search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pass FrameTreeNode (not RenderFrameHost) to NavigateToEntry.
[chromium-blink-merge.git] / content / browser / frame_host / render_frame_host_impl.cc
blobe6cc05197d3a25613468d2938787f3f54da90757
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/frame_host/render_frame_host_impl.h"
6
7 #include "base/bind.h"
8 #include "base/command_line.h"
9 #include "base/containers/hash_tables.h"
10 #include "base/lazy_instance.h"
11 #include "base/metrics/histogram.h"
12 #include "base/metrics/user_metrics_action.h"
13 #include "base/process/kill.h"
14 #include "base/time/time.h"
15 #include "content/browser/accessibility/accessibility_mode_helper.h"
16 #include "content/browser/accessibility/browser_accessibility_manager.h"
17 #include "content/browser/accessibility/browser_accessibility_state_impl.h"
18 #include "content/browser/child_process_security_policy_impl.h"
19 #include "content/browser/frame_host/cross_process_frame_connector.h"
20 #include "content/browser/frame_host/cross_site_transferring_request.h"
21 #include "content/browser/frame_host/frame_accessibility.h"
22 #include "content/browser/frame_host/frame_tree.h"
23 #include "content/browser/frame_host/frame_tree_node.h"
24 #include "content/browser/frame_host/navigator.h"
25 #include "content/browser/frame_host/navigator_impl.h"
26 #include "content/browser/frame_host/render_frame_host_delegate.h"
27 #include "content/browser/frame_host/render_frame_proxy_host.h"
28 #include "content/browser/frame_host/render_widget_host_view_child_frame.h"
29 #include "content/browser/geolocation/geolocation_service_context.h"
30 #include "content/browser/permissions/permission_service_context.h"
31 #include "content/browser/permissions/permission_service_impl.h"
32 #include "content/browser/presentation/presentation_service_impl.h"
33 #include "content/browser/renderer_host/input/input_router.h"
34 #include "content/browser/renderer_host/input/timeout_monitor.h"
35 #include "content/browser/renderer_host/render_process_host_impl.h"
36 #include "content/browser/renderer_host/render_view_host_delegate.h"
37 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
38 #include "content/browser/renderer_host/render_view_host_impl.h"
39 #include "content/browser/renderer_host/render_widget_host_impl.h"
40 #include "content/browser/renderer_host/render_widget_host_view_base.h"
41 #include "content/browser/transition_request_manager.h"
42 #include "content/common/accessibility_messages.h"
43 #include "content/common/frame_messages.h"
44 #include "content/common/input_messages.h"
45 #include "content/common/inter_process_time_ticks_converter.h"
46 #include "content/common/navigation_params.h"
47 #include "content/common/render_frame_setup.mojom.h"
48 #include "content/common/swapped_out_messages.h"
49 #include "content/public/browser/ax_event_notification_details.h"
50 #include "content/public/browser/browser_accessibility_state.h"
51 #include "content/public/browser/browser_context.h"
52 #include "content/public/browser/browser_plugin_guest_manager.h"
53 #include "content/public/browser/browser_thread.h"
54 #include "content/public/browser/content_browser_client.h"
55 #include "content/public/browser/render_process_host.h"
56 #include "content/public/browser/render_widget_host_view.h"
57 #include "content/public/browser/stream_handle.h"
58 #include "content/public/browser/user_metrics.h"
59 #include "content/public/common/content_constants.h"
60 #include "content/public/common/content_switches.h"
61 #include "content/public/common/url_constants.h"
62 #include "content/public/common/url_utils.h"
63 #include "ui/accessibility/ax_tree.h"
64 #include "url/gurl.h"
65
66 #if defined(OS_MACOSX)
67 #include "content/browser/frame_host/popup_menu_helper_mac.h"
68 #endif
69
70 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
71 #include "media/mojo/interfaces/media_renderer.mojom.h"
72 #include "media/mojo/services/mojo_renderer_service.h"
73 #endif
74
75 using base::TimeDelta;
76
77 namespace content {
78
79 namespace {
80
81 // The next value to use for the accessibility reset token.
82 int g_next_accessibility_reset_token = 1;
83
84 // The (process id, routing id) pair that identifies one RenderFrame.
85 typedef std::pair<int32, int32> RenderFrameHostID;
86 typedef base::hash_map<RenderFrameHostID, RenderFrameHostImpl*>
87 RoutingIDFrameMap;
88 base::LazyInstance<RoutingIDFrameMap> g_routing_id_frame_map =
89 LAZY_INSTANCE_INITIALIZER;
90
91 // Translate a WebKit text direction into a base::i18n one.
92 base::i18n::TextDirection WebTextDirectionToChromeTextDirection(
93 blink::WebTextDirection dir) {
94 switch (dir) {
95 case blink::WebTextDirectionLeftToRight:
96 return base::i18n::LEFT_TO_RIGHT;
97 case blink::WebTextDirectionRightToLeft:
98 return base::i18n::RIGHT_TO_LEFT;
99 default:
100 NOTREACHED();
101 return base::i18n::UNKNOWN_DIRECTION;
102 }
103 }
104
105 } // namespace
106
107 // static
108 bool RenderFrameHostImpl::IsRFHStateActive(RenderFrameHostImplState rfh_state) {
109 return rfh_state == STATE_DEFAULT;
110 }
111
112 // static
113 RenderFrameHost* RenderFrameHost::FromID(int render_process_id,
114 int render_frame_id) {
115 return RenderFrameHostImpl::FromID(render_process_id, render_frame_id);
116 }
117
118 // static
119 RenderFrameHostImpl* RenderFrameHostImpl::FromID(int process_id,
120 int routing_id) {
121 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
122 RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer();
123 RoutingIDFrameMap::iterator it = frames->find(
124 RenderFrameHostID(process_id, routing_id));
125 return it == frames->end() ? NULL : it->second;
126 }
127
128 RenderFrameHostImpl::RenderFrameHostImpl(SiteInstance* site_instance,
129 RenderViewHostImpl* render_view_host,
130 RenderFrameHostDelegate* delegate,
131 RenderWidgetHostDelegate* rwh_delegate,
132 FrameTree* frame_tree,
133 FrameTreeNode* frame_tree_node,
134 int routing_id,
135 int flags)
136 : render_view_host_(render_view_host),
137 delegate_(delegate),
138 site_instance_(static_cast<SiteInstanceImpl*>(site_instance)),
139 process_(site_instance->GetProcess()),
140 cross_process_frame_connector_(NULL),
141 render_frame_proxy_host_(NULL),
142 frame_tree_(frame_tree),
143 frame_tree_node_(frame_tree_node),
144 routing_id_(routing_id),
145 render_frame_created_(false),
146 navigations_suspended_(false),
147 has_beforeunload_handlers_(false),
148 has_unload_handlers_(false),
149 override_sudden_termination_status_(false),
150 is_waiting_for_beforeunload_ack_(false),
151 unload_ack_is_for_navigation_(false),
152 accessibility_reset_token_(0),
153 accessibility_reset_count_(0),
154 no_create_browser_accessibility_manager_for_testing_(false),
155 weak_ptr_factory_(this) {
156 bool is_swapped_out = !!(flags & CREATE_RF_SWAPPED_OUT);
157 bool hidden = !!(flags & CREATE_RF_HIDDEN);
158 frame_tree_->RegisterRenderFrameHost(this);
159 GetProcess()->AddRoute(routing_id_, this);
160 g_routing_id_frame_map.Get().insert(std::make_pair(
161 RenderFrameHostID(GetProcess()->GetID(), routing_id_),
162 this));
163
164 if (is_swapped_out) {
165 rfh_state_ = STATE_SWAPPED_OUT;
166 } else {
167 rfh_state_ = STATE_DEFAULT;
168 GetSiteInstance()->increment_active_frame_count();
169 }
170
171 SetUpMojoIfNeeded();
172 swapout_event_monitor_timeout_.reset(new TimeoutMonitor(base::Bind(
173 &RenderFrameHostImpl::OnSwappedOut, weak_ptr_factory_.GetWeakPtr())));
174
175 if (flags & CREATE_RF_NEEDS_RENDER_WIDGET_HOST) {
176 render_widget_host_.reset(new RenderWidgetHostImpl(
177 rwh_delegate, GetProcess(), MSG_ROUTING_NONE, hidden));
178 render_widget_host_->set_owned_by_render_frame_host(true);
179 }
180 }
181
182 RenderFrameHostImpl::~RenderFrameHostImpl() {
183 GetProcess()->RemoveRoute(routing_id_);
184 g_routing_id_frame_map.Get().erase(
185 RenderFrameHostID(GetProcess()->GetID(), routing_id_));
186
187 if (delegate_)
188 delegate_->RenderFrameDeleted(this);
189
190 FrameAccessibility::GetInstance()->OnRenderFrameHostDestroyed(this);
191
192 // If this was swapped out, it already decremented the active frame count of
193 // the SiteInstance it belongs to.
