• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "content/child/npapi/webplugin_delegate_impl.h"
6 
7 #include <map>
8 #include <set>
9 #include <string>
10 #include <vector>
11 
12 #include "base/bind.h"
13 #include "base/compiler_specific.h"
14 #include "base/lazy_instance.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/message_loop/message_loop.h"
17 #include "base/metrics/stats_counters.h"
18 #include "base/strings/string_util.h"
19 #include "base/strings/stringprintf.h"
20 #include "base/synchronization/lock.h"
21 #include "base/version.h"
22 #include "base/win/iat_patch_function.h"
23 #include "base/win/registry.h"
24 #include "base/win/windows_version.h"
25 #include "content/child/npapi/plugin_instance.h"
26 #include "content/child/npapi/plugin_lib.h"
27 #include "content/child/npapi/plugin_stream_url.h"
28 #include "content/child/npapi/webplugin.h"
29 #include "content/child/npapi/webplugin_ime_win.h"
30 #include "content/common/cursors/webcursor.h"
31 #include "content/common/plugin_constants_win.h"
32 #include "content/public/common/content_constants.h"
33 #include "skia/ext/platform_canvas.h"
34 #include "third_party/WebKit/public/web/WebInputEvent.h"
35 #include "ui/gfx/win/dpi.h"
36 #include "ui/gfx/win/hwnd_util.h"
37 
38 using blink::WebKeyboardEvent;
39 using blink::WebInputEvent;
40 using blink::WebMouseEvent;
41 
42 namespace content {
43 
44 namespace {
45 
46 const wchar_t kWebPluginDelegateProperty[] = L"WebPluginDelegateProperty";
47 const wchar_t kPluginFlashThrottle[] = L"FlashThrottle";
48 
49 // The fastest we are willing to process WM_USER+1 events for Flash.
50 // Flash can easily exceed the limits of our CPU if we don't throttle it.
51 // The throttle has been chosen by testing various delays and compromising
52 // on acceptable Flash performance and reasonable CPU consumption.
53 //
54 // I'd like to make the throttle delay variable, based on the amount of
55 // time currently required to paint Flash plugins.  There isn't a good
56 // way to count the time spent in aggregate plugin painting, however, so
57 // this seems to work well enough.
58 const int kFlashWMUSERMessageThrottleDelayMs = 5;
59 
60 // Flash displays popups in response to user clicks by posting a WM_USER
61 // message to the plugin window. The handler for this message displays
62 // the popup. To ensure that the popups allowed state is sent correctly
63 // to the renderer we reset the popups allowed state in a timer.
64 const int kWindowedPluginPopupTimerMs = 50;
65 
66 // The current instance of the plugin which entered the modal loop.
67 WebPluginDelegateImpl* g_current_plugin_instance = NULL;
68 
69 typedef std::deque<MSG> ThrottleQueue;
70 base::LazyInstance<ThrottleQueue> g_throttle_queue = LAZY_INSTANCE_INITIALIZER;
71 
72 base::LazyInstance<std::map<HWND, WNDPROC> > g_window_handle_proc_map =
73     LAZY_INSTANCE_INITIALIZER;
74 
75 // Helper object for patching the TrackPopupMenu API.
76 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_track_popup_menu =
77     LAZY_INSTANCE_INITIALIZER;
78 
79 // Helper object for patching the SetCursor API.
80 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_set_cursor =
81     LAZY_INSTANCE_INITIALIZER;
82 
83 // Helper object for patching the RegEnumKeyExW API.
84 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_reg_enum_key_ex_w =
85     LAZY_INSTANCE_INITIALIZER;
86 
87 // Helper object for patching the GetProcAddress API.
88 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_get_proc_address =
89     LAZY_INSTANCE_INITIALIZER;
90 
91 base::LazyInstance<base::win::IATPatchFunction> g_iat_patch_window_from_point =
92     LAZY_INSTANCE_INITIALIZER;
93 
94 // http://crbug.com/16114
95 // Enforces providing a valid device context in NPWindow, so that NPP_SetWindow
96 // is never called with NPNWindoTypeDrawable and NPWindow set to NULL.
97 // Doing so allows removing NPP_SetWindow call during painting a windowless
98 // plugin, which otherwise could trigger layout change while painting by
99 // invoking NPN_Evaluate. Which would cause bad, bad crashes. Bad crashes.
100 // TODO(dglazkov): If this approach doesn't produce regressions, move class to
101 // webplugin_delegate_impl.h and implement for other platforms.
102 class DrawableContextEnforcer {
103  public:
DrawableContextEnforcer(NPWindow * window)104   explicit DrawableContextEnforcer(NPWindow* window)
105       : window_(window),
106         disposable_dc_(window && !window->window) {
107     // If NPWindow is NULL, create a device context with monochrome 1x1 surface
108     // and stuff it to NPWindow.
109     if (disposable_dc_)
110       window_->window = CreateCompatibleDC(NULL);
111   }
112 
~DrawableContextEnforcer()113   ~DrawableContextEnforcer() {
114     if (!disposable_dc_)
115       return;
116 
117     DeleteDC(static_cast<HDC>(window_->window));
118     window_->window = NULL;
119   }
120 
121  private:
122   NPWindow* window_;
123   bool disposable_dc_;
124 };
125 
126 // These are from ntddk.h
127 typedef LONG NTSTATUS;
128 
129 #ifndef STATUS_SUCCESS
130 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
131 #endif
132 
133 #ifndef STATUS_BUFFER_TOO_SMALL
134 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
135 #endif
136 
137 typedef enum _KEY_INFORMATION_CLASS {
138   KeyBasicInformation,
139   KeyNodeInformation,
140   KeyFullInformation,
141   KeyNameInformation,
142   KeyCachedInformation,
143   KeyVirtualizationInformation
144 } KEY_INFORMATION_CLASS;
145 
146 typedef struct _KEY_NAME_INFORMATION {
147   ULONG NameLength;
148   WCHAR Name[1];
149 } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
150 
151 typedef DWORD (__stdcall *ZwQueryKeyType)(
152     HANDLE  key_handle,
153     int key_information_class,
154     PVOID  key_information,
155     ULONG  length,
156     PULONG  result_length);
157 
158 // Returns a key's full path.
GetKeyPath(HKEY key)159 std::wstring GetKeyPath(HKEY key) {
160   if (key == NULL)
161     return L"";
162 
163   HMODULE dll = GetModuleHandle(L"ntdll.dll");
164   if (dll == NULL)
165     return L"";
166 
167   ZwQueryKeyType func = reinterpret_cast<ZwQueryKeyType>(
168       ::GetProcAddress(dll, "ZwQueryKey"));
169   if (func == NULL)
170     return L"";
171 
172   DWORD size = 0;
173   DWORD result = 0;
174   result = func(key, KeyNameInformation, 0, 0, &size);
175   if (result != STATUS_BUFFER_TOO_SMALL)
176     return L"";
177 
178   scoped_ptr<char[]> buffer(new char[size]);
179   if (buffer.get() == NULL)
180     return L"";
181 
182   result = func(key, KeyNameInformation, buffer.get(), size, &size);
183   if (result != STATUS_SUCCESS)
184     return L"";
185 
186   KEY_NAME_INFORMATION* info =
187       reinterpret_cast<KEY_NAME_INFORMATION*>(buffer.get());
188   return std::wstring(info->Name, info->NameLength / sizeof(wchar_t));
189 }
190 
GetPluginMajorVersion(const WebPluginInfo & plugin_info)191 int GetPluginMajorVersion(const WebPluginInfo& plugin_info) {
192   Version plugin_version;
193   WebPluginInfo::CreateVersionFromString(plugin_info.version, &plugin_version);
194 
195   int major_version = 0;
196   if (plugin_version.IsValid())
197     major_version = plugin_version.components()[0];
198 
199   return major_version;
200 }
201 
202 }  // namespace
203 
HandleEventMessageFilterHook(int code,WPARAM wParam,LPARAM lParam)204 LRESULT CALLBACK WebPluginDelegateImpl::HandleEventMessageFilterHook(
205     int code, WPARAM wParam, LPARAM lParam) {
206   if (g_current_plugin_instance) {
207     g_current_plugin_instance->OnModalLoopEntered();
208   } else {
209     NOTREACHED();
210   }
211   return CallNextHookEx(NULL, code, wParam, lParam);
212 }
213 
MouseHookProc(int code,WPARAM wParam,LPARAM lParam)214 LRESULT CALLBACK WebPluginDelegateImpl::MouseHookProc(
215     int code, WPARAM wParam, LPARAM lParam) {
216   if (code == HC_ACTION) {
217     MOUSEHOOKSTRUCT* hook_struct = reinterpret_cast<MOUSEHOOKSTRUCT*>(lParam);
218     if (hook_struct)
219       HandleCaptureForMessage(hook_struct->hwnd, wParam);
220   }
221 
222   return CallNextHookEx(NULL, code, wParam, lParam);
223 }
224 
WebPluginDelegateImpl(WebPlugin * plugin,PluginInstance * instance)225 WebPluginDelegateImpl::WebPluginDelegateImpl(
226     WebPlugin* plugin,
227     PluginInstance* instance)
228     : instance_(instance),
229       quirks_(0),
230       plugin_(plugin),
231       windowless_(false),
232       windowed_handle_(NULL),
233       windowed_did_set_window_(false),
234       plugin_wnd_proc_(NULL),
235       last_message_(0),
236       is_calling_wndproc(false),
237       dummy_window_for_activation_(NULL),
238       dummy_window_parent_(NULL),
239       old_dummy_window_proc_(NULL),
240       handle_event_message_filter_hook_(NULL),
241       handle_event_pump_messages_event_(NULL),
242       user_gesture_message_posted_(false),
243       user_gesture_msg_factory_(this),
244       handle_event_depth_(0),
245       mouse_hook_(NULL),
246       first_set_window_call_(true),
247       plugin_has_focus_(false),
248       has_webkit_focus_(false),
249       containing_view_has_focus_(true),
250       creation_succeeded_(false) {
251   memset(&window_, 0, sizeof(window_));
252 
253   const WebPluginInfo& plugin_info = instance_->plugin_lib()->plugin_info();
254   std::wstring filename =
255       base::StringToLowerASCII(plugin_info.path.BaseName().value());
256 
257   if (instance_->mime_type() == kFlashPluginSwfMimeType ||
258       filename == kFlashPlugin) {
259     // Flash only requests windowless plugins if we return a Mozilla user
260     // agent.
