.
1177 if (!is_server_redirect &&
1178 CrossesExtensionExtents(frame, url, *extensions, is_extension_url,
1179 is_initial_navigation)) {
1180 // Include the referrer in this case since we're going from a hosted web
1181 // page. (the packaged case is handled previously by the extension
1182 // navigation test)
1183 *send_referrer = true;
1184
1185 const Extension* extension =
1186 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url);
1187 if (extension && extension->is_app()) {
1188 UMA_HISTOGRAM_ENUMERATION(
1189 extension->is_platform_app() ?
1190 extension_misc::kPlatformAppLaunchHistogram :
1191 extension_misc::kAppLaunchHistogram,
1192 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION,
1193 extension_misc::APP_LAUNCH_BUCKET_BOUNDARY);
1194 }
1195 return true;
1196 }
1197
1198 // If this is a reload, check whether it has the wrong process type. We
1199 // should send it to the browser if it's an extension URL (e.g., hosted app)
1200 // in a normal process, or if it's a process for an extension that has been
1201 // uninstalled.
1202 if (frame->top()->document().url() == url) {
1203 if (is_extension_url != extension_dispatcher_->is_extension_process())
1204 return true;
1205 }
1206
1207 return false;
1208 }
1209
WillSendRequest(blink::WebFrame * frame,content::PageTransition transition_type,const GURL & url,const GURL & first_party_for_cookies,GURL * new_url)1210 bool ChromeContentRendererClient::WillSendRequest(
1211 blink::WebFrame* frame,
1212 content::PageTransition transition_type,
1213 const GURL& url,
1214 const GURL& first_party_for_cookies,
1215 GURL* new_url) {
1216 // Check whether the request should be allowed. If not allowed, we reset the
1217 // URL to something invalid to prevent the request and cause an error.
1218 if (url.SchemeIs(extensions::kExtensionScheme) &&
1219 !extensions::ResourceRequestPolicy::CanRequestResource(
1220 url,
1221 frame,
1222 transition_type,
1223 extension_dispatcher_->extensions())) {
1224 *new_url = GURL(chrome::kExtensionInvalidRequestURL);
1225 return true;
1226 }
1227
1228 if (url.SchemeIs(extensions::kExtensionResourceScheme) &&
1229 !extensions::ResourceRequestPolicy::CanRequestExtensionResourceScheme(
1230 url,
1231 frame)) {
1232 *new_url = GURL(chrome::kExtensionResourceInvalidRequestURL);
1233 return true;
1234 }
1235
1236 const content::RenderView* render_view =
1237 content::RenderView::FromWebView(frame->view());
1238 SearchBox* search_box = SearchBox::Get(render_view);
1239 if (search_box && url.SchemeIs(chrome::kChromeSearchScheme)) {
1240 if (url.host() == chrome::kChromeUIThumbnailHost)
1241 return search_box->GenerateThumbnailURLFromTransientURL(url, new_url);
1242 else if (url.host() == chrome::kChromeUIFaviconHost)
1243 return search_box->GenerateFaviconURLFromTransientURL(url, new_url);
1244 }
1245
1246 return false;
1247 }
1248
DidCreateScriptContext(WebFrame * frame,v8::Handle<v8::Context> context,int extension_group,int world_id)1249 void ChromeContentRendererClient::DidCreateScriptContext(
1250 WebFrame* frame, v8::Handle<v8::Context> context, int extension_group,
1251 int world_id) {
1252 extension_dispatcher_->DidCreateScriptContext(
1253 frame, context, extension_group, world_id);
1254 }
1255
VisitedLinkHash(const char * canonical_url,size_t length)1256 unsigned long long ChromeContentRendererClient::VisitedLinkHash(
1257 const char* canonical_url, size_t length) {
1258 return visited_link_slave_->ComputeURLFingerprint(canonical_url, length);
1259 }
1260
IsLinkVisited(unsigned long long link_hash)1261 bool ChromeContentRendererClient::IsLinkVisited(unsigned long long link_hash) {
1262 return visited_link_slave_->IsVisited(link_hash);
1263 }
1264
1265 blink::WebPrescientNetworking*
GetPrescientNetworking()1266 ChromeContentRendererClient::GetPrescientNetworking() {
1267 return prescient_networking_dispatcher_.get();
1268 }
1269
ShouldOverridePageVisibilityState(const content::RenderFrame * render_frame,blink::WebPageVisibilityState * override_state)1270 bool ChromeContentRendererClient::ShouldOverridePageVisibilityState(
1271 const content::RenderFrame* render_frame,
1272 blink::WebPageVisibilityState* override_state) {
