search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit 116cf7f:79abaa8 (svn 189234:189235)
[chromium-blink-merge.git] / chrome / renderer / chrome_content_renderer_client.cc
blob7bd91af0a1a404df35040994c63f545fbdd4a94d
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/renderer/chrome_content_renderer_client.h"
6
7 #include "base/command_line.h"
8 #include "base/debug/crash_logging.h"
9 #include "base/logging.h"
10 #include "base/metrics/field_trial.h"
11 #include "base/metrics/histogram.h"
12 #include "base/metrics/user_metrics_action.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/values.h"
17 #include "chrome/common/chrome_paths.h"
18 #include "chrome/common/chrome_switches.h"
19 #include "chrome/common/chrome_version_info.h"
20 #include "chrome/common/crash_keys.h"
21 #include "chrome/common/extensions/extension_metrics.h"
22 #include "chrome/common/localized_error.h"
23 #include "chrome/common/pepper_permission_util.h"
24 #include "chrome/common/render_messages.h"
25 #include "chrome/common/url_constants.h"
26 #include "chrome/grit/generated_resources.h"
27 #include "chrome/grit/locale_settings.h"
28 #include "chrome/grit/renderer_resources.h"
29 #include "chrome/renderer/benchmarking_extension.h"
30 #include "chrome/renderer/chrome_render_frame_observer.h"
31 #include "chrome/renderer/chrome_render_process_observer.h"
32 #include "chrome/renderer/chrome_render_view_observer.h"
33 #include "chrome/renderer/content_settings_observer.h"
34 #include "chrome/renderer/external_extension.h"
35 #include "chrome/renderer/loadtimes_extension_bindings.h"
36 #include "chrome/renderer/media/chrome_key_systems.h"
37 #include "chrome/renderer/net/net_error_helper.h"
38 #include "chrome/renderer/net_benchmarking_extension.h"
39 #include "chrome/renderer/page_load_histograms.h"
40 #include "chrome/renderer/pepper/pepper_helper.h"
41 #include "chrome/renderer/playback_extension.h"
42 #include "chrome/renderer/plugins/chrome_plugin_placeholder.h"
43 #include "chrome/renderer/plugins/plugin_uma.h"
44 #include "chrome/renderer/plugins/shadow_dom_plugin_placeholder.h"
45 #include "chrome/renderer/prefetch_helper.h"
46 #include "chrome/renderer/prerender/prerender_dispatcher.h"
47 #include "chrome/renderer/prerender/prerender_helper.h"
48 #include "chrome/renderer/prerender/prerender_media_load_deferrer.h"
49 #include "chrome/renderer/prerender/prerenderer_client.h"
50 #include "chrome/renderer/principals_extension_bindings.h"
51 #include "chrome/renderer/safe_browsing/malware_dom_details.h"
52 #include "chrome/renderer/safe_browsing/phishing_classifier_delegate.h"
53 #include "chrome/renderer/searchbox/search_bouncer.h"
54 #include "chrome/renderer/searchbox/searchbox.h"
55 #include "chrome/renderer/searchbox/searchbox_extension.h"
56 #include "chrome/renderer/tts_dispatcher.h"
57 #include "chrome/renderer/worker_permission_client_proxy.h"
58 #include "components/autofill/content/renderer/autofill_agent.h"
59 #include "components/autofill/content/renderer/password_autofill_agent.h"
60 #include "components/autofill/content/renderer/password_generation_agent.h"
61 #include "components/content_settings/core/common/content_settings_pattern.h"
62 #include "components/dns_prefetch/renderer/prescient_networking_dispatcher.h"
63 #include "components/dom_distiller/core/url_constants.h"
64 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
65 #include "components/password_manager/content/renderer/credential_manager_client.h"
66 #include "components/pdf/renderer/ppb_pdf_impl.h"
67 #include "components/plugins/renderer/mobile_youtube_plugin.h"
68 #include "components/signin/core/common/profile_management_switches.h"
69 #include "components/visitedlink/renderer/visitedlink_slave.h"
70 #include "components/web_cache/renderer/web_cache_render_process_observer.h"
71 #include "content/public/common/content_constants.h"
72 #include "content/public/renderer/plugin_instance_throttler.h"
73 #include "content/public/renderer/render_frame.h"
74 #include "content/public/renderer/render_thread.h"
75 #include "content/public/renderer/render_view.h"
76 #include "content/public/renderer/render_view_visitor.h"
77 #include "extensions/common/constants.h"
78 #include "ipc/ipc_sync_channel.h"
79 #include "net/base/net_errors.h"
80 #include "ppapi/c/private/ppb_nacl_private.h"
81 #include "ppapi/c/private/ppb_pdf.h"
82 #include "ppapi/shared_impl/ppapi_switches.h"
83 #include "third_party/WebKit/public/platform/WebURL.h"
84 #include "third_party/WebKit/public/platform/WebURLError.h"
85 #include "third_party/WebKit/public/platform/WebURLRequest.h"
86 #include "third_party/WebKit/public/web/WebCache.h"
87 #include "third_party/WebKit/public/web/WebDataSource.h"
88 #include "third_party/WebKit/public/web/WebDocument.h"
89 #include "third_party/WebKit/public/web/WebElement.h"
90 #include "third_party/WebKit/public/web/WebLocalFrame.h"
91 #include "third_party/WebKit/public/web/WebPluginContainer.h"
92 #include "third_party/WebKit/public/web/WebPluginParams.h"
93 #include "third_party/WebKit/public/web/WebPluginPlaceholder.h"
94 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
95 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
96 #include "ui/base/l10n/l10n_util.h"
97 #include "ui/base/layout.h"
98 #include "ui/base/resource/resource_bundle.h"
99 #include "ui/base/webui/jstemplate_builder.h"
100 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
101
102 #if !defined(DISABLE_NACL)
103 #include "components/nacl/common/nacl_constants.h"
104 #include "components/nacl/renderer/nacl_helper.h"
105 #endif
106
107 #if defined(ENABLE_EXTENSIONS)
108 #include "chrome/common/extensions/chrome_extensions_client.h"
109 #include "chrome/common/extensions/extension_process_policy.h"
110 #include "chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h"
111 #include "chrome/renderer/extensions/chrome_extensions_renderer_client.h"
112 #include "chrome/renderer/extensions/extension_frame_helper.h"
113 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
114 #include "chrome/renderer/extensions/resource_request_policy.h"
115 #include "chrome/renderer/media/cast_ipc_dispatcher.h"
116 #include "extensions/common/extension.h"
117 #include "extensions/common/extension_set.h"
118 #include "extensions/common/extension_urls.h"
119 #include "extensions/common/switches.h"
120 #include "extensions/renderer/dispatcher.h"
121 #include "extensions/renderer/extension_helper.h"
122 #include "extensions/renderer/extensions_render_frame_observer.h"
123 #include "extensions/renderer/guest_view/extensions_guest_view_container.h"
124 #include "extensions/renderer/guest_view/guest_view_container.h"
125 #include "extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.h"
126 #include "extensions/renderer/script_context.h"
127 #endif
128
129 #if defined(ENABLE_PRINTING)
130 #include "chrome/renderer/printing/chrome_print_web_view_helper_delegate.h"
131 #include "components/printing/renderer/print_web_view_helper.h"
132 #endif
133
134 #if defined(ENABLE_PRINT_PREVIEW)
135 #include "chrome/renderer/pepper/chrome_pdf_print_client.h"
136 #endif
137
138 #if defined(ENABLE_SPELLCHECK)
139 #include "chrome/renderer/spellchecker/spellcheck.h"
140 #include "chrome/renderer/spellchecker/spellcheck_provider.h"
141 #endif
142
143 #if defined(ENABLE_WEBRTC)
144 #include "chrome/renderer/media/webrtc_logging_message_filter.h"
145 #endif
146
147 #if defined(OS_WIN)
148 #include "chrome_elf/blacklist/blacklist.h"
149 #endif
150
151 using autofill::AutofillAgent;
152 using autofill::PasswordAutofillAgent;
153 using autofill::PasswordGenerationAgent;
154 using base::ASCIIToUTF16;
155 using base::UserMetricsAction;
156 using content::PluginInstanceThrottler;
157 using content::PluginPowerSaverMode;
158 using content::RenderFrame;
159 using content::RenderThread;
160 using content::WebPluginInfo;
161 using extensions::Extension;
162 using blink::WebCache;
163 using blink::WebConsoleMessage;
164 using blink::WebDataSource;
165 using blink::WebDocument;
166 using blink::WebFrame;
167 using blink::WebLocalFrame;
168 using blink::WebPlugin;
169 using blink::WebPluginParams;
170 using blink::WebSecurityOrigin;
171 using blink::WebSecurityPolicy;
172 using blink::WebString;
173 using blink::WebURL;
174 using blink::WebURLError;
175 using blink::WebURLRequest;
176 using blink::WebURLResponse;
177 using blink::WebVector;
178
179 namespace {
180
181 ChromeContentRendererClient* g_current_client;
182
183 #if defined(ENABLE_PLUGINS)
184 const char* const kPredefinedAllowedCompositorOrigins[] = {
185 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/383937
186 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/383937
187 };
188 #endif
189
190 void AppendParams(const std::vector<base::string16>& additional_names,
191 const std::vector<base::string16>& additional_values,
192 WebVector<WebString>* existing_names,
193 WebVector<WebString>* existing_values) {
194 DCHECK(additional_names.size() == additional_values.size());
195 DCHECK(existing_names->size() == existing_values->size());
196
197 size_t existing_size = existing_names->size();
198 size_t total_size = existing_size + additional_names.size();
199
200 WebVector<WebString> names(total_size);
201 WebVector<WebString> values(total_size);
202
203 for (size_t i = 0; i < existing_size; ++i) {
204 names[i] = (*existing_names)[i];
205 values[i] = (*existing_values)[i];
206 }
207
208 for (size_t i = 0; i < additional_names.size(); ++i) {
209 names[existing_size + i] = additional_names[i];
210 values[existing_size + i] = additional_values[i];
211 }
212
213 existing_names->swap(names);
214 existing_values->swap(values);
215 }
216
217 #if defined(ENABLE_SPELLCHECK)
218 class SpellCheckReplacer : public content::RenderViewVisitor {
219 public:
220 explicit SpellCheckReplacer(SpellCheck* spellcheck)
221 : spellcheck_(spellcheck) {}
222 bool Visit(content::RenderView* render_view) override;
223
224 private:
225 SpellCheck* spellcheck_; // New shared spellcheck for all views. Weak Ptr.
226 DISALLOW_COPY_AND_ASSIGN(SpellCheckReplacer);
227 };
228
229 bool SpellCheckReplacer::Visit(content::RenderView* render_view) {
230 SpellCheckProvider* provider = SpellCheckProvider::Get(render_view);
231 DCHECK(provider);
232 provider->set_spellcheck(spellcheck_);
233 return true;
234 }
235 #endif
236
237 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
238 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
239 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
240 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
241 return false;
242 }
243
244 #if !defined(DISABLE_NACL)
245 // Treat Native Client invocations like JavaScript.
246 if (plugin.name == ASCIIToUTF16(nacl::kNaClPluginName))
247 return true;
248 #endif
249
250 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
251 // Treat CDM invocations like JavaScript.
252 if (plugin.name == ASCIIToUTF16(kWidevineCdmDisplayName)) {
253 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
254 return true;
255 }
256 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
257
258 return false;
259 }
260
261 #if defined(ENABLE_EXTENSIONS)
262 void IsGuestViewApiAvailableToScriptContext(
263 bool* api_is_available,
264 extensions::ScriptContext* context) {
265 if (context->GetAvailability("guestViewInternal").is_available()) {
266 *api_is_available = true;
267 }
268 }
269 #endif
270
271 } // namespace
272
273 ChromeContentRendererClient::ChromeContentRendererClient() {
274 g_current_client = this;
275
276 #if defined(ENABLE_EXTENSIONS)
277 extensions::ExtensionsClient::Set(
278 extensions::ChromeExtensionsClient::GetInstance());
279 extensions::ExtensionsRendererClient::Set(
280 ChromeExtensionsRendererClient::GetInstance());
281 #endif
282 #if defined(ENABLE_PLUGINS)
283 for (size_t i = 0; i < arraysize(kPredefinedAllowedCompositorOrigins); ++i)
284 allowed_compositor_origins_.insert(kPredefinedAllowedCompositorOrigins[i]);
285 #endif
286 }
287
288 ChromeContentRendererClient::~ChromeContentRendererClient() {
289 g_current_client = NULL;
290 }
291
292 void ChromeContentRendererClient::RenderThreadStarted() {
293 RenderThread* thread = RenderThread::Get();
294
295 chrome_observer_.reset(new ChromeRenderProcessObserver(this));
296 web_cache_observer_.reset(new web_cache::WebCacheRenderProcessObserver());
297
298 #if defined(ENABLE_EXTENSIONS)
299 extension_dispatcher_delegate_.reset(
300 new ChromeExtensionsDispatcherDelegate());
301 // ChromeRenderViewTest::SetUp() creates its own ExtensionDispatcher and
302 // injects it using SetExtensionDispatcher(). Don't overwrite it.
303 if (!extension_dispatcher_) {
304 extension_dispatcher_.reset(
305 new extensions::Dispatcher(extension_dispatcher_delegate_.get()));
306 }
307 permissions_policy_delegate_.reset(
308 new extensions::RendererPermissionsPolicyDelegate(
309 extension_dispatcher_.get()));
310 #endif
311
312 prescient_networking_dispatcher_.reset(
313 new dns_prefetch::PrescientNetworkingDispatcher());
314 #if defined(ENABLE_SPELLCHECK)
315 // ChromeRenderViewTest::SetUp() creates a Spellcheck and injects it using
316 // SetSpellcheck(). Don't overwrite it.
317 if (!spellcheck_) {
318 spellcheck_.reset(new SpellCheck());
319 thread->AddObserver(spellcheck_.get());
320 }
321 #endif
322 visited_link_slave_.reset(new visitedlink::VisitedLinkSlave());
323 #if defined(FULL_SAFE_BROWSING)
324 phishing_classifier_.reset(safe_browsing::PhishingClassifierFilter::Create());
325 #endif
326 prerender_dispatcher_.reset(new prerender::PrerenderDispatcher());
327 #if defined(ENABLE_WEBRTC)
328 webrtc_logging_message_filter_ = new WebRtcLoggingMessageFilter(
329 RenderThread::Get()->GetIOMessageLoopProxy());
330 #endif
331 search_bouncer_.reset(new SearchBouncer());
332
333 thread->AddObserver(chrome_observer_.get());
334 thread->AddObserver(web_cache_observer_.get());
335 #if defined(ENABLE_EXTENSIONS)
336 thread->AddObserver(extension_dispatcher_.get());
337 #endif
338 #if defined(FULL_SAFE_BROWSING)
339 thread->AddObserver(phishing_classifier_.get());
340 #endif
341 thread->AddObserver(visited_link_slave_.get());
342 thread->AddObserver(prerender_dispatcher_.get());
343 thread->AddObserver(search_bouncer_.get());
344
345 #if defined(ENABLE_WEBRTC)
346 thread->AddFilter(webrtc_logging_message_filter_.get());
347 #endif
348 #if defined(ENABLE_EXTENSIONS)
349 thread->AddFilter(new CastIPCDispatcher(
350 RenderThread::Get()->GetIOMessageLoopProxy()));
351 #endif
352
353 thread->RegisterExtension(extensions_v8::ExternalExtension::Get());
354 thread->RegisterExtension(extensions_v8::LoadTimesExtension::Get());
355
356 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
357 if (command_line->HasSwitch(switches::kEnableBenchmarking))
358 thread->RegisterExtension(extensions_v8::BenchmarkingExtension::Get());
359 if (command_line->HasSwitch(switches::kEnableNetBenchmarking))
360 thread->RegisterExtension(extensions_v8::NetBenchmarkingExtension::Get());
361 if (command_line->HasSwitch(switches::kInstantProcess))
362 thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
363
364 if (command_line->HasSwitch(switches::kPlaybackMode) ||
365 command_line->HasSwitch(switches::kRecordMode)) {
366 thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
367 }
368
369 // TODO(guohui): needs to forward the new-profile-management switch to
370 // renderer processes.
371 if (switches::IsEnableAccountConsistency())
372 thread->RegisterExtension(extensions_v8::PrincipalsExtension::Get());
373
374 // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
375 // should not be accessible by normal content, and should also be unable to
376 // script anything but themselves (to help limit the damage that a corrupt
377 // page could cause).