261     instance_->set_use_mozilla_user_agent();
262     quirks_ |= PLUGIN_QUIRK_THROTTLE_WM_USER_PLUS_ONE;
263     quirks_ |= PLUGIN_QUIRK_PATCH_SETCURSOR;
264     quirks_ |= PLUGIN_QUIRK_ALWAYS_NOTIFY_SUCCESS;
265     quirks_ |= PLUGIN_QUIRK_HANDLE_MOUSE_CAPTURE;
266     quirks_ |= PLUGIN_QUIRK_EMULATE_IME;
267     quirks_ |= PLUGIN_QUIRK_FAKE_WINDOW_FROM_POINT;
268   } else if (filename == kAcrobatReaderPlugin) {
269     // Check for the version number above or equal 9.
270     int major_version = GetPluginMajorVersion(plugin_info);
271     if (major_version >= 9) {
272       quirks_ |= PLUGIN_QUIRK_DIE_AFTER_UNLOAD;
273       // 9.2 needs this.
274       quirks_ |= PLUGIN_QUIRK_SETWINDOW_TWICE;
275     }
276     quirks_ |= PLUGIN_QUIRK_BLOCK_NONSTANDARD_GETURL_REQUESTS;
277   } else if (plugin_info.name.find(L"Windows Media Player") !=
278              std::wstring::npos) {
279     // Windows Media Player needs two NPP_SetWindow calls.
280     quirks_ |= PLUGIN_QUIRK_SETWINDOW_TWICE;
281 
282     // Windowless mode doesn't work in the WMP NPAPI plugin.
283     quirks_ |= PLUGIN_QUIRK_NO_WINDOWLESS;
284 
285     // The media player plugin sets its size on the first NPP_SetWindow call
286     // and never updates its size. We should call the underlying NPP_SetWindow
287     // only when we have the correct size.
288     quirks_ |= PLUGIN_QUIRK_IGNORE_FIRST_SETWINDOW_CALL;
289 
290     if (filename == kOldWMPPlugin) {
291       // Non-admin users on XP couldn't modify the key to force the new UI.
292       quirks_ |= PLUGIN_QUIRK_PATCH_REGENUMKEYEXW;
293     }
294   } else if (instance_->mime_type() == "audio/x-pn-realaudio-plugin" ||
295              filename == kRealPlayerPlugin) {
296     quirks_ |= PLUGIN_QUIRK_DONT_CALL_WND_PROC_RECURSIVELY;
297   } else if (plugin_info.name.find(L"VLC Multimedia Plugin") !=
298              std::wstring::npos ||
299              plugin_info.name.find(L"VLC Multimedia Plug-in") !=
300              std::wstring::npos) {
301     // VLC hangs on NPP_Destroy if we call NPP_SetWindow with a null window
302     // handle
303     quirks_ |= PLUGIN_QUIRK_DONT_SET_NULL_WINDOW_HANDLE_ON_DESTROY;
304     int major_version = GetPluginMajorVersion(plugin_info);
305     if (major_version == 0) {
306       // VLC 0.8.6d and 0.8.6e crash if multiple instances are created.
307       quirks_ |= PLUGIN_QUIRK_DONT_ALLOW_MULTIPLE_INSTANCES;
308     }
309   } else if (filename == kSilverlightPlugin) {
310     // Explanation for this quirk can be found in
311     // WebPluginDelegateImpl::Initialize.
312     quirks_ |= PLUGIN_QUIRK_PATCH_SETCURSOR;
313   } else if (plugin_info.name.find(L"DivX Web Player") !=
314              std::wstring::npos) {
315     // The divx plugin sets its size on the first NPP_SetWindow call and never
316     // updates its size. We should call the underlying NPP_SetWindow only when
317     // we have the correct size.
318     quirks_ |= PLUGIN_QUIRK_IGNORE_FIRST_SETWINDOW_CALL;
319   }
320 }
321 
~WebPluginDelegateImpl()322 WebPluginDelegateImpl::~WebPluginDelegateImpl() {
323   if (::IsWindow(dummy_window_for_activation_)) {
324     WNDPROC current_wnd_proc = reinterpret_cast<WNDPROC>(
325         GetWindowLongPtr(dummy_window_for_activation_, GWLP_WNDPROC));
326     if (current_wnd_proc == DummyWindowProc) {
327       SetWindowLongPtr(dummy_window_for_activation_,
328                        GWLP_WNDPROC,
329                        reinterpret_cast<LONG_PTR>(old_dummy_window_proc_));
330     }
331     ::DestroyWindow(dummy_window_for_activation_);
332   }
333 
334   DestroyInstance();
335 
336   if (!windowless_)
337     WindowedDestroyWindow();
338 
339   if (handle_event_pump_messages_event_) {
340     CloseHandle(handle_event_pump_messages_event_);
341   }
342 }
343 
PlatformInitialize()344 bool WebPluginDelegateImpl::PlatformInitialize() {
345   plugin_->SetWindow(windowed_handle_);
346 
347   if (windowless_) {
348     CreateDummyWindowForActivation();
349     handle_event_pump_messages_event_ = CreateEvent(NULL, TRUE, FALSE, NULL);
350     plugin_->SetWindowlessData(
351         handle_event_pump_messages_event_,
352         reinterpret_cast<gfx::NativeViewId>(dummy_window_for_activation_));
353   }
354 
355   // Windowless plugins call the WindowFromPoint API and passes the result of
356   // that to the TrackPopupMenu API call as the owner window. This causes the
357   // API to fail as the API expects the window handle to live on the same
358   // thread as the caller. It works in the other browsers as the plugin lives
359   // on the browser thread. Our workaround is to intercept the TrackPopupMenu
360   // API and replace the window handle with the dummy activation window.
361   if (windowless_ && !g_iat_patch_track_popup_menu.Pointer()->is_patched()) {
362     g_iat_patch_track_popup_menu.Pointer()->Patch(
363         GetPluginPath().value().c_str(), "user32.dll", "TrackPopupMenu",
364         WebPluginDelegateImpl::TrackPopupMenuPatch);
365   }
366 
367   // Windowless plugins can set cursors by calling the SetCursor API. This
368   // works because the thread inputs of the browser UI thread and the plugin
369   // thread are attached. We intercept the SetCursor API for windowless
370   // plugins and remember the cursor being set. This is shipped over to the
371   // browser in the HandleEvent call, which ensures that the cursor does not
372   // change when a windowless plugin instance changes the cursor
373   // in a background tab.