194 if (IsRFHStateActive(rfh_state_))
195 GetSiteInstance()->decrement_active_frame_count();
196
197 // Notify the FrameTree that this RFH is going away, allowing it to shut down
198 // the corresponding RenderViewHost if it is no longer needed.
199 frame_tree_->UnregisterRenderFrameHost(this);
200
201 // NULL out the swapout timer; in crash dumps this member will be null only if
202 // the dtor has run.
203 swapout_event_monitor_timeout_.reset();
204
205 for (const auto& iter: visual_state_callbacks_) {
206 iter.second.Run(false);
207 }
208
209 if (render_widget_host_)
210 render_widget_host_->Cleanup();
211 }
212
213 int RenderFrameHostImpl::GetRoutingID() {
214 return routing_id_;
215 }
216
217 SiteInstanceImpl* RenderFrameHostImpl::GetSiteInstance() {
218 return site_instance_.get();
219 }
220
221 RenderProcessHost* RenderFrameHostImpl::GetProcess() {
222 return process_;
223 }
224
225 RenderFrameHost* RenderFrameHostImpl::GetParent() {
226 FrameTreeNode* parent_node = frame_tree_node_->parent();
227 if (!parent_node)
228 return NULL;
229 return parent_node->current_frame_host();
230 }
231
232 const std::string& RenderFrameHostImpl::GetFrameName() {
233 return frame_tree_node_->frame_name();
234 }
235
236 bool RenderFrameHostImpl::IsCrossProcessSubframe() {
237 FrameTreeNode* parent_node = frame_tree_node_->parent();
238 if (!parent_node)
239 return false;
240 return GetSiteInstance() !=
241 parent_node->current_frame_host()->GetSiteInstance();
242 }
243
244 GURL RenderFrameHostImpl::GetLastCommittedURL() {
245 return frame_tree_node_->current_url();
246 }
247
248 gfx::NativeView RenderFrameHostImpl::GetNativeView() {
249 RenderWidgetHostView* view = render_view_host_->GetView();
250 if (!view)
251 return NULL;
252 return view->GetNativeView();
253 }
254
255 void RenderFrameHostImpl::ExecuteJavaScript(
256 const base::string16& javascript) {
257 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
258 javascript,
259 0, false));
260 }
261
262 void RenderFrameHostImpl::ExecuteJavaScript(
263 const base::string16& javascript,
264 const JavaScriptResultCallback& callback) {
265 static int next_id = 1;
266 int key = next_id++;
267 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
268 javascript,
269 key, true));
270 javascript_callbacks_.insert(std::make_pair(key, callback));
271 }
272
273 void RenderFrameHostImpl::ExecuteJavaScriptForTests(
274 const base::string16& javascript) {
275 Send(new FrameMsg_JavaScriptExecuteRequestForTests(routing_id_,
276 javascript,
277 0, false));
278 }
279
280 RenderViewHost* RenderFrameHostImpl::GetRenderViewHost() {
281 return render_view_host_;
282 }
283
284 ServiceRegistry* RenderFrameHostImpl::GetServiceRegistry() {
285 return service_registry_.get();
286 }
287
288 blink::WebPageVisibilityState RenderFrameHostImpl::GetVisibilityState() {
289 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops
290 // returning nullptr in some cases. See https://crbug.com/455245.
291 blink::WebPageVisibilityState visibility_state =
292 RenderWidgetHostImpl::From(GetView()->GetRenderWidgetHost())->is_hidden()
293 ? blink::WebPageVisibilityStateHidden
294 : blink::WebPageVisibilityStateVisible;
295 GetContentClient()->browser()->OverridePageVisibilityState(this,
296 &visibility_state);
297 return visibility_state;
298 }
299
300 bool RenderFrameHostImpl::Send(IPC::Message* message) {
301 if (IPC_MESSAGE_ID_CLASS(message->type()) == InputMsgStart) {
302 return render_view_host_->input_router()->SendInput(
303 make_scoped_ptr(message));
304 }
305
306 return GetProcess()->Send(message);
307 }
308
309 bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) {
310 // Filter out most IPC messages if this frame is swapped out.
311 // We still want to handle certain ACKs to keep our state consistent.
312 if (is_swapped_out()) {
313 if (!SwappedOutMessages::CanHandleWhileSwappedOut(msg)) {
314 // If this is a synchronous message and we decided not to handle it,
315 // we must send an error reply, or else the renderer will be stuck
316 // and won't respond to future requests.
317 if (msg.is_sync()) {
318 IPC::Message* reply = IPC::SyncMessage::GenerateReply(&msg);
319 reply->set_reply_error();
320 Send(reply);
321 }
322 // Don't continue looking for someone to handle it.
