1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights reserved.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
5 * Copyright (C) 2009 Adam Barth. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "config.h"
33 #include "core/loader/NavigationScheduler.h"
34
35 #include "bindings/core/v8/ScriptController.h"
36 #include "core/events/Event.h"
37 #include "core/fetch/ResourceLoaderOptions.h"
38 #include "core/frame/LocalFrame.h"
39 #include "core/frame/csp/ContentSecurityPolicy.h"
40 #include "core/html/HTMLFormElement.h"
41 #include "core/inspector/InspectorInstrumentation.h"
42 #include "core/loader/DocumentLoader.h"
43 #include "core/loader/FormState.h"
44 #include "core/loader/FormSubmission.h"
45 #include "core/loader/FrameLoadRequest.h"
46 #include "core/loader/FrameLoader.h"
47 #include "core/loader/FrameLoaderClient.h"
48 #include "core/loader/FrameLoaderStateMachine.h"
49 #include "core/page/BackForwardClient.h"
50 #include "core/page/Page.h"
51 #include "platform/SharedBuffer.h"
52 #include "platform/UserGestureIndicator.h"
53 #include "wtf/CurrentTime.h"
54
55 namespace blink {
56
57 unsigned NavigationDisablerForBeforeUnload::s_navigationDisableCount = 0;
58
59 class ScheduledNavigation {
60 WTF_MAKE_NONCOPYABLE(ScheduledNavigation); WTF_MAKE_FAST_ALLOCATED;
61 public:
ScheduledNavigation(double delay,bool lockBackForwardList,bool isLocationChange)62 ScheduledNavigation(double delay, bool lockBackForwardList, bool isLocationChange)
63 : m_delay(delay)
64 , m_lockBackForwardList(lockBackForwardList)
65 , m_isLocationChange(isLocationChange)
66 , m_wasUserGesture(UserGestureIndicator::processingUserGesture())
67 {
68 if (m_wasUserGesture)
69 m_userGestureToken = UserGestureIndicator::currentToken();
70 }
~ScheduledNavigation()71 virtual ~ScheduledNavigation() { }
72
73 virtual void fire(LocalFrame*) = 0;
74
shouldStartTimer(LocalFrame *)75 virtual bool shouldStartTimer(LocalFrame*) { return true; }
76
delay() const77 double delay() const { return m_delay; }
lockBackForwardList() const78 bool lockBackForwardList() const { return m_lockBackForwardList; }
isLocationChange() const79 bool isLocationChange() const { return m_isLocationChange; }
createUserGestureIndicator()80 PassOwnPtr<UserGestureIndicator> createUserGestureIndicator()
81 {
82 if (m_wasUserGesture && m_userGestureToken)
83 return adoptPtr(new UserGestureIndicator(m_userGestureToken));
84 return adoptPtr(new UserGestureIndicator(DefinitelyNotProcessingUserGesture));
85 }
86
87 protected:
clearUserGesture()88 void clearUserGesture() { m_wasUserGesture = false; }
89
90 private:
91 double m_delay;
92 bool m_lockBackForwardList;
93 bool m_isLocationChange;
94 bool m_wasUserGesture;
95 RefPtr<UserGestureToken> m_userGestureToken;
96 };
97
98 class ScheduledURLNavigation : public ScheduledNavigation {
99 protected:
ScheduledURLNavigation(double delay,Document * originDocument,const String & url,const Referrer & referrer,bool lockBackForwardList,bool isLocationChange)100 ScheduledURLNavigation(double delay, Document* originDocument, const String& url, const Referrer& referrer, bool lockBackForwardList, bool isLocationChange)
101 : ScheduledNavigation(delay, lockBackForwardList, isLocationChange)
102 , m_originDocument(originDocument)
103 , m_url(url)
104 , m_referrer(referrer)
105 , m_shouldCheckMainWorldContentSecurityPolicy(CheckContentSecurityPolicy)
106 {
107 if (ContentSecurityPolicy::shouldBypassMainWorld(originDocument))
108 m_shouldCheckMainWorldContentSecurityPolicy = DoNotCheckContentSecurityPolicy;
109 }
110
fire(LocalFrame * frame)111 virtual void fire(LocalFrame* frame) OVERRIDE
112 {
113 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
114 FrameLoadRequest request(m_originDocument.get(), ResourceRequest(KURL(ParsedURLString, m_url), m_referrer), "_self", m_shouldCheckMainWorldContentSecurityPolicy);
115 request.setLockBackForwardList(lockBackForwardList());
116 request.setClientRedirect(ClientRedirect);