374   if (windowless_ && !g_iat_patch_set_cursor.Pointer()->is_patched() &&
375       (quirks_ & PLUGIN_QUIRK_PATCH_SETCURSOR)) {
376     g_iat_patch_set_cursor.Pointer()->Patch(
377         GetPluginPath().value().c_str(), "user32.dll", "SetCursor",
378         WebPluginDelegateImpl::SetCursorPatch);
379   }
380 
381   // The windowed flash plugin has a bug which occurs when the plugin enters
382   // fullscreen mode. It basically captures the mouse on WM_LBUTTONDOWN and
383   // does not release capture correctly causing it to stop receiving
384   // subsequent mouse events. This problem is also seen in Safari where there
385   // is code to handle this in the wndproc. However the plugin subclasses the
386   // window again in WM_LBUTTONDOWN before entering full screen. As a result
387   // Safari does not receive the WM_LBUTTONUP message. To workaround this
388   // issue we use a per thread mouse hook. This bug does not occur in Firefox
389   // and opera. Firefox has code similar to Safari. It could well be a bug in
390   // the flash plugin, which only occurs in webkit based browsers.
391   if (quirks_ & PLUGIN_QUIRK_HANDLE_MOUSE_CAPTURE) {
392     mouse_hook_ = SetWindowsHookEx(WH_MOUSE, MouseHookProc, NULL,
393                                     GetCurrentThreadId());
394   }
395 
396   // On XP, WMP will use its old UI unless a registry key under HKLM has the
397   // name of the current process.  We do it in the installer for admin users,
398   // for the rest patch this function.
399   if ((quirks_ & PLUGIN_QUIRK_PATCH_REGENUMKEYEXW) &&
400       base::win::GetVersion() == base::win::VERSION_XP &&
401       (base::win::RegKey().Open(HKEY_LOCAL_MACHINE,
402           L"SOFTWARE\\Microsoft\\MediaPlayer\\ShimInclusionList\\chrome.exe",
403           KEY_READ) != ERROR_SUCCESS) &&
404       !g_iat_patch_reg_enum_key_ex_w.Pointer()->is_patched()) {
405     g_iat_patch_reg_enum_key_ex_w.Pointer()->Patch(
406         L"wmpdxm.dll", "advapi32.dll", "RegEnumKeyExW",
407         WebPluginDelegateImpl::RegEnumKeyExWPatch);
408   }
409 
410   // Flash retrieves the pointers to IMM32 functions with GetProcAddress() calls
411   // and use them to retrieve IME data. We add a patch to this function so we
412   // can dispatch these IMM32 calls to the WebPluginIMEWin class, which emulates
413   // IMM32 functions for Flash.
414   if (!g_iat_patch_get_proc_address.Pointer()->is_patched() &&
415       (quirks_ & PLUGIN_QUIRK_EMULATE_IME)) {
416     g_iat_patch_get_proc_address.Pointer()->Patch(
417         GetPluginPath().value().c_str(), "kernel32.dll", "GetProcAddress",
418         GetProcAddressPatch);
419   }
420 
421   if (windowless_ && !g_iat_patch_window_from_point.Pointer()->is_patched() &&
422       (quirks_ & PLUGIN_QUIRK_FAKE_WINDOW_FROM_POINT)) {
423     g_iat_patch_window_from_point.Pointer()->Patch(
424         GetPluginPath().value().c_str(), "user32.dll", "WindowFromPoint",
425         WebPluginDelegateImpl::WindowFromPointPatch);
426   }
427 
428   return true;
429 }
430 
PlatformDestroyInstance()431 void WebPluginDelegateImpl::PlatformDestroyInstance() {
432   if (!instance_->plugin_lib())
433     return;
434 
435   // Unpatch if this is the last plugin instance.
436   if (instance_->plugin_lib()->instance_count() != 1)
437     return;
438 
439   if (g_iat_patch_set_cursor.Pointer()->is_patched())
440     g_iat_patch_set_cursor.Pointer()->Unpatch();
441 
442   if (g_iat_patch_track_popup_menu.Pointer()->is_patched())
443     g_iat_patch_track_popup_menu.Pointer()->Unpatch();
444 
445   if (g_iat_patch_reg_enum_key_ex_w.Pointer()->is_patched())
446     g_iat_patch_reg_enum_key_ex_w.Pointer()->Unpatch();
447 
448   if (g_iat_patch_window_from_point.Pointer()->is_patched())
449     g_iat_patch_window_from_point.Pointer()->Unpatch();
450 
451   if (mouse_hook_) {
452     UnhookWindowsHookEx(mouse_hook_);
453     mouse_hook_ = NULL;
454   }
455 }
456 
Paint(SkCanvas * canvas,const gfx::Rect & rect)457 void WebPluginDelegateImpl::Paint(SkCanvas* canvas, const gfx::Rect& rect) {
458   if (windowless_ && skia::SupportsPlatformPaint(canvas)) {
459     skia::ScopedPlatformPaint scoped_platform_paint(canvas);
460     HDC hdc = scoped_platform_paint.GetPlatformSurface();
461     WindowlessPaint(hdc, rect);
462   }
463 }
464 
WindowedCreatePlugin()465 bool WebPluginDelegateImpl::WindowedCreatePlugin() {
466   DCHECK(!windowed_handle_);
467 
468   RegisterNativeWindowClass();
469 
470   // The window will be sized and shown later.
471   windowed_handle_ = CreateWindowEx(
472       WS_EX_LEFT | WS_EX_LTRREADING | WS_EX_RIGHTSCROLLBAR,
473       kNativeWindowClassName,
474       0,
475       WS_POPUP | WS_CLIPCHILDREN | WS_CLIPSIBLINGS,
476       0,
477       0,
478       0,
479       0,
480       GetDesktopWindow(),
481       0,
482       GetModuleHandle(NULL),
483       0);
484   if (windowed_handle_ == 0)
485     return false;
486 
487     // This is a tricky workaround for Issue 2673 in chromium "Flash: IME not
488     // available". To use IMEs in this window, we have to make Windows attach
489   // IMEs to this window (i.e. load IME DLLs, attach them to this process, and
490   // add their message hooks to this window). Windows attaches IMEs while this
491   // process creates a top-level window. On the other hand, to layout this
492   // window correctly in the given parent window (RenderWidgetHostViewWin or
493   // RenderWidgetHostViewAura), this window should be a child window of the
494   // parent window. To satisfy both of the above conditions, this code once
495   // creates a top-level window and change it to a child window of the parent
496   // window (in the browser process).
497     SetWindowLongPtr(windowed_handle_, GWL_STYLE,
498                      WS_CHILD | WS_CLIPCHILDREN | WS_CLIPSIBLINGS);
499 
500   BOOL result = SetProp(windowed_handle_, kWebPluginDelegateProperty, this);
501   DCHECK(result == TRUE) << "SetProp failed, last error = " << GetLastError();
502 
503   // Calling SetWindowLongPtrA here makes the window proc ASCII, which is
504   // required by at least the Shockwave Director plug-in.
505   SetWindowLongPtrA(windowed_handle_,
506                     GWLP_WNDPROC,
507                     reinterpret_cast<LONG_PTR>(DefWindowProcA));
508 
509   return true;
510 }
511 
WindowedDestroyWindow()512 void WebPluginDelegateImpl::WindowedDestroyWindow() {
513   if (windowed_handle_ != NULL) {
514     // Unsubclass the window.
515     WNDPROC current_wnd_proc = reinterpret_cast<WNDPROC>(
516         GetWindowLongPtr(windowed_handle_, GWLP_WNDPROC));
517     if (current_wnd_proc == NativeWndProc) {
518       SetWindowLongPtr(windowed_handle_,
519                        GWLP_WNDPROC,
520                        reinterpret_cast<LONG_PTR>(plugin_wnd_proc_));
521     }
522 
523     plugin_->WillDestroyWindow(windowed_handle_);
524 
525     DestroyWindow(windowed_handle_);
526     windowed_handle_ = 0;
527   }
528 }
529 
530 // Erase all messages in the queue destined for a particular window.
531 // When windows are closing, callers should use this function to clear
532 // the queue.
533 // static
ClearThrottleQueueForWindow(HWND window)534 void WebPluginDelegateImpl::ClearThrottleQueueForWindow(HWND window) {
535   ThrottleQueue* throttle_queue = g_throttle_queue.Pointer();
536 
537   ThrottleQueue::iterator it;
538   for (it = throttle_queue->begin(); it != throttle_queue->end(); ) {
539     if (it->hwnd == window) {
540       it = throttle_queue->erase(it);
541     } else {
542       it++;
543     }
544   }
545 }
546 
547 // Delayed callback for processing throttled messages.
548 // Throttled messages are aggregated globally across all plugins.
549 // static
OnThrottleMessage()550 void WebPluginDelegateImpl::OnThrottleMessage() {
551   // The current algorithm walks the list and processes the first
552   // message it finds for each plugin.  It is important to service
553   // all active plugins with each pass through the throttle, otherwise
554   // we see video jankiness.  Copy the set to notify before notifying
555   // since we may re-enter OnThrottleMessage from CallWindowProc!