323 return true;
324 }
325 }
326
327 if (delegate_->OnMessageReceived(this, msg))
328 return true;
329
330 RenderFrameProxyHost* proxy =
331 frame_tree_node_->render_manager()->GetProxyToParent();
332 if (proxy && proxy->cross_process_frame_connector() &&
333 proxy->cross_process_frame_connector()->OnMessageReceived(msg))
334 return true;
335
336 bool handled = true;
337 IPC_BEGIN_MESSAGE_MAP(RenderFrameHostImpl, msg)
338 IPC_MESSAGE_HANDLER(FrameHostMsg_AddMessageToConsole, OnAddMessageToConsole)
339 IPC_MESSAGE_HANDLER(FrameHostMsg_Detach, OnDetach)
340 IPC_MESSAGE_HANDLER(FrameHostMsg_FrameFocused, OnFrameFocused)
341 IPC_MESSAGE_HANDLER(FrameHostMsg_DidStartProvisionalLoadForFrame,
342 OnDidStartProvisionalLoadForFrame)
343 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailProvisionalLoadWithError,
344 OnDidFailProvisionalLoadWithError)
345 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailLoadWithError,
346 OnDidFailLoadWithError)
347 IPC_MESSAGE_HANDLER_GENERIC(FrameHostMsg_DidCommitProvisionalLoad,
348 OnDidCommitProvisionalLoad(msg))
349 IPC_MESSAGE_HANDLER(FrameHostMsg_DidDropNavigation, OnDidDropNavigation)
350 IPC_MESSAGE_HANDLER(FrameHostMsg_OpenURL, OnOpenURL)
351 IPC_MESSAGE_HANDLER(FrameHostMsg_DocumentOnLoadCompleted,
352 OnDocumentOnLoadCompleted)
353 IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnload_ACK, OnBeforeUnloadACK)
354 IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnloadHandlersPresent,
355 OnBeforeUnloadHandlersPresent)
356 IPC_MESSAGE_HANDLER(FrameHostMsg_UnloadHandlersPresent,
357 OnUnloadHandlersPresent)
358 IPC_MESSAGE_HANDLER(FrameHostMsg_SwapOut_ACK, OnSwapOutACK)
359 IPC_MESSAGE_HANDLER(FrameHostMsg_ContextMenu, OnContextMenu)
360 IPC_MESSAGE_HANDLER(FrameHostMsg_JavaScriptExecuteResponse,
361 OnJavaScriptExecuteResponse)
362 IPC_MESSAGE_HANDLER(FrameHostMsg_VisualStateResponse,
363 OnVisualStateResponse)
364 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunJavaScriptMessage,
365 OnRunJavaScriptMessage)
366 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunBeforeUnloadConfirm,
367 OnRunBeforeUnloadConfirm)
368 IPC_MESSAGE_HANDLER(FrameHostMsg_DidAccessInitialDocument,
369 OnDidAccessInitialDocument)
370 IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisownOpener, OnDidDisownOpener)
371 IPC_MESSAGE_HANDLER(FrameHostMsg_DidAssignPageId, OnDidAssignPageId)
372 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateTitle, OnUpdateTitle)
373 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateEncoding, OnUpdateEncoding)
374 IPC_MESSAGE_HANDLER(FrameHostMsg_BeginNavigation,
375 OnBeginNavigation)
376 IPC_MESSAGE_HANDLER(FrameHostMsg_TextSurroundingSelectionResponse,
377 OnTextSurroundingSelectionResponse)
378 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_Events, OnAccessibilityEvents)
379 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_LocationChanges,
380 OnAccessibilityLocationChanges)
381 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_FindInPageResult,
382 OnAccessibilityFindInPageResult)
383 IPC_MESSAGE_HANDLER(FrameHostMsg_ToggleFullscreen, OnToggleFullscreen)
384 // The following message is synthetic and doesn't come from RenderFrame, but
385 // from RenderProcessHost.
386 IPC_MESSAGE_HANDLER(FrameHostMsg_RenderProcessGone, OnRenderProcessGone)
387 #if defined(OS_MACOSX) || defined(OS_ANDROID)
388 IPC_MESSAGE_HANDLER(FrameHostMsg_ShowPopup, OnShowPopup)
389 IPC_MESSAGE_HANDLER(FrameHostMsg_HidePopup, OnHidePopup)
390 #endif
391 IPC_END_MESSAGE_MAP()
392
393 // No further actions here, since we may have been deleted.
394 return handled;
395 }
396
397 void RenderFrameHostImpl::AccessibilitySetFocus(int object_id) {
398 Send(new AccessibilityMsg_SetFocus(routing_id_, object_id));
399 }
400
401 void RenderFrameHostImpl::AccessibilityDoDefaultAction(int object_id) {
402 Send(new AccessibilityMsg_DoDefaultAction(routing_id_, object_id));
403 }
404
405 void RenderFrameHostImpl::AccessibilityShowMenu(
406 const gfx::Point& global_point) {
407 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
408 render_view_host_->GetView());
409 if (view)
410 view->AccessibilityShowMenu(global_point);
411 }
412
413 void RenderFrameHostImpl::AccessibilityScrollToMakeVisible(
414 int acc_obj_id, const gfx::Rect& subfocus) {
415 Send(new AccessibilityMsg_ScrollToMakeVisible(
416 routing_id_, acc_obj_id, subfocus));
417 }
418
419 void RenderFrameHostImpl::AccessibilityScrollToPoint(
420 int acc_obj_id, const gfx::Point& point) {
421 Send(new AccessibilityMsg_ScrollToPoint(
422 routing_id_, acc_obj_id, point));
423 }
424
425 void RenderFrameHostImpl::AccessibilitySetTextSelection(
426 int object_id, int start_offset, int end_offset) {
427 Send(new AccessibilityMsg_SetTextSelection(
428 routing_id_, object_id, start_offset, end_offset));
429 }
430
431 void RenderFrameHostImpl::AccessibilitySetValue(
432 int object_id, const base::string16& value) {
433 Send(new AccessibilityMsg_SetValue(routing_id_, object_id, value));
434 }
435
436 bool RenderFrameHostImpl::AccessibilityViewHasFocus() const {
437 RenderWidgetHostView* view = render_view_host_->GetView();
438 if (view)
439 return view->HasFocus();
440 return false;
441 }
442
443 gfx::Rect RenderFrameHostImpl::AccessibilityGetViewBounds() const {
444 RenderWidgetHostView* view = render_view_host_->GetView();
445 if (view)
446 return view->GetViewBounds();
447 return gfx::Rect();
448 }
449
450 gfx::Point RenderFrameHostImpl::AccessibilityOriginInScreen(
451 const gfx::Rect& bounds) const {
452 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
453 render_view_host_->GetView());
454 if (view)
455 return view->AccessibilityOriginInScreen(bounds);
456 return gfx::Point();
457 }
458
459 void RenderFrameHostImpl::AccessibilityHitTest(const gfx::Point& point) {
460 Send(new AccessibilityMsg_HitTest(routing_id_, point));
461 }
462
463 void RenderFrameHostImpl::AccessibilitySetAccessibilityFocus(int acc_obj_id) {
464 Send(new AccessibilityMsg_SetAccessibilityFocus(routing_id_, acc_obj_id));
465 }
466
467 void RenderFrameHostImpl::AccessibilityFatalError() {
468 browser_accessibility_manager_.reset(NULL);
469 if (accessibility_reset_token_)
470 return;
471
472 accessibility_reset_count_++;
473 if (accessibility_reset_count_ >= kMaxAccessibilityResets) {
474 Send(new AccessibilityMsg_FatalError(routing_id_));
475 } else {
476 accessibility_reset_token_ = g_next_accessibility_reset_token++;