117 frame->loader().load(request);
118 }
119
originDocument() const120 Document* originDocument() const { return m_originDocument.get(); }
url() const121 String url() const { return m_url; }
referrer() const122 const Referrer& referrer() const { return m_referrer; }
123
124 private:
125 RefPtrWillBePersistent<Document> m_originDocument;
126 String m_url;
127 Referrer m_referrer;
128 ContentSecurityPolicyCheck m_shouldCheckMainWorldContentSecurityPolicy;
129 };
130
131 class ScheduledRedirect FINAL : public ScheduledURLNavigation {
132 public:
ScheduledRedirect(double delay,Document * originDocument,const String & url,bool lockBackForwardList)133 ScheduledRedirect(double delay, Document* originDocument, const String& url, bool lockBackForwardList)
134 : ScheduledURLNavigation(delay, originDocument, url, Referrer(), lockBackForwardList, false)
135 {
136 clearUserGesture();
137 }
138
shouldStartTimer(LocalFrame * frame)139 virtual bool shouldStartTimer(LocalFrame* frame) OVERRIDE { return frame->loader().allAncestorsAreComplete(); }
140
fire(LocalFrame * frame)141 virtual void fire(LocalFrame* frame) OVERRIDE
142 {
143 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
144 FrameLoadRequest request(originDocument(), ResourceRequest(KURL(ParsedURLString, url()), referrer()), "_self");
145 request.setLockBackForwardList(lockBackForwardList());
146 if (equalIgnoringFragmentIdentifier(frame->document()->url(), request.resourceRequest().url()))
147 request.resourceRequest().setCachePolicy(ReloadIgnoringCacheData);
148 request.setClientRedirect(ClientRedirect);
149 frame->loader().load(request);
150 }
151 };
152
153 class ScheduledLocationChange FINAL : public ScheduledURLNavigation {
154 public:
ScheduledLocationChange(Document * originDocument,const String & url,const Referrer & referrer,bool lockBackForwardList)155 ScheduledLocationChange(Document* originDocument, const String& url, const Referrer& referrer, bool lockBackForwardList)
156 : ScheduledURLNavigation(0.0, originDocument, url, referrer, lockBackForwardList, true) { }
157 };
158
159 class ScheduledReload FINAL : public ScheduledNavigation {
160 public:
ScheduledReload()161 ScheduledReload()
162 : ScheduledNavigation(0.0, true, true)
163 {
164 }
165
fire(LocalFrame * frame)166 virtual void fire(LocalFrame* frame) OVERRIDE
167 {
168 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
169 frame->loader().reload(NormalReload, KURL(), nullAtom, ClientRedirect);
170 }
171 };
172
173 class ScheduledPageBlock FINAL : public ScheduledURLNavigation {
174 public:
ScheduledPageBlock(Document * originDocument,const String & url,const Referrer & referrer)175 ScheduledPageBlock(Document* originDocument, const String& url, const Referrer& referrer)
176 : ScheduledURLNavigation(0.0, originDocument, url, referrer, true, true)
177 {
178 }
179
fire(LocalFrame * frame)180 virtual void fire(LocalFrame* frame) OVERRIDE
181 {
182 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
183 SubstituteData substituteData(SharedBuffer::create(), "text/plain", "UTF-8", KURL(), ForceSynchronousLoad);
184 FrameLoadRequest request(originDocument(), ResourceRequest(KURL(ParsedURLString, url()), referrer(), ReloadIgnoringCacheData), substituteData);
185 request.setLockBackForwardList(true);
186 request.setClientRedirect(ClientRedirect);
187 frame->loader().load(request);
188 }
189 };
190
191 class ScheduledHistoryNavigation FINAL : public ScheduledNavigation {
192 public:
ScheduledHistoryNavigation(int historySteps)193 explicit ScheduledHistoryNavigation(int historySteps)
194 : ScheduledNavigation(0, false, true)
195 , m_historySteps(historySteps)
196 {
197 }
198
fire(LocalFrame * frame)199 virtual void fire(LocalFrame* frame) OVERRIDE
200 {
201 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
202 // go(i!=0) from a frame navigates into the history of the frame only,
203 // in both IE and NS (but not in Mozilla). We can't easily do that.