556   ThrottleQueue* throttle_queue = g_throttle_queue.Pointer();
557   ThrottleQueue notify_queue;
558   std::set<HWND> processed;
559 
560   ThrottleQueue::iterator it = throttle_queue->begin();
561   while (it != throttle_queue->end()) {
562     const MSG& msg = *it;
563     if (processed.find(msg.hwnd) == processed.end()) {
564       processed.insert(msg.hwnd);
565       notify_queue.push_back(msg);
566       it = throttle_queue->erase(it);
567     } else {
568       it++;
569     }
570   }
571 
572   // Due to re-entrancy, we must save our queue state now.  Otherwise, we may
573   // self-post below, and *also* start up another delayed task when the first
574   // entry is pushed onto the queue in ThrottleMessage().
575   bool throttle_queue_was_empty = throttle_queue->empty();
576 
577   for (it = notify_queue.begin(); it != notify_queue.end(); ++it) {
578     const MSG& msg = *it;
579     WNDPROC proc = reinterpret_cast<WNDPROC>(msg.time);
580     // It is possible that the window was closed after we queued
581     // this message.  This is a rare event; just verify the window
582     // is alive.  (see also bug 1259488)
583     if (IsWindow(msg.hwnd))
584       CallWindowProc(proc, msg.hwnd, msg.message, msg.wParam, msg.lParam);
585   }
586 
587   if (!throttle_queue_was_empty) {
588     base::MessageLoop::current()->PostDelayedTask(
589         FROM_HERE,
590         base::Bind(&WebPluginDelegateImpl::OnThrottleMessage),
591         base::TimeDelta::FromMilliseconds(kFlashWMUSERMessageThrottleDelayMs));
592   }
593 }
594 
595 // Schedule a windows message for delivery later.
596 // static
ThrottleMessage(WNDPROC proc,HWND hwnd,UINT message,WPARAM wParam,LPARAM lParam)597 void WebPluginDelegateImpl::ThrottleMessage(WNDPROC proc, HWND hwnd,
598                                             UINT message, WPARAM wParam,
599                                             LPARAM lParam) {
600   MSG msg;
601   msg.time = reinterpret_cast<DWORD>(proc);
602   msg.hwnd = hwnd;
603   msg.message = message;
604   msg.wParam = wParam;
605   msg.lParam = lParam;
606 
607   ThrottleQueue* throttle_queue = g_throttle_queue.Pointer();
608 
609   throttle_queue->push_back(msg);
610 
611   if (throttle_queue->size() == 1) {
612     base::MessageLoop::current()->PostDelayedTask(
613         FROM_HERE,
614         base::Bind(&WebPluginDelegateImpl::OnThrottleMessage),
615         base::TimeDelta::FromMilliseconds(kFlashWMUSERMessageThrottleDelayMs));
616   }
617 }
618 
619 // We go out of our way to find the hidden windows created by Flash for
620 // windowless plugins.  We throttle the rate at which they deliver messages
621 // so that they will not consume outrageous amounts of CPU.
622 // static
FlashWindowlessWndProc(HWND hwnd,UINT message,WPARAM wparam,LPARAM lparam)623 LRESULT CALLBACK WebPluginDelegateImpl::FlashWindowlessWndProc(
624     HWND hwnd, UINT message, WPARAM wparam, LPARAM lparam) {
625   std::map<HWND, WNDPROC>::iterator index =
626       g_window_handle_proc_map.Get().find(hwnd);
627 
628   WNDPROC old_proc = (*index).second;
629   DCHECK(old_proc);
630 
631   switch (message) {
632     case WM_NCDESTROY: {
633       WebPluginDelegateImpl::ClearThrottleQueueForWindow(hwnd);
634       g_window_handle_proc_map.Get().erase(index);
635       break;
636     }
637     // Flash may flood the message queue with WM_USER+1 message causing 100% CPU
638     // usage.  See https://bugzilla.mozilla.org/show_bug.cgi?id=132759.  We
639     // prevent this by throttling the messages.
640     case WM_USER + 1: {
641       WebPluginDelegateImpl::ThrottleMessage(old_proc, hwnd, message, wparam,
642                                              lparam);
643       return TRUE;
644     }
645 
646     default: {
647       break;
648     }
649   }
650   return CallWindowProc(old_proc, hwnd, message, wparam, lparam);
651 }
652 
DummyWindowProc(HWND hwnd,UINT message,WPARAM w_param,LPARAM l_param)653 LRESULT CALLBACK WebPluginDelegateImpl::DummyWindowProc(
654     HWND hwnd, UINT message, WPARAM w_param, LPARAM l_param) {
655   WebPluginDelegateImpl* delegate = reinterpret_cast<WebPluginDelegateImpl*>(
656       GetProp(hwnd, kWebPluginDelegateProperty));
657   CHECK(delegate);
658   if (message == WM_WINDOWPOSCHANGING) {
659     // We need to know when the dummy window is parented because windowless
660     // plugins need the parent window for things like menus. There's no message
661     // for a parent being changed, but a WM_WINDOWPOSCHANGING is sent so we
662     // check every time we get it.
663     // For non-aura builds, this never changes since RenderWidgetHostViewWin's
664     // window is constant. For aura builds, this changes every time the tab gets
665     // dragged to a new window.
666     HWND parent = GetParent(hwnd);
667     if (parent != delegate->dummy_window_parent_) {
668       delegate->dummy_window_parent_ = parent;
669 
670       // Set the containing window handle as the instance window handle. This is
671       // what Safari does. Not having a valid window handle causes subtle bugs
672       // with plugins which retrieve the window handle and use it for things
673       // like context menus. The window handle can be retrieved via
674       // NPN_GetValue of NPNVnetscapeWindow.
675       delegate->instance_->set_window_handle(parent);
676 
677       // The plugin caches the result of NPNVnetscapeWindow when we originally
678       // called NPP_SetWindow, so force it to get the new value.
679       delegate->WindowlessSetWindow();
680     }
681   } else if (message == WM_NCDESTROY) {
682     RemoveProp(hwnd, kWebPluginDelegateProperty);
683   }
684   return CallWindowProc(
685       delegate->old_dummy_window_proc_, hwnd, message, w_param, l_param);
686 }
687 
688 // Callback for enumerating the Flash windows.
EnumFlashWindows(HWND window,LPARAM arg)689 BOOL CALLBACK EnumFlashWindows(HWND window, LPARAM arg) {
690   WNDPROC wnd_proc = reinterpret_cast<WNDPROC>(arg);
691   TCHAR class_name[1024];
692   if (!RealGetWindowClass(window, class_name,
693                           sizeof(class_name)/sizeof(TCHAR))) {
694     LOG(ERROR) << "RealGetWindowClass failure: " << GetLastError();
695     return FALSE;
696   }
697 
698   if (wcscmp(class_name, L"SWFlash_PlaceholderX"))
699     return TRUE;
700 
701   WNDPROC current_wnd_proc = reinterpret_cast<WNDPROC>(
702         GetWindowLongPtr(window, GWLP_WNDPROC));
703   if (current_wnd_proc != wnd_proc) {
704     WNDPROC old_flash_proc = reinterpret_cast<WNDPROC>(SetWindowLongPtr(
705         window, GWLP_WNDPROC,
706         reinterpret_cast<LONG_PTR>(wnd_proc)));
707     DCHECK(old_flash_proc);
708     g_window_handle_proc_map.Get()[window] = old_flash_proc;
709   }
710 
711   return TRUE;
712 }
713 
CreateDummyWindowForActivation()714 bool WebPluginDelegateImpl::CreateDummyWindowForActivation() {
715   DCHECK(!dummy_window_for_activation_);
716 
717   dummy_window_for_activation_ = CreateWindowEx(
718     0,
719     L"Static",
720     kDummyActivationWindowName,
721     WS_CHILD,
722     0,
723     0,
724     0,
725     0,
726     // We don't know the parent of the dummy window yet, so just set it to the
727     // desktop and it'll get parented by the browser.
728     GetDesktopWindow(),
729     0,
730     GetModuleHandle(NULL),
731     0);
732 
733   if (dummy_window_for_activation_ == 0)
734     return false;
735 
736   BOOL result = SetProp(dummy_window_for_activation_,
737                         kWebPluginDelegateProperty, this);
738   DCHECK(result == TRUE) << "SetProp failed, last error = " << GetLastError();
739   old_dummy_window_proc_ = reinterpret_cast<WNDPROC>(SetWindowLongPtr(
740       dummy_window_for_activation_, GWLP_WNDPROC,
741       reinterpret_cast<LONG_PTR>(DummyWindowProc)));
742 
743   // Flash creates background windows which use excessive CPU in our
744   // environment; we wrap these windows and throttle them so that they don't
745   // get out of hand.