378 WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
379 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
380
381 WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
382 // The Instant process can only display the content but not read it. Other
383 // processes can't display it or read it.
384 if (!command_line->HasSwitch(switches::kInstantProcess))
385 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
386
387 WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
388 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
389
390 WebString dom_distiller_scheme(
391 ASCIIToUTF16(dom_distiller::kDomDistillerScheme));
392 // TODO(nyquist): Add test to ensure this happens when the flag is set.
393 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dom_distiller_scheme);
394
395 #if defined(OS_CHROMEOS)
396 WebString external_file_scheme(ASCIIToUTF16(content::kExternalFileScheme));
397 WebSecurityPolicy::registerURLSchemeAsLocal(external_file_scheme);
398 #endif
399
400 // chrome: and chrome-search: pages should not be accessible by bookmarklets
401 // or javascript: URLs typed in the omnibox.
402 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
403 chrome_ui_scheme);
404 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
405 chrome_search_scheme);
406
407 // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource:
408 // resources shouldn't trigger insecure content warnings.
409 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
410 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
411
412 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
413 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
414
415 WebString extension_resource_scheme(
416 ASCIIToUTF16(extensions::kExtensionResourceScheme));
417 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
418
419 // chrome:, chrome-extension:, chrome-extension-resource: resources should be
420 // allowed to receive CORS requests.
421 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme);
422 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
423 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
424
425 // chrome-extension: resources should bypass Content Security Policy checks
426 // when included in protected resources.
427 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
428 extension_scheme);
429 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
430 extension_resource_scheme);
431
432 #if defined(OS_WIN)
433 // Report if the renderer process has been patched by chrome_elf.
434 // TODO(csharp): Remove once the renderer is no longer getting
435 // patched this way.
436 if (blacklist::IsBlacklistInitialized())
437 UMA_HISTOGRAM_BOOLEAN("Blacklist.PatchedInRenderer", true);
438 #endif
439 #if defined(ENABLE_PRINT_PREVIEW)
440 pdf_print_client_.reset(new ChromePDFPrintClient());
441 pdf::PPB_PDF_Impl::SetPrintClient(pdf_print_client_.get());
442 #endif
443 }
444
445 void ChromeContentRendererClient::RenderFrameCreated(
446 content::RenderFrame* render_frame) {
447 new ChromeRenderFrameObserver(render_frame);
448
449 bool should_whitelist_for_content_settings =
450 base::CommandLine::ForCurrentProcess()->HasSwitch(
451 switches::kInstantProcess);
452 extensions::Dispatcher* ext_dispatcher = NULL;
453 #if defined(ENABLE_EXTENSIONS)
454 ext_dispatcher = extension_dispatcher_.get();
455 #endif
456 ContentSettingsObserver* content_settings = new ContentSettingsObserver(
457 render_frame, ext_dispatcher, should_whitelist_for_content_settings);
458 if (chrome_observer_.get()) {
459 content_settings->SetContentSettingRules(
460 chrome_observer_->content_setting_rules());
461 }
462
463 #if defined(ENABLE_EXTENSIONS)
464 new extensions::ExtensionsRenderFrameObserver(render_frame);
465 new extensions::ExtensionFrameHelper(render_frame, ext_dispatcher);
466 #endif
467
468 #if defined(ENABLE_PLUGINS)
469 new PepperHelper(render_frame);
470 #endif
471
472 #if !defined(DISABLE_NACL)
473 new nacl::NaClHelper(render_frame);
474 #endif
475
476 // TODO(jam): when the frame tree moves into content and parent() works at
477 // RenderFrame construction, simplify this by just checking parent().
478 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) {
479 // Avoid any race conditions from having the browser tell subframes that
480 // they're prerendering.
481 if (prerender::PrerenderHelper::IsPrerendering(
482 render_frame->GetRenderView()->GetMainRenderFrame())) {
483 new prerender::PrerenderHelper(render_frame);
484 }
485 }
486
487 if (render_frame->GetRenderView()->GetMainRenderFrame() == render_frame) {
488 // Only attach NetErrorHelper to the main frame, since only the main frame
489 // should get error pages.
490 // PrefetchHelper is also needed only for main frames.
491 new NetErrorHelper(render_frame);
492 new prefetch::PrefetchHelper(render_frame);
493 }
494
495 PasswordGenerationAgent* password_generation_agent =
496 new PasswordGenerationAgent(render_frame);
497 PasswordAutofillAgent* password_autofill_agent =
498 new PasswordAutofillAgent(render_frame);
499 new AutofillAgent(render_frame, password_autofill_agent,
500 password_generation_agent);
501 }
502
503 void ChromeContentRendererClient::RenderViewCreated(
504 content::RenderView* render_view) {
505
506 #if defined(ENABLE_EXTENSIONS)
507 new extensions::ExtensionHelper(render_view, extension_dispatcher_.get());
508 extension_dispatcher_->OnRenderViewCreated(render_view);
509 #endif
510 new PageLoadHistograms(render_view);
511 #if defined(ENABLE_PRINTING)
512 new printing::PrintWebViewHelper(
513 render_view,
514 scoped_ptr<printing::PrintWebViewHelper::Delegate>(
515 new ChromePrintWebViewHelperDelegate()));
516 #endif
517 #if defined(ENABLE_SPELLCHECK)
518 new SpellCheckProvider(render_view, spellcheck_.get());
519 #endif
520 new prerender::PrerendererClient(render_view);
521 #if defined(FULL_SAFE_BROWSING)
522 safe_browsing::MalwareDOMDetails::Create(render_view);
523 #endif
524
525 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
526 if (command_line->HasSwitch(switches::kInstantProcess))
527 new SearchBox(render_view);
528
529 new ChromeRenderViewObserver(render_view, web_cache_observer_.get());
530
531 new password_manager::CredentialManagerClient(render_view);
532 }
533
534
535 SkBitmap* ChromeContentRendererClient::GetSadPluginBitmap() {
536 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
537 GetImageNamed(IDR_SAD_PLUGIN).ToSkBitmap());
538 }
539
540 SkBitmap* ChromeContentRendererClient::GetSadWebViewBitmap() {
541 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
542 GetImageNamed(IDR_SAD_WEBVIEW).ToSkBitmap());
543 }
544
545 #if defined(ENABLE_EXTENSIONS)
546 const Extension* ChromeContentRendererClient::GetExtensionByOrigin(
547 const WebSecurityOrigin& origin) const {
548 if (!EqualsASCII(origin.protocol(), extensions::kExtensionScheme))
549 return NULL;
550
551 const std::string extension_id = origin.host().utf8().data();
552 return extension_dispatcher_->extensions()->GetByID(extension_id);
553 }
554 #endif
555
556 scoped_ptr<blink::WebPluginPlaceholder>
557 ChromeContentRendererClient::CreatePluginPlaceholder(
558 content::RenderFrame* render_frame,
559 blink::WebLocalFrame* frame,
560 const blink::WebPluginParams& orig_params) {
561 return CreateShadowDOMPlaceholderForPluginInfo(
562 render_frame, frame, orig_params);
563 }
564
565 bool ChromeContentRendererClient::OverrideCreatePlugin(
566 content::RenderFrame* render_frame,
567 WebLocalFrame* frame,
568 const WebPluginParams& params,
569 WebPlugin** plugin) {
570 std::string orig_mime_type = params.mimeType.utf8();
571 #if defined(ENABLE_EXTENSIONS)
572 if (orig_mime_type == content::kBrowserPluginMimeType) {
573 bool guest_view_api_available = false;
574 extension_dispatcher_->script_context_set().ForEach(
575 render_frame->GetRenderView(),
576 base::Bind(&IsGuestViewApiAvailableToScriptContext,
577 &guest_view_api_available));
578 if (guest_view_api_available)
579 return false;
580 }
581 #endif
582
583 ChromeViewHostMsg_GetPluginInfo_Output output;
584 #if defined(ENABLE_PLUGINS)
585 render_frame->Send(new ChromeViewHostMsg_GetPluginInfo(
586 render_frame->GetRoutingID(), GURL(params.url),
587 frame->top()->document().url(), orig_mime_type, &output));
588
589 if (output.plugin.type == content::WebPluginInfo::PLUGIN_TYPE_BROWSER_PLUGIN)
590 return false;
591 #else
592 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
593 #endif
594 *plugin = CreatePlugin(render_frame, frame, params, output);
595 return true;
596 }
597
598 WebPlugin* ChromeContentRendererClient::CreatePluginReplacement(
599 content::RenderFrame* render_frame,
600 const base::FilePath& plugin_path) {
601 ChromePluginPlaceholder* placeholder =
602 ChromePluginPlaceholder::CreateErrorPlugin(render_frame, plugin_path);
603 return placeholder->plugin();
604 }
605
606 void ChromeContentRendererClient::DeferMediaLoad(
607 content::RenderFrame* render_frame,
608 const base::Closure& closure) {
609 #if defined(OS_ANDROID)
610 // Chromium for Android doesn't support prerender yet.