204 frame->page()->deprecatedLocalMainFrame()->loader().client()->navigateBackForward(m_historySteps);
205 }
206
207 private:
208 int m_historySteps;
209 };
210
211 class ScheduledFormSubmission FINAL : public ScheduledNavigation {
212 public:
ScheduledFormSubmission(PassRefPtrWillBeRawPtr<FormSubmission> submission,bool lockBackForwardList)213 ScheduledFormSubmission(PassRefPtrWillBeRawPtr<FormSubmission> submission, bool lockBackForwardList)
214 : ScheduledNavigation(0, lockBackForwardList, true)
215 , m_submission(submission)
216 {
217 ASSERT(m_submission->state());
218 }
219
fire(LocalFrame * frame)220 virtual void fire(LocalFrame* frame) OVERRIDE
221 {
222 OwnPtr<UserGestureIndicator> gestureIndicator = createUserGestureIndicator();
223 FrameLoadRequest frameRequest(m_submission->state()->sourceDocument());
224 m_submission->populateFrameLoadRequest(frameRequest);
225 frameRequest.setLockBackForwardList(lockBackForwardList());
226 frameRequest.setTriggeringEvent(m_submission->event());
227 frameRequest.setFormState(m_submission->state());
228 frame->loader().load(frameRequest);
229 }
230
231 private:
232 RefPtrWillBePersistent<FormSubmission> m_submission;
233 };
234
NavigationScheduler(LocalFrame * frame)235 NavigationScheduler::NavigationScheduler(LocalFrame* frame)
236 : m_frame(frame)
237 , m_timer(this, &NavigationScheduler::timerFired)
238 {
239 }
240
~NavigationScheduler()241 NavigationScheduler::~NavigationScheduler()
242 {
243 }
244
locationChangePending()245 bool NavigationScheduler::locationChangePending()
246 {
247 return m_redirect && m_redirect->isLocationChange();
248 }
249
shouldScheduleNavigation() const250 inline bool NavigationScheduler::shouldScheduleNavigation() const
251 {
252 return m_frame->page();
253 }
254
shouldScheduleNavigation(const String & url) const255 inline bool NavigationScheduler::shouldScheduleNavigation(const String& url) const
256 {
257 return shouldScheduleNavigation() && (protocolIsJavaScript(url) || NavigationDisablerForBeforeUnload::isNavigationAllowed());
258 }
259
scheduleRedirect(double delay,const String & url)260 void NavigationScheduler::scheduleRedirect(double delay, const String& url)
261 {
262 if (!shouldScheduleNavigation(url))
263 return;
264 if (delay < 0 || delay > INT_MAX / 1000)
265 return;
266 if (url.isEmpty())
267 return;
268
269 // We want a new back/forward list item if the refresh timeout is > 1 second.
270 if (!m_redirect || delay <= m_redirect->delay())
271 schedule(adoptPtr(new ScheduledRedirect(delay, m_frame->document(), url, delay <= 1)));
272 }
273
mustLockBackForwardList(LocalFrame * targetFrame)274 bool NavigationScheduler::mustLockBackForwardList(LocalFrame* targetFrame)
275 {
276 // Non-user navigation before the page has finished firing onload should not create a new back/forward item.
277 // See https://webkit.org/b/42861 for the original motivation for this.
278 if (!UserGestureIndicator::processingUserGesture() && !targetFrame->document()->loadEventFinished())
279 return true;
280
281 // From the HTML5 spec for location.assign():
282 // "If the browsing context's session history contains only one Document,
283 // and that was the about:blank Document created when the browsing context
284 // was created, then the navigation must be done with replacement enabled."
285 if (!targetFrame->loader().stateMachine()->committedMultipleRealLoads()
286 && equalIgnoringCase(targetFrame->document()->url(), blankURL()))
287 return true;
288
289 // Navigation of a subframe during loading of an ancestor frame does not create a new back/forward item.
290 // The definition of "during load" is any time before all handlers for the load event have been run.
291 // See https://bugs.webkit.org/show_bug.cgi?id=14957 for the original motivation for this.
292 Frame* parentFrame = targetFrame->tree().parent();
293 return parentFrame && parentFrame->isLocalFrame() && !toLocalFrame(parentFrame)->loader().allAncestorsAreComplete();
294 }
295
scheduleLocationChange(Document * originDocument,const String & url,const Referrer & referrer,bool lockBackForwardList)296 void NavigationScheduler::scheduleLocationChange(Document* originDocument, const String& url, const Referrer& referrer, bool lockBackForwardList)
297 {
298 if (!shouldScheduleNavigation(url))
299 return;
300 if (url.isEmpty())
301 return;
302
303 lockBackForwardList = lockBackForwardList || mustLockBackForwardList(m_frame);
304
305 // If the URL we're going to navigate to is the same as the current one, except for the
306 // fragment part, we don't need to schedule the location change. We'll skip this
307 // optimization for cross-origin navigations to minimize the navigator's ability to
308 // execute timing attacks.