746   if (!EnumThreadWindows(::GetCurrentThreadId(), EnumFlashWindows,
747       reinterpret_cast<LPARAM>(
748       &WebPluginDelegateImpl::FlashWindowlessWndProc))) {
749     // Log that this happened.  Flash will still work; it just means the
750     // throttle isn't installed (and Flash will use more CPU).
751     NOTREACHED();
752     LOG(ERROR) << "Failed to wrap all windowless Flash windows";
753   }
754   return true;
755 }
756 
WindowedReposition(const gfx::Rect & window_rect_in_dip,const gfx::Rect & clip_rect_in_dip)757 bool WebPluginDelegateImpl::WindowedReposition(
758     const gfx::Rect& window_rect_in_dip,
759     const gfx::Rect& clip_rect_in_dip) {
760   if (!windowed_handle_) {
761     NOTREACHED();
762     return false;
763   }
764 
765   gfx::Rect window_rect = gfx::win::DIPToScreenRect(window_rect_in_dip);
766   gfx::Rect clip_rect = gfx::win::DIPToScreenRect(clip_rect_in_dip);
767   if (window_rect_ == window_rect && clip_rect_ == clip_rect)
768     return false;
769 
770   // We only set the plugin's size here.  Its position is moved elsewhere, which
771   // allows the window moves/scrolling/clipping to be synchronized with the page
772   // and other windows.
773   // If the plugin window has no parent, then don't focus it because it isn't
774   // being displayed anywhere. See:
775   // http://code.google.com/p/chromium/issues/detail?id=32658
776   if (window_rect.size() != window_rect_.size()) {
777     UINT flags = SWP_NOMOVE | SWP_NOZORDER;
778     if (!GetParent(windowed_handle_))
779       flags |= SWP_NOACTIVATE;
780     ::SetWindowPos(windowed_handle_,
781                    NULL,
782                    0,
783                    0,
784                    window_rect.width(),
785                    window_rect.height(),
786                    flags);
787   }
788 
789   window_rect_ = window_rect;
790   clip_rect_ = clip_rect;
791 
792   // Ensure that the entire window gets repainted.
793   ::InvalidateRect(windowed_handle_, NULL, FALSE);
794 
795   return true;
796 }
797 
WindowedSetWindow()798 void WebPluginDelegateImpl::WindowedSetWindow() {
799   if (!instance_)
800     return;
801 
802   if (!windowed_handle_) {
803     NOTREACHED();
804     return;
805   }
806 
807   instance()->set_window_handle(windowed_handle_);
808 
809   DCHECK(!instance()->windowless());
810 
811   window_.clipRect.top = std::max(0, clip_rect_.y());
812   window_.clipRect.left = std::max(0, clip_rect_.x());
813   window_.clipRect.bottom = std::max(0, clip_rect_.y() + clip_rect_.height());
814   window_.clipRect.right = std::max(0, clip_rect_.x() + clip_rect_.width());
815   window_.height = window_rect_.height();
816   window_.width = window_rect_.width();
817   window_.x = 0;
818   window_.y = 0;
819 
820   window_.window = windowed_handle_;
821   window_.type = NPWindowTypeWindow;
822 
823   // Reset this flag before entering the instance in case of side-effects.
824   windowed_did_set_window_ = true;
825 
826   NPError err = instance()->NPP_SetWindow(&window_);
827   if (quirks_ & PLUGIN_QUIRK_SETWINDOW_TWICE)
828     instance()->NPP_SetWindow(&window_);
829 
830   WNDPROC current_wnd_proc = reinterpret_cast<WNDPROC>(
831         GetWindowLongPtr(windowed_handle_, GWLP_WNDPROC));
832   if (current_wnd_proc != NativeWndProc) {
833     plugin_wnd_proc_ = reinterpret_cast<WNDPROC>(
834         SetWindowLongPtr(windowed_handle_,
835                          GWLP_WNDPROC,
836                          reinterpret_cast<LONG_PTR>(NativeWndProc)));
837   }
838 }
839 
RegisterNativeWindowClass()840 ATOM WebPluginDelegateImpl::RegisterNativeWindowClass() {
841   static bool have_registered_window_class = false;
842   if (have_registered_window_class == true)
843     return true;
844 
845   have_registered_window_class = true;
846 
847   WNDCLASSEX wcex;
848   wcex.cbSize         = sizeof(WNDCLASSEX);
849   wcex.style          = CS_DBLCLKS;
850   wcex.lpfnWndProc    = WrapperWindowProc;
851   wcex.cbClsExtra     = 0;
852   wcex.cbWndExtra     = 0;
853   wcex.hInstance      = GetModuleHandle(NULL);
854   wcex.hIcon          = 0;
855   wcex.hCursor        = 0;
856   // Some plugins like windows media player 11 create child windows parented
857   // by our plugin window, where the media content is rendered. These plugins
858   // dont implement WM_ERASEBKGND, which causes painting issues, when the
859   // window where the media is rendered is moved around. DefWindowProc does
860   // implement WM_ERASEBKGND correctly if we have a valid background brush.
861   wcex.hbrBackground  = reinterpret_cast<HBRUSH>(COLOR_WINDOW+1);
862   wcex.lpszMenuName   = 0;
863   wcex.lpszClassName  = kNativeWindowClassName;
864   wcex.hIconSm        = 0;
865 
866   return RegisterClassEx(&wcex);
867 }
868 
WrapperWindowProc(HWND hWnd,UINT message,WPARAM wParam,LPARAM lParam)869 LRESULT CALLBACK WebPluginDelegateImpl::WrapperWindowProc(
870     HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) {
871   // This is another workaround for Issue 2673 in chromium "Flash: IME not
872   // available". Somehow, the CallWindowProc() function does not dispatch
873   // window messages when its first parameter is a handle representing the
874   // DefWindowProc() function. To avoid this problem, this code creates a
875   // wrapper function which just encapsulates the DefWindowProc() function
876   // and set it as the window procedure of a windowed plug-in.
877   return DefWindowProc(hWnd, message, wParam, lParam);
878 }
879 
880 // Returns true if the message passed in corresponds to a user gesture.
IsUserGestureMessage(unsigned int message)881 static bool IsUserGestureMessage(unsigned int message) {
882   switch (message) {
883     case WM_LBUTTONDOWN:
884     case WM_LBUTTONUP:
885     case WM_RBUTTONDOWN:
886     case WM_RBUTTONUP:
887     case WM_MBUTTONDOWN:
888     case WM_MBUTTONUP:
889     case WM_KEYDOWN:
890     case WM_KEYUP:
891       return true;
892 
893     default:
894       break;
895   }
896 
897   return false;
898 }
899 
NativeWndProc(HWND hwnd,UINT message,WPARAM wparam,LPARAM lparam)900 LRESULT CALLBACK WebPluginDelegateImpl::NativeWndProc(
901     HWND hwnd, UINT message, WPARAM wparam, LPARAM lparam) {
902   WebPluginDelegateImpl* delegate = reinterpret_cast<WebPluginDelegateImpl*>(
903       GetProp(hwnd, kWebPluginDelegateProperty));
904   if (!delegate) {
905     NOTREACHED();
906     return 0;
907   }
908 
909   if (message == delegate->last_message_ &&
910       delegate->GetQuirks() & PLUGIN_QUIRK_DONT_CALL_WND_PROC_RECURSIVELY &&
911       delegate->is_calling_wndproc) {
912     // Real may go into a state where it recursively dispatches the same event
913     // when subclassed.  See https://bugzilla.mozilla.org/show_bug.cgi?id=192914
914     // We only do the recursive check for Real because it's possible and valid
915     // for a plugin to synchronously dispatch a message to itself such that it
916     // looks like it's in recursion.
917     return TRUE;
918   }
919 
920   // Flash may flood the message queue with WM_USER+1 message causing 100% CPU
921   // usage.  See https://bugzilla.mozilla.org/show_bug.cgi?id=132759.  We
922   // prevent this by throttling the messages.
923   if (message == WM_USER + 1 &&
924       delegate->GetQuirks() & PLUGIN_QUIRK_THROTTLE_WM_USER_PLUS_ONE) {
925     WebPluginDelegateImpl::ThrottleMessage(delegate->plugin_wnd_proc_, hwnd,
926                                            message, wparam, lparam);
927     return FALSE;
928   }
929 
930   LRESULT result;
931   uint32 old_message = delegate->last_message_;
932   delegate->last_message_ = message;
933 
934   static UINT custom_msg = RegisterWindowMessage(kPaintMessageName);
935   if (message == custom_msg) {
936     // Get the invalid rect which is in screen coordinates and convert to
937     // window coordinates.