611 closure.Run();
612 return;
613 #else
614 if (!prerender::PrerenderHelper::IsPrerendering(render_frame)) {
615 closure.Run();
616 return;
617 }
618
619 // Lifetime is tied to |render_frame| via content::RenderFrameObserver.
620 new prerender::PrerenderMediaLoadDeferrer(render_frame, closure);
621 #endif
622 }
623
624 WebPlugin* ChromeContentRendererClient::CreatePlugin(
625 content::RenderFrame* render_frame,
626 WebLocalFrame* frame,
627 const WebPluginParams& original_params,
628 const ChromeViewHostMsg_GetPluginInfo_Output& output) {
629 const ChromeViewHostMsg_GetPluginInfo_Status& status = output.status;
630 const WebPluginInfo& plugin = output.plugin;
631 const std::string& actual_mime_type = output.actual_mime_type;
632 const base::string16& group_name = output.group_name;
633 const std::string& identifier = output.group_identifier;
634 ChromeViewHostMsg_GetPluginInfo_Status::Value status_value = status.value;
635 GURL url(original_params.url);
636 std::string orig_mime_type = original_params.mimeType.utf8();
637 ChromePluginPlaceholder* placeholder = NULL;
638
639 // If the browser plugin is to be enabled, this should be handled by the
640 // renderer, so the code won't reach here due to the early exit in
641 // OverrideCreatePlugin.
642 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound ||
643 orig_mime_type == content::kBrowserPluginMimeType) {
644 #if defined(OS_ANDROID)
645 if (plugins::MobileYouTubePlugin::IsYouTubeURL(url, orig_mime_type)) {
646 base::StringPiece template_html(
647 ResourceBundle::GetSharedInstance().GetRawDataResource(
648 IDR_MOBILE_YOUTUBE_PLUGIN_HTML));
649 return (new plugins::MobileYouTubePlugin(
650 render_frame,
651 frame,
652 original_params,
653 template_html,
654 GURL(ChromePluginPlaceholder::kPluginPlaceholderDataURL)))
655 ->plugin();
656 }
657 #endif
658 PluginUMAReporter::GetInstance()->ReportPluginMissing(orig_mime_type, url);
659 placeholder = ChromePluginPlaceholder::CreateMissingPlugin(
660 render_frame, frame, original_params);
661 } else {
662 // TODO(bauerb): This should be in content/.
663 WebPluginParams params(original_params);
664 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
665 if (plugin.mime_types[i].mime_type == actual_mime_type) {
666 AppendParams(plugin.mime_types[i].additional_param_names,
667 plugin.mime_types[i].additional_param_values,
668 &params.attributeNames,
669 &params.attributeValues);
670 break;
671 }
672 }
673 if (params.mimeType.isNull() && (actual_mime_type.size() > 0)) {
674 // Webkit might say that mime type is null while we already know the
675 // actual mime type via ChromeViewHostMsg_GetPluginInfo. In that case
676 // we should use what we know since WebpluginDelegateProxy does some
677 // specific initializations based on this information.
678 params.mimeType = WebString::fromUTF8(actual_mime_type.c_str());
679 }
680
681 ContentSettingsObserver* observer =
682 ContentSettingsObserver::Get(render_frame);
683
684 const ContentSettingsType content_type =
685 ShouldUseJavaScriptSettingForPlugin(plugin) ?
686 CONTENT_SETTINGS_TYPE_JAVASCRIPT :
687 CONTENT_SETTINGS_TYPE_PLUGINS;
688
689 if ((status_value ==
690 ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized ||
691 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay ||
692 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kBlocked) &&
693 observer->IsPluginTemporarilyAllowed(identifier)) {
694 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
695 }
696
697 // Allow full-screen plug-ins for left-click-to-play.
698 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay &&
699 !frame->parent() && !frame->opener() &&
700 frame->document().isPluginDocument()) {
701 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
702 }
703
704 #if defined(ENABLE_PLUGINS)
705 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
706 base::CommandLine::ForCurrentProcess()->HasSwitch(
707 switches::kEnablePluginPowerSaver)) {
708 status_value =
709 ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent;
710 }
711 #endif
712
713 #if defined(OS_WIN)
714 // In Windows we need to check if we can load NPAPI plugins.
715 // For example, if the render view is in the Ash desktop, we should not.
716 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
717 plugin.type == content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
718 if (observer->AreNPAPIPluginsBlocked())
719 status_value =
720 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
721 }
722 #endif
723
724 auto create_blocked_plugin =
725 [&render_frame, &frame, &params, &plugin, &identifier, &group_name](
726 int template_id, const base::string16& message,
727 const GURL& poster_url) {
728 return ChromePluginPlaceholder::CreateBlockedPlugin(
729 render_frame, frame, params, plugin, identifier, group_name,
730 template_id, message, poster_url);
731 };
732 switch (status_value) {
733 case ChromeViewHostMsg_GetPluginInfo_Status::kNotFound: {
734 NOTREACHED();
735 break;
736 }
737 case ChromeViewHostMsg_GetPluginInfo_Status::kAllowed:
738 case ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent: {
739 #if !defined(DISABLE_NACL) && defined(ENABLE_EXTENSIONS)
740 const bool is_nacl_plugin =
741 plugin.name == ASCIIToUTF16(nacl::kNaClPluginName);
742 const bool is_nacl_mime_type =
743 actual_mime_type == nacl::kNaClPluginMimeType;
744 const bool is_pnacl_mime_type =
745 actual_mime_type == nacl::kPnaclPluginMimeType;
746 if (is_nacl_plugin || is_nacl_mime_type || is_pnacl_mime_type) {
747 bool is_nacl_unrestricted = false;
748 if (is_nacl_mime_type) {
749 is_nacl_unrestricted =
750 base::CommandLine::ForCurrentProcess()->HasSwitch(
751 switches::kEnableNaCl);
752 } else if (is_pnacl_mime_type) {
753 is_nacl_unrestricted = true;
754 }
755 GURL manifest_url;
756 GURL app_url;
757 if (is_nacl_mime_type || is_pnacl_mime_type) {
758 // Normal NaCl/PNaCl embed. The app URL is the page URL.
759 manifest_url = url;
760 app_url = frame->top()->document().url();
761 } else {
762 // NaCl is being invoked as a content handler. Look up the NaCl
763 // module using the MIME type. The app URL is the manifest URL.
764 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin);
765 app_url = manifest_url;
766 }
767 const Extension* extension =
768 g_current_client->extension_dispatcher_->extensions()->
769 GetExtensionOrAppByURL(manifest_url);
770 if (!IsNaClAllowed(manifest_url,
771 app_url,
772 is_nacl_unrestricted,
773 extension,
774 &params)) {
775 WebString error_message;
776 if (is_nacl_mime_type) {
777 error_message =
778 "Only unpacked extensions and apps installed from the Chrome "
779 "Web Store can load NaCl modules without enabling Native "
780 "Client in about:flags.";
781 } else if (is_pnacl_mime_type) {
782 error_message =
783 "Portable Native Client must not be disabled in about:flags.";
784 }
785 frame->addMessageToConsole(
786 WebConsoleMessage(WebConsoleMessage::LevelError,
787 error_message));
788 placeholder = create_blocked_plugin(
789 IDR_BLOCKED_PLUGIN_HTML,
790 #if defined(OS_CHROMEOS)
791 l10n_util::GetStringUTF16(IDS_NACL_PLUGIN_BLOCKED),
792 #else
793 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name),
794 #endif
795 GURL());
796 break;
797 }
798 }
799 #endif // !defined(DISABLE_NACL) && defined(ENABLE_EXTENSIONS)
800
801 scoped_ptr<content::PluginInstanceThrottler> throttler;
802 #if defined(ENABLE_PLUGINS)
803 PluginPowerSaverMode power_saver_mode =
804 PluginPowerSaverMode::POWER_SAVER_MODE_ESSENTIAL;
805 bool show_poster = false;
806 GURL poster_url;
807 bool cross_origin_main_content = false;
808 bool blocked_for_background_tab =
809 render_frame->IsHidden() &&
810 status_value ==
811 ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent;
812 if (render_frame->ShouldThrottleContent(params, frame->document().url(),
813 &poster_url,
814 &cross_origin_main_content)) {
815 // TODO(tommycli): Apply throttler behavior to all plugins.