477 UMA_HISTOGRAM_COUNTS("Accessibility.FrameResetCount", 1);
478 Send(new AccessibilityMsg_Reset(routing_id_, accessibility_reset_token_));
479 }
480 }
481
482 gfx::AcceleratedWidget
483 RenderFrameHostImpl::AccessibilityGetAcceleratedWidget() {
484 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
485 render_view_host_->GetView());
486 if (view)
487 return view->AccessibilityGetAcceleratedWidget();
488 return gfx::kNullAcceleratedWidget;
489 }
490
491 gfx::NativeViewAccessible
492 RenderFrameHostImpl::AccessibilityGetNativeViewAccessible() {
493 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
494 render_view_host_->GetView());
495 if (view)
496 return view->AccessibilityGetNativeViewAccessible();
497 return NULL;
498 }
499
500 BrowserAccessibilityManager* RenderFrameHostImpl::AccessibilityGetChildFrame(
501 int accessibility_node_id) {
502 RenderFrameHostImpl* child_frame =
503 FrameAccessibility::GetInstance()->GetChild(this, accessibility_node_id);
504 if (!child_frame || IsSameSiteInstance(child_frame))
505 return nullptr;
506
507 return child_frame->GetOrCreateBrowserAccessibilityManager();
508 }
509
510 void RenderFrameHostImpl::AccessibilityGetAllChildFrames(
511 std::vector<BrowserAccessibilityManager*>* child_frames) {
512 std::vector<RenderFrameHostImpl*> child_frame_hosts;
513 FrameAccessibility::GetInstance()->GetAllChildFrames(
514 this, &child_frame_hosts);
515 for (size_t i = 0; i < child_frame_hosts.size(); ++i) {
516 RenderFrameHostImpl* child_frame_host = child_frame_hosts[i];
517 if (!child_frame_host || IsSameSiteInstance(child_frame_host))
518 continue;
519
520 BrowserAccessibilityManager* manager =
521 child_frame_host->GetOrCreateBrowserAccessibilityManager();
522 if (manager)
523 child_frames->push_back(manager);
524 }
525 }
526
527 BrowserAccessibility* RenderFrameHostImpl::AccessibilityGetParentFrame() {
528 RenderFrameHostImpl* parent_frame = NULL;
529 int parent_node_id = 0;
530 if (!FrameAccessibility::GetInstance()->GetParent(
531 this, &parent_frame, &parent_node_id)) {
532 return NULL;
533 }
534
535 // As a sanity check, make sure the frame we're going to return belongs
536 // to the same BrowserContext.
537 if (GetSiteInstance()->GetBrowserContext() !=
538 parent_frame->GetSiteInstance()->GetBrowserContext()) {
539 NOTREACHED();
540 return NULL;
541 }
542
543 BrowserAccessibilityManager* manager =
544 parent_frame->browser_accessibility_manager();
545 if (!manager)
546 return NULL;
547
548 return manager->GetFromID(parent_node_id);
549 }
550
551 bool RenderFrameHostImpl::CreateRenderFrame(int parent_routing_id,
552 int proxy_routing_id) {
553 TRACE_EVENT0("navigation", "RenderFrameHostImpl::CreateRenderFrame");
554 DCHECK(!IsRenderFrameLive()) << "Creating frame twice";
555
556 // The process may (if we're sharing a process with another host that already
557 // initialized it) or may not (we have our own process or the old process
558 // crashed) have been initialized. Calling Init multiple times will be
559 // ignored, so this is safe.
560 if (!GetProcess()->Init())
561 return false;
562
563 DCHECK(GetProcess()->HasConnection());
564
565 FrameMsg_NewFrame_WidgetParams widget_params;
566 if (render_widget_host_) {
567 widget_params.routing_id = render_widget_host_->GetRoutingID();
568 widget_params.surface_id = render_widget_host_->surface_id();
569 widget_params.hidden = render_widget_host_->is_hidden();
570 } else {
571 // MSG_ROUTING_NONE will prevent a new RenderWidget from being created in
572 // the renderer process.
573 widget_params.routing_id = MSG_ROUTING_NONE;
574 widget_params.surface_id = 0;
575 widget_params.hidden = true;
576 }
577
578 Send(new FrameMsg_NewFrame(routing_id_, parent_routing_id, proxy_routing_id,
579 frame_tree_node()->current_replication_state(),
580 widget_params));
581
582 // The RenderWidgetHost takes ownership of its view. It is tied to the
583 // lifetime of the current RenderProcessHost for this RenderFrameHost.
584 if (render_widget_host_) {
585 RenderWidgetHostView* rwhv =
586 new RenderWidgetHostViewChildFrame(render_widget_host_.get());
587 rwhv->Hide();
588 }
589
590 if (proxy_routing_id != MSG_ROUTING_NONE) {
591 RenderFrameProxyHost* proxy = RenderFrameProxyHost::FromID(
592 GetProcess()->GetID(), proxy_routing_id);
593 // We have also created a RenderFrameProxy in FrameMsg_NewFrame above, so
594 // remember that.
595 proxy->set_render_frame_proxy_created(true);
596 }
597
598 // The renderer now has a RenderFrame for this RenderFrameHost. Note that
599 // this path is only used for out-of-process iframes. Main frame RenderFrames
600 // are created with their RenderView, and same-site iframes are created at the
601 // time of OnCreateChildFrame.
602 SetRenderFrameCreated(true);
603
604 return true;
605 }
606
607 bool RenderFrameHostImpl::IsRenderFrameLive() {
608 // RenderFrames are created for main frames at the same time as RenderViews,
609 // so we rely on IsRenderViewLive. For subframes, we keep track of each
610 // RenderFrame individually with render_frame_created_.
611 bool is_live = !GetParent() ?
612 render_view_host_->IsRenderViewLive() :
613 GetProcess()->HasConnection() && render_frame_created_;
614
615 // Sanity check: the RenderView should always be live if the RenderFrame is.
616 DCHECK(!is_live || render_view_host_->IsRenderViewLive());
617
618 return is_live;
619 }
620
621 void RenderFrameHostImpl::SetRenderFrameCreated(bool created) {
622 render_frame_created_ = created;
623 if (created && render_widget_host_)
624 render_widget_host_->InitForFrame();
625 }
626
627 void RenderFrameHostImpl::Init() {
628 GetProcess()->ResumeRequestsForView(routing_id_);
629 }
630
631 void RenderFrameHostImpl::OnAddMessageToConsole(
632 int32 level,
633 const base::string16& message,
634 int32 line_no,
635 const base::string16& source_id) {
636 if (delegate_->AddMessageToConsole(level, message, line_no, source_id))
637 return;
638
639 // Pass through log level only on WebUI pages to limit console spew.
640 const bool is_web_ui =
641 HasWebUIScheme(delegate_->GetMainFrameLastCommittedURL());
642 const int32 resolved_level = is_web_ui ? level : ::logging::LOG_INFO;
643
644 // LogMessages can be persisted so this shouldn't be logged in incognito mode.
645 // This rule is not applied to WebUI pages, because source code of WebUI is a
646 // part of Chrome source code, and we want to treat messages from WebUI the
647 // same way as we treat log messages from native code.