1273 if (!prerender::PrerenderHelper::IsPrerendering(render_frame))
1274 return false;
1275
1276 *override_state = blink::WebPageVisibilityStatePrerender;
1277 return true;
1278 }
1279
SetExtensionDispatcherForTest(extensions::Dispatcher * extension_dispatcher)1280 void ChromeContentRendererClient::SetExtensionDispatcherForTest(
1281 extensions::Dispatcher* extension_dispatcher) {
1282 extension_dispatcher_.reset(extension_dispatcher);
1283 permissions_policy_delegate_.reset(
1284 new extensions::RendererPermissionsPolicyDelegate(
1285 extension_dispatcher_.get()));
1286 }
1287
1288 extensions::Dispatcher*
GetExtensionDispatcherForTest()1289 ChromeContentRendererClient::GetExtensionDispatcherForTest() {
1290 return extension_dispatcher_.get();
1291 }
1292
CrossesExtensionExtents(WebFrame * frame,const GURL & new_url,const extensions::ExtensionSet & extensions,bool is_extension_url,bool is_initial_navigation)1293 bool ChromeContentRendererClient::CrossesExtensionExtents(
1294 WebFrame* frame,
1295 const GURL& new_url,
1296 const extensions::ExtensionSet& extensions,
1297 bool is_extension_url,
1298 bool is_initial_navigation) {
1299 GURL old_url(frame->top()->document().url());
1300
1301 // If old_url is still empty and this is an initial navigation, then this is
1302 // a window.open operation. We should look at the opener URL.
1303 if (is_initial_navigation && old_url.is_empty() && frame->opener()) {
1304 // If we're about to open a normal web page from a same-origin opener stuck
1305 // in an extension process, we want to keep it in process to allow the
1306 // opener to script it.
1307 WebDocument opener_document = frame->opener()->document();
1308 WebSecurityOrigin opener = frame->opener()->document().securityOrigin();
1309 bool opener_is_extension_url =
1310 !opener.isUnique() && extensions.GetExtensionOrAppByURL(
1311 opener_document.url()) != NULL;
1312 if (!is_extension_url &&
1313 !opener_is_extension_url &&
1314 extension_dispatcher_->is_extension_process() &&
1315 opener.canRequest(WebURL(new_url)))
1316 return false;
1317
1318 // In all other cases, we want to compare against the top frame's URL (as
1319 // opposed to the opener frame's), since that's what determines the type of
1320 // process. This allows iframes outside an app to open a popup in the app.
1321 old_url = frame->top()->opener()->top()->document().url();
1322 }
1323
1324 // Only consider keeping non-app URLs in an app process if this window
1325 // has an opener (in which case it might be an OAuth popup that tries to
1326 // script an iframe within the app).
1327 bool should_consider_workaround = !!frame->opener();
1328
1329 return extensions::CrossesExtensionProcessBoundary(
1330 extensions, old_url, new_url, should_consider_workaround);
1331 }
1332
1333 #if defined(ENABLE_SPELLCHECK)
SetSpellcheck(SpellCheck * spellcheck)1334 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) {
1335 RenderThread* thread = RenderThread::Get();
1336 if (spellcheck_.get() && thread)
1337 thread->RemoveObserver(spellcheck_.get());
1338 spellcheck_.reset(spellcheck);
1339 SpellCheckReplacer replacer(spellcheck_.get());
1340 content::RenderView::ForEach(&replacer);
1341 if (thread)
1342 thread->AddObserver(spellcheck_.get());
1343 }
1344 #endif
1345
1346 // static
WasWebRequestUsedBySomeExtensions()1347 bool ChromeContentRendererClient::WasWebRequestUsedBySomeExtensions() {
1348 return g_current_client->extension_dispatcher_delegate_
1349 ->WasWebRequestUsedBySomeExtensions();
1350 }
1351
CreatePPAPIInterface(const std::string & interface_name)1352 const void* ChromeContentRendererClient::CreatePPAPIInterface(
1353 const std::string& interface_name) {
1354 #if defined(ENABLE_PLUGINS)
1355 #if !defined(DISABLE_NACL)
1356 if (interface_name == PPB_NACL_PRIVATE_INTERFACE)
1357 return nacl::GetNaClPrivateInterface();
1358 #endif // DISABLE_NACL
1359 if (interface_name == PPB_PDF_INTERFACE)
1360 return PPB_PDF_Impl::GetInterface();
1361 #endif
1362 return NULL;
1363 }
1364
IsExternalPepperPlugin(const std::string & module_name)1365 bool ChromeContentRendererClient::IsExternalPepperPlugin(
1366 const std::string& module_name) {
1367 // TODO(bbudge) remove this when the trusted NaCl plugin has been removed.