816 if (plugin.name == base::ASCIIToUTF16(content::kFlashPluginName) &&
817 status_value == ChromeViewHostMsg_GetPluginInfo_Status::
818 kPlayImportantContent) {
819 power_saver_mode =
820 PluginPowerSaverMode::POWER_SAVER_MODE_PERIPHERAL_THROTTLED;
821 show_poster = poster_url.is_valid();
822 } else {
823 power_saver_mode =
824 PluginPowerSaverMode::POWER_SAVER_MODE_PERIPHERAL_UNTHROTTLED;
825 }
826
827 throttler = content::PluginInstanceThrottler::Get(render_frame, url,
828 power_saver_mode);
829 }
830
831 // Delay loading plugins if prerendering.
832 // TODO(mmenke): In the case of prerendering, feed into
833 // ChromeContentRendererClient::CreatePlugin instead, to
834 // reduce the chance of future regressions.
835 bool is_prerendering =
836 prerender::PrerenderHelper::IsPrerendering(render_frame);
837 if (blocked_for_background_tab || is_prerendering || show_poster) {
838 placeholder = create_blocked_plugin(
839 show_poster ? IDR_PLUGIN_POSTER_HTML : IDR_BLOCKED_PLUGIN_HTML,
840 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name),
841 poster_url);
842 placeholder->set_blocked_for_background_tab(
843 blocked_for_background_tab);
844 placeholder->set_blocked_for_prerendering(is_prerendering);
845 placeholder->set_power_saver_mode(power_saver_mode);
846 placeholder->set_allow_loading(true);
847 break;
848 } else if (cross_origin_main_content) {
849 GURL content_origin = GURL(params.url).GetOrigin();
850 render_frame->WhitelistContentOrigin(content_origin);
851 }
852 #endif // defined(ENABLE_PLUGINS)
853 return render_frame->CreatePlugin(frame, plugin, params,
854 throttler.Pass());
855 }
856 case ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported: {
857 RenderThread::Get()->RecordAction(
858 UserMetricsAction("Plugin_NPAPINotSupported"));
859 placeholder = create_blocked_plugin(
860 IDR_BLOCKED_PLUGIN_HTML,
861 l10n_util::GetStringUTF16(IDS_PLUGIN_NOT_SUPPORTED_METRO), GURL());
862 render_frame->Send(new ChromeViewHostMsg_NPAPINotSupported(
863 render_frame->GetRoutingID(), identifier));
864 break;
865 }
866 case ChromeViewHostMsg_GetPluginInfo_Status::kDisabled: {
867 PluginUMAReporter::GetInstance()->ReportPluginDisabled(orig_mime_type,
868 url);
869 placeholder = create_blocked_plugin(
870 IDR_DISABLED_PLUGIN_HTML,
871 l10n_util::GetStringFUTF16(IDS_PLUGIN_DISABLED, group_name),
872 GURL());
873 break;
874 }
875 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked: {
876 #if defined(ENABLE_PLUGIN_INSTALLATION)
877 placeholder = create_blocked_plugin(
878 IDR_BLOCKED_PLUGIN_HTML,
879 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name),
880 GURL());
881 placeholder->set_allow_loading(true);
882 render_frame->Send(new ChromeViewHostMsg_BlockedOutdatedPlugin(
883 render_frame->GetRoutingID(), placeholder->CreateRoutingId(),
884 identifier));
885 #else
886 NOTREACHED();
887 #endif
888 break;
889 }
890 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed: {
891 placeholder = create_blocked_plugin(
892 IDR_BLOCKED_PLUGIN_HTML,
893 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name),
894 GURL());
895 break;
896 }
897 case ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized: {
898 placeholder = create_blocked_plugin(
899 IDR_BLOCKED_PLUGIN_HTML,
900 l10n_util::GetStringFUTF16(IDS_PLUGIN_NOT_AUTHORIZED, group_name),
901 GURL());
902 placeholder->set_allow_loading(true);
903 if (plugin.type != content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
904 render_frame->Send(new ChromeViewHostMsg_BlockedUnauthorizedPlugin(
905 render_frame->GetRoutingID(),
906 group_name,
907 identifier));
908 }
909 observer->DidBlockContentType(content_type, group_name);
910 break;
911 }
912 case ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay: {
913 placeholder = create_blocked_plugin(
914 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
915 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name), GURL());
916 placeholder->set_allow_loading(true);
917 RenderThread::Get()->RecordAction(
918 UserMetricsAction("Plugin_ClickToPlay"));
919 observer->DidBlockContentType(content_type, group_name);
920 break;
921 }
922 case ChromeViewHostMsg_GetPluginInfo_Status::kBlocked: {
923 placeholder = create_blocked_plugin(
924 IDR_BLOCKED_PLUGIN_HTML,
925 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name), GURL());
926 placeholder->set_allow_loading(true);
927 RenderThread::Get()->RecordAction(UserMetricsAction("Plugin_Blocked"));
928 observer->DidBlockContentType(content_type, group_name);
929 break;
930 }
931 case ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy: {
932 placeholder = create_blocked_plugin(
933 IDR_BLOCKED_PLUGIN_HTML,
934 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name), GURL());
935 placeholder->set_allow_loading(false);
936 RenderThread::Get()->RecordAction(
937 UserMetricsAction("Plugin_BlockedByPolicy"));
938 observer->DidBlockContentType(content_type, group_name);
939 break;
940 }
941 }
942 }
943 placeholder->SetStatus(status);
944 return placeholder->plugin();
945 }
946
947 // For NaCl content handling plugins, the NaCl manifest is stored in an
948 // additonal 'nacl' param associated with the MIME type.
949 // static
950 GURL ChromeContentRendererClient::GetNaClContentHandlerURL(
951 const std::string& actual_mime_type,
952 const content::WebPluginInfo& plugin) {
953 // Look for the manifest URL among the MIME type's additonal parameters.
954 const char kNaClPluginManifestAttribute[] = "nacl";
955 base::string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
956 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
957 if (plugin.mime_types[i].mime_type == actual_mime_type) {
958 const content::WebPluginMimeType& content_type = plugin.mime_types[i];
959 for (size_t i = 0; i < content_type.additional_param_names.size(); ++i) {
960 if (content_type.additional_param_names[i] == nacl_attr)
961 return GURL(content_type.additional_param_values[i]);
962 }
963 break;
964 }
965 }
966 return GURL();
967 }
968
969 #if !defined(DISABLE_NACL)
970 // static
971 bool ChromeContentRendererClient::IsNaClAllowed(
972 const GURL& manifest_url,
973 const GURL& app_url,
974 bool is_nacl_unrestricted,
975 const Extension* extension,
976 WebPluginParams* params) {
977 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.
978 std::string app_url_host = app_url.host();
979 std::string manifest_url_path = manifest_url.path();
980
981 bool is_whitelisted_web_ui =
982 app_url.spec() == chrome::kChromeUIAppListStartPageURL;
983
984 bool is_photo_app =
985 // Whitelisted apps must be served over https.
986 app_url.SchemeIs("https") &&
987 manifest_url.SchemeIs("https") &&
988 (EndsWith(app_url_host, "plus.google.com", false) ||
989 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
990 manifest_url.DomainIs("ssl.gstatic.com") &&
991 (manifest_url_path.find("s2/oz/nacl/") == 1 ||
992 manifest_url_path.find("photos/nacl/") == 1);
993
994 std::string manifest_fs_host;
995 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {
996 manifest_fs_host = manifest_url.inner_url()->host();
997 }
998 bool is_hangouts_app =
999 // Whitelisted apps must be served over secure scheme.