648 if (::logging::GetMinLogLevel() <= resolved_level &&
649 (is_web_ui ||
650 !GetSiteInstance()->GetBrowserContext()->IsOffTheRecord())) {
651 logging::LogMessage("CONSOLE", line_no, resolved_level).stream()
652 << "\"" << message << "\", source: " << source_id << " (" << line_no
653 << ")";
654 }
655 }
656
657 void RenderFrameHostImpl::OnCreateChildFrame(int new_routing_id,
658 const std::string& frame_name,
659 SandboxFlags sandbox_flags) {
660 // It is possible that while a new RenderFrameHost was committed, the
661 // RenderFrame corresponding to this host sent an IPC message to create a
662 // frame and it is delivered after this host is swapped out.
663 // Ignore such messages, as we know this RenderFrameHost is going away.
664 if (rfh_state_ != RenderFrameHostImpl::STATE_DEFAULT)
665 return;
666
667 RenderFrameHostImpl* new_frame = frame_tree_->AddFrame(
668 frame_tree_node_, GetProcess()->GetID(), new_routing_id, frame_name);
669 if (!new_frame)
670 return;
671
672 // We know that the RenderFrame has been created in this case, immediately
673 // after the CreateChildFrame IPC was sent.
674 new_frame->SetRenderFrameCreated(true);
675
676 new_frame->frame_tree_node()->set_sandbox_flags(sandbox_flags);
677
678 if (delegate_)
679 delegate_->RenderFrameCreated(new_frame);
680 }
681
682 void RenderFrameHostImpl::OnDetach() {
683 frame_tree_->RemoveFrame(frame_tree_node_);
684 }
685
686 void RenderFrameHostImpl::OnFrameFocused() {
687 frame_tree_->SetFocusedFrame(frame_tree_node_);
688 }
689
690 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) {
691 OpenURL(params, GetSiteInstance());
692 }
693
694 void RenderFrameHostImpl::OnDocumentOnLoadCompleted(
695 FrameMsg_UILoadMetricsReportType::Value report_type,
696 base::TimeTicks ui_timestamp) {
697 if (report_type == FrameMsg_UILoadMetricsReportType::REPORT_LINK) {
698 UMA_HISTOGRAM_CUSTOM_TIMES("Navigation.UI_OnLoadComplete.Link",
699 base::TimeTicks::Now() - ui_timestamp,
700 base::TimeDelta::FromMilliseconds(10),
701 base::TimeDelta::FromMinutes(10), 100);
702 } else if (report_type == FrameMsg_UILoadMetricsReportType::REPORT_INTENT) {
703 UMA_HISTOGRAM_CUSTOM_TIMES("Navigation.UI_OnLoadComplete.Intent",
704 base::TimeTicks::Now() - ui_timestamp,
705 base::TimeDelta::FromMilliseconds(10),
706 base::TimeDelta::FromMinutes(10), 100);
707 }
708 // This message is only sent for top-level frames. TODO(avi): when frame tree
709 // mirroring works correctly, add a check here to enforce it.
710 delegate_->DocumentOnLoadCompleted(this);
711 }
712
713 void RenderFrameHostImpl::OnDidStartProvisionalLoadForFrame(
714 const GURL& url,
715 bool is_transition_navigation) {
716 frame_tree_node_->navigator()->DidStartProvisionalLoad(
717 this, url, is_transition_navigation);
718 }
719
720 void RenderFrameHostImpl::OnDidFailProvisionalLoadWithError(
721 const FrameHostMsg_DidFailProvisionalLoadWithError_Params& params) {
722 frame_tree_node_->navigator()->DidFailProvisionalLoadWithError(this, params);
723 }
724
725 void RenderFrameHostImpl::OnDidFailLoadWithError(
726 const GURL& url,
727 int error_code,
728 const base::string16& error_description) {
729 GURL validated_url(url);
730 GetProcess()->FilterURL(false, &validated_url);
731
732 frame_tree_node_->navigator()->DidFailLoadWithError(
733 this, validated_url, error_code, error_description);
734 }
735
736 // Called when the renderer navigates. For every frame loaded, we'll get this
737 // notification containing parameters identifying the navigation.
738 //
739 // Subframes are identified by the page transition type. For subframes loaded
740 // as part of a wider page load, the page_id will be the same as for the top
741 // level frame. If the user explicitly requests a subframe navigation, we will
742 // get a new page_id because we need to create a new navigation entry for that
743 // action.
744 void RenderFrameHostImpl::OnDidCommitProvisionalLoad(const IPC::Message& msg) {
745 // Read the parameters out of the IPC message directly to avoid making another
746 // copy when we filter the URLs.
747 PickleIterator iter(msg);
748 FrameHostMsg_DidCommitProvisionalLoad_Params validated_params;
749 if (!IPC::ParamTraits<FrameHostMsg_DidCommitProvisionalLoad_Params>::
750 Read(&msg, &iter, &validated_params))
751 return;
752 TRACE_EVENT1("navigation", "RenderFrameHostImpl::OnDidCommitProvisionalLoad",
753 "url", validated_params.url.possibly_invalid_spec());
754
755 // If we're waiting for a cross-site beforeunload ack from this renderer and
756 // we receive a Navigate message from the main frame, then the renderer was
757 // navigating already and sent it before hearing the FrameMsg_Stop message.
758 // We do not want to cancel the pending navigation in this case, since the
759 // old page will soon be stopped. Instead, treat this as a beforeunload ack
760 // to allow the pending navigation to continue.
761 if (is_waiting_for_beforeunload_ack_ &&
762 unload_ack_is_for_navigation_ &&
763 ui::PageTransitionIsMainFrame(validated_params.transition)) {
764 base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
765 OnBeforeUnloadACK(true, approx_renderer_start_time, base::TimeTicks::Now());
766 return;
767 }
768
769 // If we're waiting for an unload ack from this renderer and we receive a
770 // Navigate message, then the renderer was navigating before it received the
771 // unload request. It will either respond to the unload request soon or our
772 // timer will expire. Either way, we should ignore this message, because we
773 // have already committed to closing this renderer.
774 if (IsWaitingForUnloadACK())
775 return;
776
777 if (validated_params.report_type ==
778 FrameMsg_UILoadMetricsReportType::REPORT_LINK) {
779 UMA_HISTOGRAM_CUSTOM_TIMES(
780 "Navigation.UI_OnCommitProvisionalLoad.Link",
781 base::TimeTicks::Now() - validated_params.ui_timestamp,
782 base::TimeDelta::FromMilliseconds(10), base::TimeDelta::FromMinutes(10),
783 100);
784 } else if (validated_params.report_type ==
785 FrameMsg_UILoadMetricsReportType::REPORT_INTENT) {
786 UMA_HISTOGRAM_CUSTOM_TIMES(
787 "Navigation.UI_OnCommitProvisionalLoad.Intent",
788 base::TimeTicks::Now() - validated_params.ui_timestamp,
789 base::TimeDelta::FromMilliseconds(10), base::TimeDelta::FromMinutes(10),
790 100);
791 }
792
793 RenderProcessHost* process = GetProcess();
794
795 // Attempts to commit certain off-limits URL should be caught more strictly
796 // than our FilterURL checks below. If a renderer violates this policy, it
797 // should be killed.