1368 // We must defer certain plugin events for NaCl instances since we switch
1369 // from the in-process to the out-of-process proxy after instantiating them.
1370 return module_name == "Native Client";
1371 }
1372
IsExtensionOrSharedModuleWhitelisted(const GURL & url,const std::set<std::string> & whitelist)1373 bool ChromeContentRendererClient::IsExtensionOrSharedModuleWhitelisted(
1374 const GURL& url, const std::set<std::string>& whitelist) {
1375 const extensions::ExtensionSet* extension_set =
1376 g_current_client->extension_dispatcher_->extensions();
1377 return chrome::IsExtensionOrSharedModuleWhitelisted(url, extension_set,
1378 whitelist);
1379 }
1380
1381 blink::WebSpeechSynthesizer*
OverrideSpeechSynthesizer(blink::WebSpeechSynthesizerClient * client)1382 ChromeContentRendererClient::OverrideSpeechSynthesizer(
1383 blink::WebSpeechSynthesizerClient* client) {
1384 return new TtsDispatcher(client);
1385 }
1386
AllowPepperMediaStreamAPI(const GURL & url)1387 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
1388 const GURL& url) {
1389 #if !defined(OS_ANDROID)
1390 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
1391 // the whitelist in the renderer, since we're only preventing access until
1392 // these APIs are public and stable.
1393 std::string url_host = url.host();
1394 if (url.SchemeIs("https") &&
1395 (EndsWith(url_host, "talkgadget.google.com", false) ||
1396 EndsWith(url_host, "plus.google.com", false) ||
1397 EndsWith(url_host, "plus.sandbox.google.com", false)) &&
1398 StartsWithASCII(url.path(), "/hangouts/", false)) {
1399 return true;
1400 }
1401 // Allow access for tests.
1402 if (CommandLine::ForCurrentProcess()->HasSwitch(
1403 switches::kEnablePepperTesting)) {
1404 return true;
1405 }
1406 #endif // !defined(OS_ANDROID)
1407 return false;
1408 }
1409
AddKeySystems(std::vector<content::KeySystemInfo> * key_systems)1410 void ChromeContentRendererClient::AddKeySystems(
1411 std::vector<content::KeySystemInfo>* key_systems) {
1412 AddChromeKeySystems(key_systems);
1413 }
1414
ShouldReportDetailedMessageForSource(const base::string16 & source) const1415 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(
1416 const base::string16& source) const {
1417 return extensions::IsSourceFromAnExtension(source);
1418 }
1419
ShouldEnableSiteIsolationPolicy() const1420 bool ChromeContentRendererClient::ShouldEnableSiteIsolationPolicy() const {
1421 // SiteIsolationPolicy is off by default. We would like to activate cross-site
1422 // document blocking (for UMA data collection) for normal renderer processes
1423 // running a normal web page from the Internet. We only turn on
1424 // SiteIsolationPolicy for a renderer process that does not have the extension
1425 // flag on.
1426 CommandLine* command_line = CommandLine::ForCurrentProcess();
1427 return !command_line->HasSwitch(extensions::switches::kExtensionProcess);
1428 }
1429
1430 blink::WebWorkerPermissionClientProxy*
CreateWorkerPermissionClientProxy(content::RenderFrame * render_frame,blink::WebFrame * frame)1431 ChromeContentRendererClient::CreateWorkerPermissionClientProxy(
1432 content::RenderFrame* render_frame,
1433 blink::WebFrame* frame) {
1434 return new WorkerPermissionClientProxy(render_frame, frame);
1435 }
1436