1000 app_url.SchemeIs("https") &&
1001 manifest_url.SchemeIsSecure() &&
1002 manifest_url.SchemeIsFileSystem() &&
1003 (EndsWith(app_url_host, "talkgadget.google.com", false) ||
1004 EndsWith(app_url_host, "plus.google.com", false) ||
1005 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
1006 // The manifest must be loaded from the host's FileSystem.
1007 (manifest_fs_host == app_url_host);
1008
1009 bool is_whitelisted_app = is_photo_app || is_hangouts_app;
1010
1011 bool is_extension_from_webstore = false;
1012 bool is_invoked_by_hosted_app = false;
1013 bool is_extension_unrestricted = false;
1014 #if defined(ENABLE_EXTENSIONS)
1015 is_extension_from_webstore = extension && extension->from_webstore();
1016
1017 is_invoked_by_hosted_app = extension &&
1018 extension->is_hosted_app() &&
1019 extension->web_extent().MatchesURL(app_url);
1020
1021 // Allow built-in extensions and extensions under development.
1022 is_extension_unrestricted = extension &&
1023 (extension->location() == extensions::Manifest::COMPONENT ||
1024 extensions::Manifest::IsUnpackedLocation(extension->location()));
1025 #endif // defined(ENABLE_EXTENSIONS)
1026
1027 bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
1028
1029 // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
1030 bool is_nacl_pdf_viewer =
1031 (is_extension_from_webstore &&
1032 manifest_url.SchemeIs("chrome-extension") &&
1033 manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
1034
1035 // Allow Chrome Web Store extensions, built-in extensions and extensions
1036 // under development if the invocation comes from a URL with an extension
1037 // scheme. Also allow invocations if they are from whitelisted URLs or
1038 // if --enable-nacl is set.
1039 bool is_nacl_allowed = is_nacl_unrestricted ||
1040 is_whitelisted_web_ui ||
1041 is_whitelisted_app ||
1042 is_nacl_pdf_viewer ||
1043 is_invoked_by_hosted_app ||
1044 (is_invoked_by_extension &&
1045 (is_extension_from_webstore ||
1046 is_extension_unrestricted));
1047 if (is_nacl_allowed) {
1048 bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
1049 // Make sure that PPAPI 'dev' interfaces aren't available for production
1050 // apps unless they're whitelisted.
1051 WebString dev_attribute = WebString::fromUTF8("@dev");
1052 if ((!is_whitelisted_app && !is_extension_from_webstore) ||
1053 app_can_use_dev_interfaces) {
1054 // Add the special '@dev' attribute.
1055 std::vector<base::string16> param_names;
1056 std::vector<base::string16> param_values;
1057 param_names.push_back(dev_attribute);
1058 param_values.push_back(WebString());
1059 AppendParams(
1060 param_names,
1061 param_values,
1062 &params->attributeNames,
1063 &params->attributeValues);
1064 } else {
1065 // If the params somehow contain '@dev', remove it.
1066 size_t attribute_count = params->attributeNames.size();
1067 for (size_t i = 0; i < attribute_count; ++i) {
1068 if (params->attributeNames[i].equals(dev_attribute))
1069 params->attributeNames[i] = WebString();
1070 }
1071 }
1072 }
1073 return is_nacl_allowed;
1074 }
1075 #endif // defined(DISABLE_NACL)
1076
1077 bool ChromeContentRendererClient::HasErrorPage(int http_status_code,
1078 std::string* error_domain) {
1079 // Use an internal error page, if we have one for the status code.
1080 if (!LocalizedError::HasStrings(LocalizedError::kHttpErrorDomain,
1081 http_status_code)) {
1082 return false;
1083 }
1084
1085 *error_domain = LocalizedError::kHttpErrorDomain;
1086 return true;
1087 }
1088
1089 bool ChromeContentRendererClient::ShouldSuppressErrorPage(
1090 content::RenderFrame* render_frame,
1091 const GURL& url) {
1092 // Unit tests for ChromeContentRendererClient pass a NULL RenderFrame here.
1093 // Unfortunately it's very difficult to construct a mock RenderView, so skip
1094 // this functionality in this case.
1095 if (render_frame) {
1096 content::RenderView* render_view = render_frame->GetRenderView();
1097 content::RenderFrame* main_render_frame = render_view->GetMainRenderFrame();
1098 blink::WebFrame* web_frame = render_frame->GetWebFrame();
1099 NetErrorHelper* net_error_helper = NetErrorHelper::Get(main_render_frame);
1100 if (net_error_helper->ShouldSuppressErrorPage(web_frame, url))
1101 return true;
1102 }
1103 // Do not flash an error page if the Instant new tab page fails to load.
1104 return search_bouncer_.get() && search_bouncer_->IsNewTabPage(url);
1105 }
1106
1107 void ChromeContentRendererClient::GetNavigationErrorStrings(
1108 content::RenderView* render_view,
1109 blink::WebFrame* frame,
1110 const blink::WebURLRequest& failed_request,
1111 const blink::WebURLError& error,
1112 std::string* error_html,
1113 base::string16* error_description) {
1114 const GURL failed_url = error.unreachableURL;
1115 const Extension* extension = NULL;
1116
1117 #if defined(ENABLE_EXTENSIONS)
1118 if (failed_url.is_valid() &&
1119 !failed_url.SchemeIs(extensions::kExtensionScheme)) {
1120 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
1121 failed_url);
1122 }
1123 #endif
1124
1125 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST");
1126
1127 if (error_html) {
1128 bool extension_but_not_bookmark_app = false;
1129 #if defined(ENABLE_EXTENSIONS)
1130 extension_but_not_bookmark_app = extension && !extension->from_bookmark();
1131 #endif
1132 // Use a local error page.
1133 if (extension_but_not_bookmark_app) {
1134 #if defined(ENABLE_EXTENSIONS)
1135 // TODO(erikkay): Should we use a different template for different
1136 // error messages?
1137 int resource_id = IDR_ERROR_APP_HTML;
1138 const base::StringPiece template_html(
1139 ResourceBundle::GetSharedInstance().GetRawDataResource(
1140 resource_id));
1141 if (template_html.empty()) {
1142 NOTREACHED() << "unable to load template. ID: " << resource_id;
1143 } else {
1144 base::DictionaryValue error_strings;
1145 const std::string locale = RenderThread::Get()->GetLocale();
1146 LocalizedError::GetAppErrorStrings(failed_url, extension, locale,
1147 &error_strings);
1148 // "t" is the id of the template's root node.
1149 *error_html = webui::GetTemplatesHtml(template_html, &error_strings,
1150 "t");
1151 }
1152 #endif
1153 } else {
1154 // TODO(ellyjones): change GetNavigationErrorStrings to take a RenderFrame
1155 // instead of a RenderView, then pass that in.
1156 // This is safe for now because we only install the NetErrorHelper on the
1157 // main render frame anyway; see the TODO(ellyjones) in
1158 // RenderFrameCreated.
1159 content::RenderFrame* main_render_frame =
1160 render_view->GetMainRenderFrame();
1161 NetErrorHelper* helper = NetErrorHelper::Get(main_render_frame);
1162 helper->GetErrorHTML(frame, error, is_post, error_html);
1163 }
1164 }
1165
1166 if (error_description) {
1167 if (!extension)
1168 *error_description = LocalizedError::GetErrorDetails(error, is_post);
1169 }
1170 }
1171
1172 bool ChromeContentRendererClient::RunIdleHandlerWhenWidgetsHidden() {
1173 #if defined(ENABLE_EXTENSIONS)
1174 return !extension_dispatcher_->is_extension_process();
1175 #else
1176 return true;
1177 #endif
1178 }
1179
1180 bool ChromeContentRendererClient::AllowPopup() {
1181 #if defined(ENABLE_EXTENSIONS)
1182 extensions::ScriptContext* current_context =
1183 extension_dispatcher_->script_context_set().GetCurrent();
1184 if (!current_context || !current_context->extension())
1185 return false;
1186 // See http://crbug.com/117446 for the subtlety of this check.