798 if (!CanCommitURL(validated_params.url)) {
799 VLOG(1) << "Blocked URL " << validated_params.url.spec();
800 validated_params.url = GURL(url::kAboutBlankURL);
801 RecordAction(base::UserMetricsAction("CanCommitURL_BlockedAndKilled"));
802 // Kills the process.
803 process->ReceivedBadMessage();
804 }
805
806 // Without this check, an evil renderer can trick the browser into creating
807 // a navigation entry for a banned URL. If the user clicks the back button
808 // followed by the forward button (or clicks reload, or round-trips through
809 // session restore, etc), we'll think that the browser commanded the
810 // renderer to load the URL and grant the renderer the privileges to request
811 // the URL. To prevent this attack, we block the renderer from inserting
812 // banned URLs into the navigation controller in the first place.
813 process->FilterURL(false, &validated_params.url);
814 process->FilterURL(true, &validated_params.referrer.url);
815 for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
816 it != validated_params.redirects.end(); ++it) {
817 process->FilterURL(false, &(*it));
818 }
819 process->FilterURL(true, &validated_params.searchable_form_url);
820
821 // Without this check, the renderer can trick the browser into using
822 // filenames it can't access in a future session restore.
823 if (!render_view_host_->CanAccessFilesOfPageState(
824 validated_params.page_state)) {
825 GetProcess()->ReceivedBadMessage();
826 return;
827 }
828
829 accessibility_reset_count_ = 0;
830 frame_tree_node()->navigator()->DidNavigate(this, validated_params);
831 }
832
833 void RenderFrameHostImpl::OnDidDropNavigation() {
834 // At the end of Navigate(), the delegate's DidStartLoading is called to force
835 // the spinner to start, even if the renderer didn't yet begin the load. If it
836 // turns out that the renderer dropped the navigation, we need to turn off the
837 // spinner.
838 delegate_->DidStopLoading(this);
839 }
840
841 RenderWidgetHostImpl* RenderFrameHostImpl::GetRenderWidgetHost() {
842 if (render_widget_host_)
843 return render_widget_host_.get();
844
845 // TODO(kenrb): When RenderViewHost no longer inherits RenderWidgetHost,
846 // we can remove this fallback. Currently it is only used for the main
847 // frame.
848 if (!GetParent())
849 return static_cast<RenderWidgetHostImpl*>(render_view_host_);
850
851 return nullptr;
852 }
853
854 RenderWidgetHostView* RenderFrameHostImpl::GetView() {
855 RenderFrameHostImpl* frame = this;
856 while (frame) {
857 if (frame->render_widget_host_)
858 return frame->render_widget_host_->GetView();
859 frame = static_cast<RenderFrameHostImpl*>(frame->GetParent());
860 }
861
862 return render_view_host_->GetView();
863 }
864
865 int RenderFrameHostImpl::GetEnabledBindings() {
866 return render_view_host_->GetEnabledBindings();
867 }
868
869 void RenderFrameHostImpl::OnCrossSiteResponse(
870 const GlobalRequestID& global_request_id,
871 scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request,
872 const std::vector<GURL>& transfer_url_chain,
873 const Referrer& referrer,
874 ui::PageTransition page_transition,
875 bool should_replace_current_entry) {
876 frame_tree_node_->render_manager()->OnCrossSiteResponse(
877 this, global_request_id, cross_site_transferring_request.Pass(),
878 transfer_url_chain, referrer, page_transition,
879 should_replace_current_entry);
880 }
881
882 void RenderFrameHostImpl::OnDeferredAfterResponseStarted(
883 const GlobalRequestID& global_request_id,
884 const TransitionLayerData& transition_data) {
885 frame_tree_node_->render_manager()->OnDeferredAfterResponseStarted(
886 global_request_id, this);
887
888 if (GetParent() || !delegate_->WillHandleDeferAfterResponseStarted())
889 frame_tree_node_->render_manager()->ResumeResponseDeferredAtStart();
890 else
891 delegate_->DidDeferAfterResponseStarted(transition_data);
892 }
893
894 void RenderFrameHostImpl::SwapOut(
895 RenderFrameProxyHost* proxy,
896 bool is_loading) {
897 // The end of this event is in OnSwapOutACK when the RenderFrame has completed
898 // the operation and sends back an IPC message.
899 // The trace event may not end properly if the ACK times out. We expect this
900 // to be fixed when RenderViewHostImpl::OnSwapOut moves to RenderFrameHost.
901 TRACE_EVENT_ASYNC_BEGIN0("navigation", "RenderFrameHostImpl::SwapOut", this);
902
903 // If this RenderFrameHost is not in the default state, it must have already
904 // gone through this, therefore just return.
905 if (rfh_state_ != RenderFrameHostImpl::STATE_DEFAULT) {
906 NOTREACHED() << "RFH should be in default state when calling SwapOut.";
907 return;
908 }
909
910 SetState(RenderFrameHostImpl::STATE_PENDING_SWAP_OUT);
911 swapout_event_monitor_timeout_->Start(
912 base::TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
913
914 // There may be no proxy if there are no active views in the process.
915 int proxy_routing_id = MSG_ROUTING_NONE;
916 FrameReplicationState replication_state;
917 if (proxy) {
918 set_render_frame_proxy_host(proxy);
919 proxy_routing_id = proxy->GetRoutingID();
920 replication_state = proxy->frame_tree_node()->current_replication_state();
921 }
922
923 if (IsRenderFrameLive()) {
924 Send(new FrameMsg_SwapOut(routing_id_, proxy_routing_id, is_loading,
925 replication_state));
926 }
927
928 if (!GetParent())
929 delegate_->SwappedOut(this);
930 }
931
932 void RenderFrameHostImpl::OnBeforeUnloadACK(
933 bool proceed,
934 const base::TimeTicks& renderer_before_unload_start_time,
935 const base::TimeTicks& renderer_before_unload_end_time) {
936 TRACE_EVENT_ASYNC_END0(
937 "navigation", "RenderFrameHostImpl::BeforeUnload", this);
938 DCHECK(!GetParent());
939 // If this renderer navigated while the beforeunload request was in flight, we
940 // may have cleared this state in OnDidCommitProvisionalLoad, in which case we
941 // can ignore this message.
942 // However renderer might also be swapped out but we still want to proceed
943 // with navigation, otherwise it would block future navigations. This can
944 // happen when pending cross-site navigation is canceled by a second one just
945 // before OnDidCommitProvisionalLoad while current RVH is waiting for commit
946 // but second navigation is started from the beginning.
947 if (!is_waiting_for_beforeunload_ack_) {
948 return;
949 }
950 DCHECK(!send_before_unload_start_time_.is_null());
951
952 // Sets a default value for before_unload_end_time so that the browser
953 // survives a hacked renderer.
954 base::TimeTicks before_unload_end_time = renderer_before_unload_end_time;
955 if (!renderer_before_unload_start_time.is_null() &&
956 !renderer_before_unload_end_time.is_null()) {
957 // When passing TimeTicks across process boundaries, we need to compensate
958 // for any skew between the processes. Here we are converting the
959 // renderer's notion of before_unload_end_time to TimeTicks in the browser
960 // process. See comments in inter_process_time_ticks_converter.h for more.