938     gfx::Rect invalid_rect;
939     invalid_rect.set_x(static_cast<short>(LOWORD(wparam)));
940     invalid_rect.set_y(static_cast<short>(HIWORD(wparam)));
941     invalid_rect.set_width(static_cast<short>(LOWORD(lparam)));
942     invalid_rect.set_height(static_cast<short>(HIWORD(lparam)));
943 
944     RECT window_rect;
945     GetWindowRect(hwnd, &window_rect);
946     invalid_rect.Offset(-window_rect.left, -window_rect.top);
947 
948     // The plugin window might have non-client area.   If we don't pass in
949     // RDW_FRAME then the children don't receive WM_NCPAINT messages while
950     // scrolling, which causes painting problems (http://b/issue?id=923945).
951     uint32 flags = RDW_INVALIDATE | RDW_ALLCHILDREN | RDW_FRAME;
952 
953     // If a plugin (like Google Earth or Java) has child windows that are hosted
954     // in a different process, then RedrawWindow with UPDATENOW will
955     // synchronously wait for this call to complete.  Some messages are pumped
956     // but not others, which could lead to a deadlock.  So avoid reentrancy by
957     // only synchronously calling RedrawWindow once at a time.
958     if (old_message != custom_msg)
959       flags |= RDW_UPDATENOW;
960     RECT rect = invalid_rect.ToRECT();
961     RedrawWindow(hwnd, &rect, NULL, flags);
962     result = FALSE;
963   } else {
964     delegate->is_calling_wndproc = true;
965 
966     if (!delegate->user_gesture_message_posted_ &&
967         IsUserGestureMessage(message)) {
968       delegate->user_gesture_message_posted_ = true;
969 
970       delegate->instance()->PushPopupsEnabledState(true);
971 
972       base::MessageLoop::current()->PostDelayedTask(
973           FROM_HERE,
974           base::Bind(&WebPluginDelegateImpl::OnUserGestureEnd,
975                      delegate->user_gesture_msg_factory_.GetWeakPtr()),
976           base::TimeDelta::FromMilliseconds(kWindowedPluginPopupTimerMs));
977     }
978 
979     HandleCaptureForMessage(hwnd, message);
980 
981     // Maintain a local/global stack for the g_current_plugin_instance variable
982     // as this may be a nested invocation.
983     WebPluginDelegateImpl* last_plugin_instance = g_current_plugin_instance;
984 
985     g_current_plugin_instance = delegate;
986 
987     result = CallWindowProc(
988         delegate->plugin_wnd_proc_, hwnd, message, wparam, lparam);
989 
990     // The plugin instance may have been destroyed in the CallWindowProc call
991     // above. This will also destroy the plugin window. Before attempting to
992     // access the WebPluginDelegateImpl instance we validate if the window is
993     // still valid.
994     if (::IsWindow(hwnd))
995       delegate->is_calling_wndproc = false;
996 
997     g_current_plugin_instance = last_plugin_instance;
998 
999     if (message == WM_NCDESTROY) {
1000       RemoveProp(hwnd, kWebPluginDelegateProperty);
1001       ClearThrottleQueueForWindow(hwnd);
1002     }
1003   }
1004   if (::IsWindow(hwnd))
1005     delegate->last_message_ = old_message;
1006   return result;
1007 }
1008 
WindowlessUpdateGeometry(const gfx::Rect & window_rect,const gfx::Rect & clip_rect)1009 void WebPluginDelegateImpl::WindowlessUpdateGeometry(
1010     const gfx::Rect& window_rect,
1011     const gfx::Rect& clip_rect) {
1012   bool window_rect_changed = (window_rect_ != window_rect);
1013   // Only resend to the instance if the geometry has changed.
1014   if (!window_rect_changed && clip_rect == clip_rect_)
1015     return;
1016 
1017   clip_rect_ = clip_rect;
1018   window_rect_ = window_rect;
1019 
1020   WindowlessSetWindow();
1021 
1022   if (window_rect_changed) {
1023     WINDOWPOS win_pos = {0};
1024     win_pos.x = window_rect_.x();
1025     win_pos.y = window_rect_.y();
1026     win_pos.cx = window_rect_.width();
1027     win_pos.cy = window_rect_.height();
1028 
1029     NPEvent pos_changed_event;
1030     pos_changed_event.event = WM_WINDOWPOSCHANGED;
1031     pos_changed_event.wParam = 0;
1032     pos_changed_event.lParam = reinterpret_cast<uintptr_t>(&win_pos);
1033 
1034     instance()->NPP_HandleEvent(&pos_changed_event);
1035   }
1036 }
1037 
WindowlessPaint(HDC hdc,const gfx::Rect & damage_rect)1038 void WebPluginDelegateImpl::WindowlessPaint(HDC hdc,
1039                                             const gfx::Rect& damage_rect) {
1040   DCHECK(hdc);
1041 
1042   RECT damage_rect_win;
1043   damage_rect_win.left   = damage_rect.x();  // + window_rect_.x();
1044   damage_rect_win.top    = damage_rect.y();  // + window_rect_.y();
1045   damage_rect_win.right  = damage_rect_win.left + damage_rect.width();
1046   damage_rect_win.bottom = damage_rect_win.top + damage_rect.height();
1047 
1048   // Save away the old HDC as this could be a nested invocation.
1049   void* old_dc = window_.window;
1050   window_.window = hdc;
1051 
1052   NPEvent paint_event;
1053   paint_event.event = WM_PAINT;
1054   paint_event.wParam = PtrToUlong(hdc);
1055   paint_event.lParam = reinterpret_cast<uintptr_t>(&damage_rect_win);
1056   base::StatsRate plugin_paint("Plugin.Paint");
1057   base::StatsScope<base::StatsRate> scope(plugin_paint);
1058   instance()->NPP_HandleEvent(&paint_event);
1059   window_.window = old_dc;
1060 }
1061 
WindowlessSetWindow()1062 void WebPluginDelegateImpl::WindowlessSetWindow() {
1063   if (!instance())
1064     return;
1065 
1066   if (window_rect_.IsEmpty())  // wait for geometry to be set.