1187 switch (current_context->context_type()) {
1188 case extensions::Feature::UNSPECIFIED_CONTEXT:
1189 case extensions::Feature::WEB_PAGE_CONTEXT:
1190 case extensions::Feature::UNBLESSED_EXTENSION_CONTEXT:
1191 case extensions::Feature::WEBUI_CONTEXT:
1192 return false;
1193 case extensions::Feature::BLESSED_EXTENSION_CONTEXT:
1194 case extensions::Feature::CONTENT_SCRIPT_CONTEXT:
1195 return true;
1196 case extensions::Feature::BLESSED_WEB_PAGE_CONTEXT:
1197 return !current_context->web_frame()->parent();
1198 }
1199 NOTREACHED();
1200 #endif
1201 return false;
1202 }
1203
1204 bool ChromeContentRendererClient::ShouldFork(WebFrame* frame,
1205 const GURL& url,
1206 const std::string& http_method,
1207 bool is_initial_navigation,
1208 bool is_server_redirect,
1209 bool* send_referrer) {
1210 DCHECK(!frame->parent());
1211
1212 // If this is the Instant process, fork all navigations originating from the
1213 // renderer. The destination page will then be bucketed back to this Instant
1214 // process if it is an Instant url, or to another process if not. Conversely,
1215 // fork if this is a non-Instant process navigating to an Instant url, so that
1216 // such navigations can also be bucketed into an Instant renderer.
1217 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1218 switches::kInstantProcess) ||
1219 (search_bouncer_.get() && search_bouncer_->ShouldFork(url))) {
1220 *send_referrer = true;
1221 return true;
1222 }
1223
1224 // For now, we skip the rest for POST submissions. This is because
1225 // http://crbug.com/101395 is more likely to cause compatibility issues
1226 // with hosted apps and extensions than WebUI pages. We will remove this
1227 // check when cross-process POST submissions are supported.
1228 if (http_method != "GET")
1229 return false;
1230
1231 // If this is the Signin process, fork all navigations originating from the
1232 // renderer. The destination page will then be bucketed back to this Signin
1233 // process if it is a Signin url, or to another process if not.
1234 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1235 switches::kSigninProcess)) {
1236 // We never want to allow non-signin pages to fork-on-POST to a
1237 // signin-related action URL. We'll need to handle this carefully once
1238 // http://crbug.com/101395 is fixed. The CHECK ensures we don't forget.
1239 CHECK_NE(http_method, "POST");
1240 return true;
1241 }
1242
1243 // If |url| matches one of the prerendered URLs, stop this navigation and try
1244 // to swap in the prerendered page on the browser process. If the prerendered
1245 // page no longer exists by the time the OpenURL IPC is handled, a normal
1246 // navigation is attempted.
1247 if (prerender_dispatcher_.get() &&
1248 prerender_dispatcher_->IsPrerenderURL(url)) {
1249 *send_referrer = true;
1250 return true;
1251 }
1252
1253 #if defined(ENABLE_EXTENSIONS)
1254 const extensions::ExtensionSet* extensions =
1255 extension_dispatcher_->extensions();
1256
1257 // Determine if the new URL is an extension (excluding bookmark apps).
1258 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
1259 *extensions, url);
1260 bool is_extension_url = !!new_url_extension;
1261
1262 // If the navigation would cross an app extent boundary, we also need
1263 // to defer to the browser to ensure process isolation. This is not necessary
1264 // for server redirects, which will be transferred to a new process by the
1265 // browser process when they are ready to commit. It is necessary for client
1266 // redirects, which won't be transferred in the same way.
1267 if (!is_server_redirect &&
1268 CrossesExtensionExtents(frame, url, *extensions, is_extension_url,
1269 is_initial_navigation)) {
1270 // Include the referrer in this case since we're going from a hosted web
1271 // page. (the packaged case is handled previously by the extension
1272 // navigation test)
1273 *send_referrer = true;
1274
1275 const Extension* extension =
1276 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url);
1277 if (extension && extension->is_app()) {
1278 extensions::RecordAppLaunchType(
1279 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION, extension->GetType());
1280 }
1281 return true;
1282 }
1283
1284 // If this is a reload, check whether it has the wrong process type. We
1285 // should send it to the browser if it's an extension URL (e.g., hosted app)
1286 // in a normal process, or if it's a process for an extension that has been
1287 // uninstalled.
1288 if (frame->top()->document().url() == url) {
1289 if (is_extension_url != extension_dispatcher_->is_extension_process())
1290 return true;
1291 }
1292 #endif // defined(ENABLE_EXTENSIONS)
1293
1294 return false;
1295 }
1296
1297 #if defined(ENABLE_EXTENSIONS)
1298 bool ChromeContentRendererClient::ShouldForwardToGuestContainer(
1299 const IPC::Message& msg) {
1300 return extensions::GuestViewContainer::HandlesMessage(msg);
1301 }
1302 #endif
1303
1304 bool ChromeContentRendererClient::WillSendRequest(
1305 blink::WebFrame* frame,
1306 ui::PageTransition transition_type,
1307 const GURL& url,
1308 const GURL& first_party_for_cookies,
1309 GURL* new_url) {
1310 // Check whether the request should be allowed. If not allowed, we reset the
1311 // URL to something invalid to prevent the request and cause an error.
1312 #if defined(ENABLE_EXTENSIONS)
1313 if (url.SchemeIs(extensions::kExtensionScheme) &&
1314 !extensions::ResourceRequestPolicy::CanRequestResource(
1315 url,
1316 frame,
1317 transition_type,
1318 extension_dispatcher_->extensions())) {
1319 *new_url = GURL(chrome::kExtensionInvalidRequestURL);
1320 return true;
1321 }
1322
1323 if (url.SchemeIs(extensions::kExtensionResourceScheme) &&
1324 !extensions::ResourceRequestPolicy::CanRequestExtensionResourceScheme(
1325 url,
1326 frame)) {
1327 *new_url = GURL(chrome::kExtensionResourceInvalidRequestURL);
1328 return true;
1329 }
1330 #endif
1331
1332 const content::RenderView* render_view =
1333 content::RenderView::FromWebView(frame->view());
1334 SearchBox* search_box = SearchBox::Get(render_view);
1335 if (search_box && url.SchemeIs(chrome::kChromeSearchScheme)) {
1336 if (url.host() == chrome::kChromeUIThumbnailHost)
1337 return search_box->GenerateThumbnailURLFromTransientURL(url, new_url);
1338 else if (url.host() == chrome::kChromeUIFaviconHost)
1339 return search_box->GenerateFaviconURLFromTransientURL(url, new_url);
1340 }
1341
1342 return false;
1343 }
1344
1345 void ChromeContentRendererClient::DidCreateScriptContext(
1346 WebFrame* frame, v8::Handle<v8::Context> context, int extension_group,
1347 int world_id) {
1348 #if defined(ENABLE_EXTENSIONS)
1349 extension_dispatcher_->DidCreateScriptContext(
1350 frame, context, extension_group, world_id);
1351 #endif
1352 }
1353
1354 unsigned long long ChromeContentRendererClient::VisitedLinkHash(
1355 const char* canonical_url, size_t length) {
1356 return visited_link_slave_->ComputeURLFingerprint(canonical_url, length);
1357 }
1358
1359 bool ChromeContentRendererClient::IsLinkVisited(unsigned long long link_hash) {
1360 return visited_link_slave_->IsVisited(link_hash);
1361 }
1362
1363 blink::WebPrescientNetworking*
1364 ChromeContentRendererClient::GetPrescientNetworking() {
1365 return prescient_networking_dispatcher_.get();
1366 }
1367
1368 bool ChromeContentRendererClient::ShouldOverridePageVisibilityState(
1369 const content::RenderFrame* render_frame,
1370 blink::WebPageVisibilityState* override_state) {
1371 if (!prerender::PrerenderHelper::IsPrerendering(render_frame))
1372 return false;
1373
1374 *override_state = blink::WebPageVisibilityStatePrerender;
1375 return true;
1376 }
1377
1378 #if defined(ENABLE_EXTENSIONS)
1379 void ChromeContentRendererClient::SetExtensionDispatcherForTest(
1380 extensions::Dispatcher* extension_dispatcher) {
1381 extension_dispatcher_.reset(extension_dispatcher);
1382 permissions_policy_delegate_.reset(
1383 new extensions::RendererPermissionsPolicyDelegate(
1384 extension_dispatcher_.get()));
1385 }
1386
1387 extensions::Dispatcher*
1388 ChromeContentRendererClient::GetExtensionDispatcherForTest() {
1389 return extension_dispatcher_.get();
1390 }
1391
1392 bool ChromeContentRendererClient::CrossesExtensionExtents(
1393 WebFrame* frame,
1394 const GURL& new_url,
1395 const extensions::ExtensionSet& extensions,
1396 bool is_extension_url,
1397 bool is_initial_navigation) {
1398 GURL old_url(frame->top()->document().url());
1399
1400 // If old_url is still empty and this is an initial navigation, then this is
1401 // a window.open operation. We should look at the opener URL.