961 base::TimeTicks receive_before_unload_ack_time = base::TimeTicks::Now();
962 InterProcessTimeTicksConverter converter(
963 LocalTimeTicks::FromTimeTicks(send_before_unload_start_time_),
964 LocalTimeTicks::FromTimeTicks(receive_before_unload_ack_time),
965 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_start_time),
966 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
967 LocalTimeTicks browser_before_unload_end_time =
968 converter.ToLocalTimeTicks(
969 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
970 before_unload_end_time = browser_before_unload_end_time.ToTimeTicks();
971
972 // Collect UMA on the inter-process skew.
973 bool is_skew_additive = false;
974 if (converter.IsSkewAdditiveForMetrics()) {
975 is_skew_additive = true;
976 base::TimeDelta skew = converter.GetSkewForMetrics();
977 if (skew >= base::TimeDelta()) {
978 UMA_HISTOGRAM_TIMES(
979 "InterProcessTimeTicks.BrowserBehind_RendererToBrowser", skew);
980 } else {
981 UMA_HISTOGRAM_TIMES(
982 "InterProcessTimeTicks.BrowserAhead_RendererToBrowser", -skew);
983 }
984 }
985 UMA_HISTOGRAM_BOOLEAN(
986 "InterProcessTimeTicks.IsSkewAdditive_RendererToBrowser",
987 is_skew_additive);
988
989 base::TimeDelta on_before_unload_overhead_time =
990 (receive_before_unload_ack_time - send_before_unload_start_time_) -
991 (renderer_before_unload_end_time - renderer_before_unload_start_time);
992 UMA_HISTOGRAM_TIMES("Navigation.OnBeforeUnloadOverheadTime",
993 on_before_unload_overhead_time);
994
995 frame_tree_node_->navigator()->LogBeforeUnloadTime(
996 renderer_before_unload_start_time, renderer_before_unload_end_time);
997 }
998 // Resets beforeunload waiting state.
999 is_waiting_for_beforeunload_ack_ = false;
1000 render_view_host_->decrement_in_flight_event_count();
1001 render_view_host_->StopHangMonitorTimeout();
1002 send_before_unload_start_time_ = base::TimeTicks();
1003
1004 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1005 switches::kEnableBrowserSideNavigation)) {
1006 // TODO(clamy): see if before_unload_end_time should be transmitted to the
1007 // Navigator.
1008 frame_tree_node_->navigator()->OnBeforeUnloadACK(
1009 frame_tree_node_, proceed);
1010 } else {
1011 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
1012 unload_ack_is_for_navigation_, proceed,
1013 before_unload_end_time);
1014 }
1015
1016 // If canceled, notify the delegate to cancel its pending navigation entry.
1017 if (!proceed)
1018 render_view_host_->GetDelegate()->DidCancelLoading();
1019 }
1020
1021 bool RenderFrameHostImpl::IsWaitingForBeforeUnloadACK() const {
1022 if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
1023 switches::kEnableBrowserSideNavigation)) {
1024 return is_waiting_for_beforeunload_ack_;
1025 }
1026 return frame_tree_node_->navigator()->IsWaitingForBeforeUnloadACK(
1027 frame_tree_node_);
1028 }
1029
1030 bool RenderFrameHostImpl::IsWaitingForUnloadACK() const {
1031 return render_view_host_->is_waiting_for_close_ack_ ||
1032 rfh_state_ == STATE_PENDING_SWAP_OUT;
1033 }
1034
1035 bool RenderFrameHostImpl::SuddenTerminationAllowed() const {
1036 return override_sudden_termination_status_ ||
1037 (!has_beforeunload_handlers_ && !has_unload_handlers_);
1038 }
1039
1040 void RenderFrameHostImpl::OnSwapOutACK() {
1041 OnSwappedOut();
1042 }
1043
1044 void RenderFrameHostImpl::OnRenderProcessGone(int status, int exit_code) {
1045 if (frame_tree_node_->IsMainFrame()) {
1046 // Keep the termination status so we can get at it later when we
1047 // need to know why it died.
1048 render_view_host_->render_view_termination_status_ =
1049 static_cast<base::TerminationStatus>(status);
1050 }
1051
1052 SetRenderFrameCreated(false);
1053 InvalidateMojoConnection();
1054
1055 // Reset frame tree state associated with this process. This must happen
1056 // before RenderViewTerminated because observers expect the subframes of any
1057 // affected frames to be cleared first.
1058 // Note: When a RenderFrameHost is swapped out there is a different one
1059 // which is the current host. In this case, the FrameTreeNode state must
1060 // not be reset.
1061 if (!is_swapped_out())
1062 frame_tree_node_->ResetForNewProcess();
1063
1064 if (frame_tree_node_->IsMainFrame()) {
1065 // RenderViewHost/RenderWidgetHost needs to reset some stuff.
1066 render_view_host_->RendererExited(
1067 render_view_host_->render_view_termination_status_, exit_code);
1068
1069 render_view_host_->delegate_->RenderViewTerminated(
1070 render_view_host_, static_cast<base::TerminationStatus>(status),
1071 exit_code);
1072 }
1073 }
1074
1075 void RenderFrameHostImpl::OnSwappedOut() {
1076 // Ignore spurious swap out ack.
1077 if (rfh_state_ != STATE_PENDING_SWAP_OUT)
1078 return;
1079
1080 TRACE_EVENT_ASYNC_END0("navigation", "RenderFrameHostImpl::SwapOut", this);
1081 swapout_event_monitor_timeout_->Stop();
1082
1083 if (frame_tree_node_->render_manager()->DeleteFromPendingList(this)) {
1084 // We are now deleted.
1085 return;
1086 }
1087
1088 // If this RFH wasn't pending deletion, then it is now swapped out.
1089 SetState(RenderFrameHostImpl::STATE_SWAPPED_OUT);
1090 }
1091
1092 void RenderFrameHostImpl::OnContextMenu(const ContextMenuParams& params) {
1093 // Validate the URLs in |params|. If the renderer can't request the URLs
1094 // directly, don't show them in the context menu.
1095 ContextMenuParams validated_params(params);
1096 RenderProcessHost* process = GetProcess();
1097
1098 // We don't validate |unfiltered_link_url| so that this field can be used
1099 // when users want to copy the original link URL.
1100 process->FilterURL(true, &validated_params.link_url);
1101 process->FilterURL(true, &validated_params.src_url);
1102 process->FilterURL(false, &validated_params.page_url);
1103 process->FilterURL(true, &validated_params.frame_url);
1104
1105 delegate_->ShowContextMenu(this, validated_params);
1106 }
1107
1108 void RenderFrameHostImpl::OnJavaScriptExecuteResponse(
1109 int id, const base::ListValue& result) {
1110 const base::Value* result_value;
1111 if (!result.Get(0, &result_value)) {
1112 // Programming error or rogue renderer.