1067     return;
1068 
1069   DCHECK(instance()->windowless());
1070 
1071   window_.clipRect.top = clip_rect_.y();
1072   window_.clipRect.left = clip_rect_.x();
1073   window_.clipRect.bottom = clip_rect_.y() + clip_rect_.height();
1074   window_.clipRect.right = clip_rect_.x() + clip_rect_.width();
1075   window_.height = window_rect_.height();
1076   window_.width = window_rect_.width();
1077   window_.x = window_rect_.x();
1078   window_.y = window_rect_.y();
1079   window_.type = NPWindowTypeDrawable;
1080   DrawableContextEnforcer enforcer(&window_);
1081 
1082   NPError err = instance()->NPP_SetWindow(&window_);
1083   DCHECK(err == NPERR_NO_ERROR);
1084 }
1085 
PlatformSetPluginHasFocus(bool focused)1086 bool WebPluginDelegateImpl::PlatformSetPluginHasFocus(bool focused) {
1087   DCHECK(instance()->windowless());
1088 
1089   NPEvent focus_event;
1090   focus_event.event = focused ? WM_SETFOCUS : WM_KILLFOCUS;
1091   focus_event.wParam = 0;
1092   focus_event.lParam = 0;
1093 
1094   instance()->NPP_HandleEvent(&focus_event);
1095   return true;
1096 }
1097 
NPEventFromWebMouseEvent(const WebMouseEvent & event,NPEvent * np_event)1098 static bool NPEventFromWebMouseEvent(const WebMouseEvent& event,
1099                                      NPEvent* np_event) {
1100   np_event->lParam = static_cast<uint32>(MAKELPARAM(event.windowX,
1101                                                    event.windowY));
1102   np_event->wParam = 0;
1103 
1104   if (event.modifiers & WebInputEvent::ControlKey)
1105     np_event->wParam |= MK_CONTROL;
1106   if (event.modifiers & WebInputEvent::ShiftKey)
1107     np_event->wParam |= MK_SHIFT;
1108   if (event.modifiers & WebInputEvent::LeftButtonDown)
1109     np_event->wParam |= MK_LBUTTON;
1110   if (event.modifiers & WebInputEvent::MiddleButtonDown)
1111     np_event->wParam |= MK_MBUTTON;
1112   if (event.modifiers & WebInputEvent::RightButtonDown)
1113     np_event->wParam |= MK_RBUTTON;
1114 
1115   switch (event.type) {
1116     case WebInputEvent::MouseMove:
1117     case WebInputEvent::MouseLeave:
1118     case WebInputEvent::MouseEnter:
1119       np_event->event = WM_MOUSEMOVE;
1120       return true;
1121     case WebInputEvent::MouseDown:
1122       switch (event.button) {
1123         case WebMouseEvent::ButtonLeft:
1124           np_event->event = WM_LBUTTONDOWN;
1125           break;
1126         case WebMouseEvent::ButtonMiddle:
1127           np_event->event = WM_MBUTTONDOWN;
1128           break;
1129         case WebMouseEvent::ButtonRight:
1130           np_event->event = WM_RBUTTONDOWN;
1131           break;
1132       }
1133       return true;
1134     case WebInputEvent::MouseUp:
1135       switch (event.button) {
1136         case WebMouseEvent::ButtonLeft:
1137           np_event->event = WM_LBUTTONUP;
1138           break;
1139         case WebMouseEvent::ButtonMiddle:
1140           np_event->event = WM_MBUTTONUP;
1141           break;
1142         case WebMouseEvent::ButtonRight:
1143           np_event->event = WM_RBUTTONUP;
1144           break;
1145       }
1146       return true;
1147     default:
1148       NOTREACHED();
1149       return false;
1150   }
1151 }
1152 
NPEventFromWebKeyboardEvent(const WebKeyboardEvent & event,NPEvent * np_event)1153 static bool NPEventFromWebKeyboardEvent(const WebKeyboardEvent& event,
1154                                         NPEvent* np_event) {
1155   np_event->wParam = event.windowsKeyCode;
1156 
1157   switch (event.type) {
1158     case WebInputEvent::KeyDown:
1159       np_event->event = WM_KEYDOWN;
1160       np_event->lParam = 0;
1161       return true;
1162     case WebInputEvent::Char:
1163       np_event->event = WM_CHAR;
1164       np_event->lParam = 0;
1165       return true;
1166     case WebInputEvent::KeyUp:
1167       np_event->event = WM_KEYUP;
1168       np_event->lParam = 0x8000;
1169       return true;
1170     default:
1171       NOTREACHED();
1172       return false;
1173   }
1174 }
1175 
NPEventFromWebInputEvent(const WebInputEvent & event,NPEvent * np_event)1176 static bool NPEventFromWebInputEvent(const WebInputEvent& event,
1177                                      NPEvent* np_event) {
1178   switch (event.type) {
1179     case WebInputEvent::MouseMove:
1180     case WebInputEvent::MouseLeave:
1181     case WebInputEvent::MouseEnter:
1182     case WebInputEvent::MouseDown:
1183     case WebInputEvent::MouseUp:
1184       if (event.size < sizeof(WebMouseEvent)) {
1185         NOTREACHED();
1186         return false;
1187       }
1188       return NPEventFromWebMouseEvent(
1189           *static_cast<const WebMouseEvent*>(&event), np_event);
1190     case WebInputEvent::KeyDown:
1191     case WebInputEvent::Char:
1192     case WebInputEvent::KeyUp:
1193       if (event.size < sizeof(WebKeyboardEvent)) {
1194         NOTREACHED();
1195         return false;
1196       }
1197       return NPEventFromWebKeyboardEvent(
1198           *static_cast<const WebKeyboardEvent*>(&event), np_event);
1199     default:
1200       return false;
1201   }
1202 }
1203 
PlatformHandleInputEvent(const WebInputEvent & event,WebCursor::CursorInfo * cursor_info)1204 bool WebPluginDelegateImpl::PlatformHandleInputEvent(
1205     const WebInputEvent& event, WebCursor::CursorInfo* cursor_info) {
1206   DCHECK(cursor_info != NULL);
1207 
1208   NPEvent np_event;
1209   if (!NPEventFromWebInputEvent(event, &np_event)) {
1210     return false;
1211   }
1212 
1213   // Allow this plug-in to access this IME emulator through IMM32 API while the
1214   // plug-in is processing this event.
1215   if (GetQuirks() & PLUGIN_QUIRK_EMULATE_IME) {
1216     if (!plugin_ime_)
1217       plugin_ime_.reset(new WebPluginIMEWin);
1218   }
1219   WebPluginIMEWin::ScopedLock lock(
1220       event.isKeyboardEventType(event.type) ? plugin_ime_.get() : NULL);
1221 
1222   HWND last_focus_window = NULL;
1223 
1224   if (ShouldTrackEventForModalLoops(&np_event)) {
1225     // A windowless plugin can enter a modal loop in a NPP_HandleEvent call.
1226     // For e.g. Flash puts up a context menu when we right click on the
1227     // windowless plugin area. We detect this by setting up a message filter
1228     // hook pror to calling NPP_HandleEvent on the plugin and unhook on
1229     // return from NPP_HandleEvent. If the plugin does enter a modal loop
1230     // in that context we unhook on receiving the first notification in
1231     // the message filter hook.
1232     handle_event_message_filter_hook_ =
1233         SetWindowsHookEx(WH_MSGFILTER, HandleEventMessageFilterHook, NULL,
1234                          GetCurrentThreadId());
1235     // To ensure that the plugin receives keyboard events we set focus to the
1236     // dummy window.
1237     // TODO(iyengar) We need a framework in the renderer to identify which
1238     // windowless plugin is under the mouse and to handle this. This would
1239     // also require some changes in RenderWidgetHost to detect this in the
1240     // WM_MOUSEACTIVATE handler and inform the renderer accordingly.
1241     bool valid = GetParent(dummy_window_for_activation_) != GetDesktopWindow();
1242     if (valid) {
1243       last_focus_window = ::SetFocus(dummy_window_for_activation_);
1244     } else {
1245       NOTREACHED() << "Dummy window not parented";
1246     }
1247   }
1248 
1249   bool old_task_reentrancy_state =
1250       base::MessageLoop::current()->NestableTasksAllowed();
1251 
1252   // Maintain a local/global stack for the g_current_plugin_instance variable
1253   // as this may be a nested invocation.
1254   WebPluginDelegateImpl* last_plugin_instance = g_current_plugin_instance;
1255 
1256   g_current_plugin_instance = this;
1257 
1258   handle_event_depth_++;
1259 
1260   bool popups_enabled = false;
1261 
1262   if (IsUserGestureMessage(np_event.event)) {
1263     instance()->PushPopupsEnabledState(true);
1264     popups_enabled = true;
1265   }
1266 
1267   bool ret = instance()->NPP_HandleEvent(&np_event) != 0;
1268 
1269   if (popups_enabled) {
1270     instance()->PopPopupsEnabledState();
1271   }
1272 
1273   // Flash and SilverLight always return false, even when they swallow the
1274   // event.  Flash does this because it passes the event to its window proc,
1275   // which is supposed to return 0 if an event was handled.  There are few
1276   // exceptions, such as IME, where it sometimes returns true.
1277   ret = true;
1278 
1279   if (np_event.event == WM_MOUSEMOVE) {
1280     current_windowless_cursor_.InitFromExternalCursor(GetCursor());
1281     // Snag a reference to the current cursor ASAP in case the plugin modified
1282     // it. There is a nasty race condition here with the multiprocess browser
1283     // as someone might be setting the cursor in the main process as well.
1284     current_windowless_cursor_.GetCursorInfo(cursor_info);
1285   }
1286 
1287   handle_event_depth_--;
1288 
1289   g_current_plugin_instance = last_plugin_instance;
1290 
1291   // We could have multiple NPP_HandleEvent calls nested together in case
1292   // the plugin enters a modal loop. Reset the pump messages event when
1293   // the outermost NPP_HandleEvent call unwinds.
1294   if (handle_event_depth_ == 0) {
1295     ResetEvent(handle_event_pump_messages_event_);
1296   }
1297 
1298   // If we didn't enter a modal loop, need to unhook the filter.
1299   if (handle_event_message_filter_hook_) {
1300     UnhookWindowsHookEx(handle_event_message_filter_hook_);
1301     handle_event_message_filter_hook_ = NULL;
1302   }
1303 
1304   if (::IsWindow(last_focus_window)) {
1305     // Restore the nestable tasks allowed state in the message loop and reset
1306     // the os modal loop state as the plugin returned from the TrackPopupMenu
1307     // API call.
1308     base::MessageLoop::current()->SetNestableTasksAllowed(
1309         old_task_reentrancy_state);
1310     base::MessageLoop::current()->set_os_modal_loop(false);
1311     // The Flash plugin at times sets focus to its hidden top level window
1312     // with class name SWFlash_PlaceholderX. This causes the chrome browser
1313     // window to receive a WM_ACTIVATEAPP message as a top level window from
1314     // another thread is now active. We end up in a state where the chrome
1315     // browser window is not active even though the user clicked on it.