309 if (originDocument->securityOrigin()->canAccess(m_frame->document()->securityOrigin())) {
310 KURL parsedURL(ParsedURLString, url);
311 if (parsedURL.hasFragmentIdentifier() && equalIgnoringFragmentIdentifier(m_frame->document()->url(), parsedURL)) {
312 FrameLoadRequest request(originDocument, ResourceRequest(m_frame->document()->completeURL(url), referrer), "_self");
313 request.setLockBackForwardList(lockBackForwardList);
314 if (lockBackForwardList)
315 request.setClientRedirect(ClientRedirect);
316 m_frame->loader().load(request);
317 return;
318 }
319 }
320
321 schedule(adoptPtr(new ScheduledLocationChange(originDocument, url, referrer, lockBackForwardList)));
322 }
323
schedulePageBlock(Document * originDocument,const Referrer & referrer)324 void NavigationScheduler::schedulePageBlock(Document* originDocument, const Referrer& referrer)
325 {
326 ASSERT(m_frame->page());
327 const KURL& url = m_frame->document()->url();
328 schedule(adoptPtr(new ScheduledPageBlock(originDocument, url, referrer)));
329 }
330
scheduleFormSubmission(PassRefPtrWillBeRawPtr<FormSubmission> submission)331 void NavigationScheduler::scheduleFormSubmission(PassRefPtrWillBeRawPtr<FormSubmission> submission)
332 {
333 ASSERT(m_frame->page());
334 schedule(adoptPtr(new ScheduledFormSubmission(submission, mustLockBackForwardList(m_frame))));
335 }
336
scheduleReload()337 void NavigationScheduler::scheduleReload()
338 {
339 if (!shouldScheduleNavigation())
340 return;
341 if (m_frame->document()->url().isEmpty())
342 return;
343 schedule(adoptPtr(new ScheduledReload));
344 }
345
scheduleHistoryNavigation(int steps)346 void NavigationScheduler::scheduleHistoryNavigation(int steps)
347 {
348 if (!shouldScheduleNavigation())
349 return;
350
351 // Invalid history navigations (such as history.forward() during a new load) have the side effect of cancelling any scheduled
352 // redirects. We also avoid the possibility of cancelling the current load by avoiding the scheduled redirection altogether.
353 BackForwardClient& backForward = m_frame->page()->backForward();
354 if (steps > backForward.forwardListCount() || -steps > backForward.backListCount()) {
355 cancel();
356 return;
357 }
358
359 // In all other cases, schedule the history traversal to occur asynchronously.
360 if (steps)
361 schedule(adoptPtr(new ScheduledHistoryNavigation(steps)));
362 else
363 schedule(adoptPtr(new ScheduledReload));
364 }
365
timerFired(Timer<NavigationScheduler> *)366 void NavigationScheduler::timerFired(Timer<NavigationScheduler>*)
367 {
368 if (!m_frame->page())
369 return;
370 if (m_frame->page()->defersLoading()) {
371 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
372 return;
373 }
374
375 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame.get());
376
377 OwnPtr<ScheduledNavigation> redirect(m_redirect.release());
378 redirect->fire(m_frame);
379 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
380 }
381
schedule(PassOwnPtr<ScheduledNavigation> redirect)382 void NavigationScheduler::schedule(PassOwnPtr<ScheduledNavigation> redirect)
383 {
384 ASSERT(m_frame->page());
385
386 // In a back/forward navigation, we sometimes restore history state to iframes, even though the state was generated
387 // dynamically and JS will try to put something different in the iframe. In this case, we will load stale things
388 // and/or confuse the JS when it shortly thereafter tries to schedule a location change. Let the JS have its way.
389 // FIXME: This check seems out of place.
390 if (!m_frame->loader().stateMachine()->committedFirstRealDocumentLoad() && m_frame->loader().provisionalDocumentLoader()) {
391 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame.get());
392 m_frame->loader().provisionalDocumentLoader()->stopLoading();
393 if (!m_frame->host())
394 return;
395 }
396
397 cancel();
398 m_redirect = redirect;
399 startTimer();
400 }
401
startTimer()402 void NavigationScheduler::startTimer()
403 {
404 if (!m_redirect)
405 return;
406
407 ASSERT(m_frame->page());
408 if (m_timer.isActive())
409 return;
410 if (!m_redirect->shouldStartTimer(m_frame))
411 return;
412
413 m_timer.startOneShot(m_redirect->delay(), FROM_HERE);
414 InspectorInstrumentation::frameScheduledNavigation(m_frame, m_redirect->delay());
415 }
416
cancel()417 void NavigationScheduler::cancel()
418 {
419 if (m_timer.isActive())
420 InspectorInstrumentation::frameClearedScheduledNavigation(m_frame);
421 m_timer.stop();
422 m_redirect.clear();
423 }
424
trace(Visitor * visitor)425 void NavigationScheduler::trace(Visitor* visitor)
426 {
427 visitor->trace(m_frame);
428 }
429
430 } // namespace blink
431