1402 if (is_initial_navigation && old_url.is_empty() && frame->opener()) {
1403 // If we're about to open a normal web page from a same-origin opener stuck
1404 // in an extension process, we want to keep it in process to allow the
1405 // opener to script it.
1406 WebDocument opener_document = frame->opener()->document();
1407 WebSecurityOrigin opener = frame->opener()->document().securityOrigin();
1408 bool opener_is_extension_url =
1409 !opener.isUnique() && extensions.GetExtensionOrAppByURL(
1410 opener_document.url()) != NULL;
1411 if (!is_extension_url &&
1412 !opener_is_extension_url &&
1413 extension_dispatcher_->is_extension_process() &&
1414 opener.canRequest(WebURL(new_url)))
1415 return false;
1416
1417 // In all other cases, we want to compare against the top frame's URL (as
1418 // opposed to the opener frame's), since that's what determines the type of
1419 // process. This allows iframes outside an app to open a popup in the app.
1420 old_url = frame->top()->opener()->top()->document().url();
1421 }
1422
1423 // Only consider keeping non-app URLs in an app process if this window
1424 // has an opener (in which case it might be an OAuth popup that tries to
1425 // script an iframe within the app).
1426 bool should_consider_workaround = !!frame->opener();
1427
1428 return extensions::CrossesExtensionProcessBoundary(
1429 extensions, old_url, new_url, should_consider_workaround);
1430 }
1431 #endif // defined(ENABLE_EXTENSIONS)
1432
1433 #if defined(ENABLE_SPELLCHECK)
1434 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) {
1435 RenderThread* thread = RenderThread::Get();
1436 if (spellcheck_.get() && thread)
1437 thread->RemoveObserver(spellcheck_.get());
1438 spellcheck_.reset(spellcheck);
1439 SpellCheckReplacer replacer(spellcheck_.get());
1440 content::RenderView::ForEach(&replacer);
1441 if (thread)
1442 thread->AddObserver(spellcheck_.get());
1443 }
1444 #endif
1445
1446 // static
1447 bool ChromeContentRendererClient::WasWebRequestUsedBySomeExtensions() {
1448 #if defined(ENABLE_EXTENSIONS)
1449 return g_current_client->extension_dispatcher_
1450 ->WasWebRequestUsedBySomeExtensions();
1451 #else
1452 return false;
1453 #endif
1454 }
1455
1456 const void* ChromeContentRendererClient::CreatePPAPIInterface(
1457 const std::string& interface_name) {
1458 #if defined(ENABLE_PLUGINS)
1459 #if !defined(DISABLE_NACL)
1460 if (interface_name == PPB_NACL_PRIVATE_INTERFACE)
1461 return nacl::GetNaClPrivateInterface();
1462 #endif // DISABLE_NACL
1463 if (interface_name == PPB_PDF_INTERFACE)
1464 return pdf::PPB_PDF_Impl::GetInterface();
1465 #endif
1466 return NULL;
1467 }
1468
1469 bool ChromeContentRendererClient::IsExternalPepperPlugin(
1470 const std::string& module_name) {
1471 // TODO(bbudge) remove this when the trusted NaCl plugin has been removed.
1472 // We must defer certain plugin events for NaCl instances since we switch
1473 // from the in-process to the out-of-process proxy after instantiating them.
1474 return module_name == "Native Client";
1475 }
1476
1477 #if defined(ENABLE_PLUGINS) && defined(ENABLE_EXTENSIONS)
1478 bool ChromeContentRendererClient::IsExtensionOrSharedModuleWhitelisted(
1479 const GURL& url, const std::set<std::string>& whitelist) {
1480 const extensions::ExtensionSet* extension_set =
1481 g_current_client->extension_dispatcher_->extensions();
1482 return chrome::IsExtensionOrSharedModuleWhitelisted(url, extension_set,
1483 whitelist);
1484 }
1485 #endif
1486
1487 blink::WebSpeechSynthesizer*
1488 ChromeContentRendererClient::OverrideSpeechSynthesizer(
1489 blink::WebSpeechSynthesizerClient* client) {
1490 return new TtsDispatcher(client);
1491 }
1492
1493 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
1494 const GURL& url) {
1495 #if !defined(OS_ANDROID)
1496 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
1497 // the whitelist in the renderer, since we're only preventing access until
1498 // these APIs are public and stable.
1499 std::string url_host = url.host();
1500 if (url.SchemeIs("https") &&
1501 (EndsWith(url_host, "talkgadget.google.com", false) ||
1502 EndsWith(url_host, "plus.google.com", false) ||
1503 EndsWith(url_host, "plus.sandbox.google.com", false)) &&
1504 StartsWithASCII(url.path(), "/hangouts/", false)) {
1505 return true;
1506 }
1507 // Allow access for tests.
1508 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1509 switches::kEnablePepperTesting)) {
1510 return true;
1511 }
1512 #endif // !defined(OS_ANDROID)
1513 return false;
1514 }
1515
1516 void ChromeContentRendererClient::AddKeySystems(
1517 std::vector<media::KeySystemInfo>* key_systems) {
1518 AddChromeKeySystems(key_systems);
1519 }
1520
1521 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(
1522 const base::string16& source) const {
1523 #if defined(ENABLE_EXTENSIONS)
1524 return extensions::IsSourceFromAnExtension(source);
1525 #else
1526 return false;
1527 #endif
1528 }
1529
1530 bool ChromeContentRendererClient::ShouldEnableSiteIsolationPolicy() const {
1531 // SiteIsolationPolicy is off by default. We would like to activate cross-site
1532 // document blocking (for UMA data collection) for normal renderer processes
1533 // running a normal web page from the Internet. We only turn on
1534 // SiteIsolationPolicy for a renderer process that does not have the extension
1535 // flag on.
1536 #if defined(ENABLE_EXTENSIONS)
1537 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
1538 return !command_line->HasSwitch(extensions::switches::kExtensionProcess);
1539 #else
1540 return true;
1541 #endif
1542 }
1543
1544 blink::WebWorkerPermissionClientProxy*
1545 ChromeContentRendererClient::CreateWorkerPermissionClientProxy(
1546 content::RenderFrame* render_frame,
1547 blink::WebFrame* frame) {
1548 return new WorkerPermissionClientProxy(render_frame, frame);
1549 }
1550
1551 bool ChromeContentRendererClient::IsPluginAllowedToUseDevChannelAPIs() {
1552 #if defined(ENABLE_PLUGINS)
1553 // Allow access for tests.
1554 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1555 switches::kEnablePepperTesting)) {
1556 return true;
1557 }
1558
1559 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
1560 // Allow dev channel APIs to be used on "Canary", "Dev", and "Unknown"
1561 // releases of Chrome. Permitting "Unknown" allows these APIs to be used on
1562 // Chromium builds as well.
1563 return channel <= chrome::VersionInfo::CHANNEL_DEV;
1564 #else
1565 return false;
1566 #endif
1567 }
1568
1569 bool ChromeContentRendererClient::IsPluginAllowedToUseCompositorAPI(
1570 const GURL& url) {
1571 #if defined(ENABLE_PLUGINS) && defined(ENABLE_EXTENSIONS)
1572 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1573 switches::kEnablePepperTesting))
1574 return true;
1575 if (IsExtensionOrSharedModuleWhitelisted(url, allowed_compositor_origins_))
1576 return true;
1577
1578 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
1579 return channel <= chrome::VersionInfo::CHANNEL_DEV;
1580 #else
1581 return false;
1582 #endif
1583 }
1584
1585 content::BrowserPluginDelegate*
1586 ChromeContentRendererClient::CreateBrowserPluginDelegate(
1587 content::RenderFrame* render_frame,
1588 const std::string& mime_type,
1589 const GURL& original_url) {
1590 #if defined(ENABLE_EXTENSIONS)
1591 if (mime_type == content::kBrowserPluginMimeType) {
1592 return new extensions::ExtensionsGuestViewContainer(render_frame);
1593 } else {
1594 return new extensions::MimeHandlerViewContainer(
1595 render_frame, mime_type, original_url);
1596 }
1597 #else
1598 return NULL;
1599 #endif
1600 }