1316     // Our workaround for this is to send over a raw
1317     // WM_LBUTTONDOWN/WM_LBUTTONUP combination to the last focus window, which
1318     // does the trick.
1319     if (dummy_window_for_activation_ != ::GetFocus()) {
1320       INPUT input_info = {0};
1321       input_info.type = INPUT_MOUSE;
1322       input_info.mi.dwFlags = MOUSEEVENTF_LEFTDOWN;
1323       ::SendInput(1, &input_info, sizeof(INPUT));
1324 
1325       input_info.type = INPUT_MOUSE;
1326       input_info.mi.dwFlags = MOUSEEVENTF_LEFTUP;
1327       ::SendInput(1, &input_info, sizeof(INPUT));
1328     } else {
1329       ::SetFocus(last_focus_window);
1330     }
1331   }
1332   return ret;
1333 }
1334 
1335 
OnModalLoopEntered()1336 void WebPluginDelegateImpl::OnModalLoopEntered() {
1337   DCHECK(handle_event_pump_messages_event_ != NULL);
1338   SetEvent(handle_event_pump_messages_event_);
1339 
1340   base::MessageLoop::current()->SetNestableTasksAllowed(true);
1341   base::MessageLoop::current()->set_os_modal_loop(true);
1342 
1343   UnhookWindowsHookEx(handle_event_message_filter_hook_);
1344   handle_event_message_filter_hook_ = NULL;
1345 }
1346 
ShouldTrackEventForModalLoops(NPEvent * event)1347 bool WebPluginDelegateImpl::ShouldTrackEventForModalLoops(NPEvent* event) {
1348   if (event->event == WM_RBUTTONDOWN)
1349     return true;
1350   return false;
1351 }
1352 
OnUserGestureEnd()1353 void WebPluginDelegateImpl::OnUserGestureEnd() {
1354   user_gesture_message_posted_ = false;
1355   instance()->PopPopupsEnabledState();
1356 }
1357 
TrackPopupMenuPatch(HMENU menu,unsigned int flags,int x,int y,int reserved,HWND window,const RECT * rect)1358 BOOL WINAPI WebPluginDelegateImpl::TrackPopupMenuPatch(
1359     HMENU menu, unsigned int flags, int x, int y, int reserved,
1360     HWND window, const RECT* rect) {
1361 
1362   if (g_current_plugin_instance) {
1363     unsigned long window_process_id = 0;
1364     unsigned long window_thread_id =
1365         GetWindowThreadProcessId(window, &window_process_id);
1366     // TrackPopupMenu fails if the window passed in belongs to a different
1367     // thread.
1368     if (::GetCurrentThreadId() != window_thread_id) {
1369       bool valid =
1370           GetParent(g_current_plugin_instance->dummy_window_for_activation_) !=
1371               GetDesktopWindow();
1372       if (valid) {
1373         window = g_current_plugin_instance->dummy_window_for_activation_;
1374       } else {
1375         NOTREACHED() << "Dummy window not parented";
1376       }
1377     }
1378   }
1379 
1380   BOOL result = TrackPopupMenu(menu, flags, x, y, reserved, window, rect);
1381   return result;
1382 }
1383 
SetCursorPatch(HCURSOR cursor)1384 HCURSOR WINAPI WebPluginDelegateImpl::SetCursorPatch(HCURSOR cursor) {
1385   // The windowless flash plugin periodically calls SetCursor in a wndproc
1386   // instantiated on the plugin thread. This causes annoying cursor flicker
1387   // when the mouse is moved on a foreground tab, with a windowless plugin
1388   // instance in a background tab. We just ignore the call here.
1389   if (!g_current_plugin_instance) {
1390     HCURSOR current_cursor = GetCursor();
1391     if (current_cursor != cursor) {
1392       ::SetCursor(cursor);
1393     }
1394     return current_cursor;
1395   }
1396   return ::SetCursor(cursor);
1397 }
1398 
RegEnumKeyExWPatch(HKEY key,DWORD index,LPWSTR name,LPDWORD name_size,LPDWORD reserved,LPWSTR class_name,LPDWORD class_size,PFILETIME last_write_time)1399 LONG WINAPI WebPluginDelegateImpl::RegEnumKeyExWPatch(
1400     HKEY key, DWORD index, LPWSTR name, LPDWORD name_size, LPDWORD reserved,
1401     LPWSTR class_name, LPDWORD class_size, PFILETIME last_write_time) {
1402   DWORD orig_size = *name_size;
1403   LONG rv = RegEnumKeyExW(key, index, name, name_size, reserved, class_name,
1404                           class_size, last_write_time);
1405   if (rv == ERROR_SUCCESS &&
1406       GetKeyPath(key).find(L"Microsoft\\MediaPlayer\\ShimInclusionList") !=
1407           std::wstring::npos) {
1408     static const wchar_t kChromeExeName[] = L"chrome.exe";
1409     wcsncpy_s(name, orig_size, kChromeExeName, arraysize(kChromeExeName));
1410     *name_size =
1411         std::min(orig_size, static_cast<DWORD>(arraysize(kChromeExeName)));
1412   }
1413 
1414   return rv;
1415 }
1416 
ImeCompositionUpdated(const base::string16 & text,const std::vector<int> & clauses,const std::vector<int> & target,int cursor_position)1417 void WebPluginDelegateImpl::ImeCompositionUpdated(
1418     const base::string16& text,
1419     const std::vector<int>& clauses,
1420     const std::vector<int>& target,
1421     int cursor_position) {
1422   if (!plugin_ime_)
1423     plugin_ime_.reset(new WebPluginIMEWin);
1424 
1425   plugin_ime_->CompositionUpdated(text, clauses, target, cursor_position);
1426   plugin_ime_->SendEvents(instance());
1427 }
1428 
ImeCompositionCompleted(const base::string16 & text)1429 void WebPluginDelegateImpl::ImeCompositionCompleted(
1430     const base::string16& text) {
1431   if (!plugin_ime_)
1432     plugin_ime_.reset(new WebPluginIMEWin);
1433   plugin_ime_->CompositionCompleted(text);
1434   plugin_ime_->SendEvents(instance());
1435 }
1436 
GetIMEStatus(int * input_type,gfx::Rect * caret_rect)1437 bool WebPluginDelegateImpl::GetIMEStatus(int* input_type,
1438                                          gfx::Rect* caret_rect) {
1439   if (!plugin_ime_)
1440     return false;
1441   return plugin_ime_->GetStatus(input_type, caret_rect);
1442 }
1443 
1444 // static
GetProcAddressPatch(HMODULE module,LPCSTR name)1445 FARPROC WINAPI WebPluginDelegateImpl::GetProcAddressPatch(HMODULE module,
1446                                                           LPCSTR name) {
1447   FARPROC imm_function = WebPluginIMEWin::GetProcAddress(name);
1448   if (imm_function)
1449     return imm_function;
1450   return ::GetProcAddress(module, name);
1451 }
1452 
WindowFromPointPatch(POINT point)1453 HWND WINAPI WebPluginDelegateImpl::WindowFromPointPatch(POINT point) {
1454   HWND window = WindowFromPoint(point);
1455   if (::ScreenToClient(window, &point)) {
1456     HWND child = ChildWindowFromPoint(window, point);
1457     if (::IsWindow(child) &&
1458         ::GetProp(child, content::kPluginDummyParentProperty))
1459       return child;
1460   }
1461   return window;
1462 }
1463 
HandleCaptureForMessage(HWND window,UINT message)1464 void WebPluginDelegateImpl::HandleCaptureForMessage(HWND window,
1465                                                     UINT message) {
1466   if (gfx::GetClassName(window) != base::string16(kNativeWindowClassName))
1467     return;
1468 
1469   switch (message) {
1470     case WM_LBUTTONDOWN:
1471     case WM_MBUTTONDOWN:
1472     case WM_RBUTTONDOWN:
1473       ::SetCapture(window);
1474       // As per documentation the WM_PARENTNOTIFY message is sent to the parent
1475       // window chain if mouse input is received by the child window. However
1476       // the parent receives the WM_PARENTNOTIFY message only if we doubleclick
1477       // on the window. We send the WM_PARENTNOTIFY message for mouse input
1478       // messages to the parent to indicate that user action is expected.
1479       ::SendMessage(::GetParent(window), WM_PARENTNOTIFY, message, 0);
1480       break;
1481 
1482     case WM_LBUTTONUP:
1483     case WM_MBUTTONUP:
1484     case WM_RBUTTONUP:
1485       ::ReleaseCapture();
1486       break;
1487 
1488     default:
1489       break;
1490   }
1491 }
1492 
1493 }  // namespace content
1494