1113 NOTREACHED() << "Got bad arguments for OnJavaScriptExecuteResponse";
1114 return;
1115 }
1116
1117 std::map<int, JavaScriptResultCallback>::iterator it =
1118 javascript_callbacks_.find(id);
1119 if (it != javascript_callbacks_.end()) {
1120 it->second.Run(result_value);
1121 javascript_callbacks_.erase(it);
1122 } else {
1123 NOTREACHED() << "Received script response for unknown request";
1124 }
1125 }
1126
1127 void RenderFrameHostImpl::OnVisualStateResponse(uint64 id) {
1128 auto it = visual_state_callbacks_.find(id);
1129 if (it != visual_state_callbacks_.end()) {
1130 it->second.Run(true);
1131 visual_state_callbacks_.erase(it);
1132 } else {
1133 NOTREACHED() << "Received script response for unknown request";
1134 }
1135 }
1136
1137 void RenderFrameHostImpl::OnRunJavaScriptMessage(
1138 const base::string16& message,
1139 const base::string16& default_prompt,
1140 const GURL& frame_url,
1141 JavaScriptMessageType type,
1142 IPC::Message* reply_msg) {
1143 // While a JS message dialog is showing, tabs in the same process shouldn't
1144 // process input events.
1145 GetProcess()->SetIgnoreInputEvents(true);
1146 render_view_host_->StopHangMonitorTimeout();
1147 delegate_->RunJavaScriptMessage(this, message, default_prompt,
1148 frame_url, type, reply_msg);
1149 }
1150
1151 void RenderFrameHostImpl::OnRunBeforeUnloadConfirm(
1152 const GURL& frame_url,
1153 const base::string16& message,
1154 bool is_reload,
1155 IPC::Message* reply_msg) {
1156 // While a JS beforeunload dialog is showing, tabs in the same process
1157 // shouldn't process input events.
1158 GetProcess()->SetIgnoreInputEvents(true);
1159 render_view_host_->StopHangMonitorTimeout();
1160 delegate_->RunBeforeUnloadConfirm(this, message, is_reload, reply_msg);
1161 }
1162
1163 void RenderFrameHostImpl::OnTextSurroundingSelectionResponse(
1164 const base::string16& content,
1165 size_t start_offset,
1166 size_t end_offset) {
1167 render_view_host_->OnTextSurroundingSelectionResponse(
1168 content, start_offset, end_offset);
1169 }
1170
1171 void RenderFrameHostImpl::OnDidAccessInitialDocument() {
1172 delegate_->DidAccessInitialDocument();
1173 }
1174
1175 void RenderFrameHostImpl::OnDidDisownOpener() {
1176 // This message is only sent for top-level frames. TODO(avi): when frame tree
1177 // mirroring works correctly, add a check here to enforce it.
1178 delegate_->DidDisownOpener(this);
1179 }
1180
1181 void RenderFrameHostImpl::OnDidAssignPageId(int32 page_id) {
1182 // Update the RVH's current page ID so that future IPCs from the renderer
1183 // correspond to the new page.
1184 render_view_host_->page_id_ = page_id;
1185 }
1186
1187 void RenderFrameHostImpl::OnUpdateTitle(
1188 const base::string16& title,
1189 blink::WebTextDirection title_direction) {
1190 // This message is only sent for top-level frames. TODO(avi): when frame tree
1191 // mirroring works correctly, add a check here to enforce it.
1192 if (title.length() > kMaxTitleChars) {
1193 NOTREACHED() << "Renderer sent too many characters in title.";
1194 return;
1195 }
1196
1197 delegate_->UpdateTitle(this, render_view_host_->page_id_, title,
1198 WebTextDirectionToChromeTextDirection(
1199 title_direction));
1200 }
1201
1202 void RenderFrameHostImpl::OnUpdateEncoding(const std::string& encoding_name) {
1203 // This message is only sent for top-level frames. TODO(avi): when frame tree
1204 // mirroring works correctly, add a check here to enforce it.
1205 delegate_->UpdateEncoding(this, encoding_name);
1206 }
1207
1208 void RenderFrameHostImpl::OnBeginNavigation(
1209 const CommonNavigationParams& common_params,
1210 const BeginNavigationParams& begin_params,
1211 scoped_refptr<ResourceRequestBody> body) {
1212 CHECK(base::CommandLine::ForCurrentProcess()->HasSwitch(
1213 switches::kEnableBrowserSideNavigation));
1214 frame_tree_node()->navigator()->OnBeginNavigation(
1215 frame_tree_node(), common_params, begin_params, body);
1216 }
1217
1218 void RenderFrameHostImpl::OnAccessibilityEvents(
1219 const std::vector<AccessibilityHostMsg_EventParams>& params,
1220 int reset_token) {
1221 // Don't process this IPC if either we're waiting on a reset and this
1222 // IPC doesn't have the matching token ID, or if we're not waiting on a
1223 // reset but this message includes a reset token.
1224 if (accessibility_reset_token_ != reset_token) {
1225 Send(new AccessibilityMsg_Events_ACK(routing_id_));
1226 return;
1227 }
1228 accessibility_reset_token_ = 0;
1229
1230 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1231 render_view_host_->GetView());
1232
1233 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1234 if ((accessibility_mode != AccessibilityModeOff) && view &&
1235 RenderFrameHostImpl::IsRFHStateActive(rfh_state())) {
1236 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1237 GetOrCreateBrowserAccessibilityManager();
1238 if (browser_accessibility_manager_)
1239 browser_accessibility_manager_->OnAccessibilityEvents(params);
1240 }
1241
1242 if (browser_accessibility_manager_) {
1243 // Get the frame routing ids from out-of-process iframes and
1244 // browser plugin instance ids from guests and update the mappings in
1245 // FrameAccessibility.
1246 for (size_t i = 0; i < params.size(); ++i) {
1247 const AccessibilityHostMsg_EventParams& param = params[i];
1248 UpdateCrossProcessIframeAccessibility(
1249 param.node_to_frame_routing_id_map);
1250 UpdateGuestFrameAccessibility(
1251 param.node_to_browser_plugin_instance_id_map);
1252 }
1253 }
1254
1255 // Send the updates to the automation extension API.
1256 std::vector<AXEventNotificationDetails> details;
1257 details.reserve(params.size());
1258 for (size_t i = 0; i < params.size(); ++i) {
1259 const AccessibilityHostMsg_EventParams& param = params[i];
1260 AXEventNotificationDetails detail(param.update.node_id_to_clear,
1261 param.update.nodes,
1262 param.event_type,
1263 param.id,
1264 GetProcess()->GetID(),
1265 routing_id_);
1266 details.push_back(detail);
1267 }
1268
1269 delegate_->AccessibilityEventReceived(details);
1270 }
1271
1272 // Always send an ACK or the renderer can be in a bad state.
1273 Send(new AccessibilityMsg_Events_ACK(routing_id_));
1274
1275 // The rest of this code is just for testing; bail out if we're not
1276 // in that mode.
1277 if (accessibility_testing_callback_.is_null())
1278 return;
1279
1280 for (size_t i = 0; i < params.size(); i++) {
1281 const AccessibilityHostMsg_EventParams& param = params[i];
1282 if (static_cast<int>(param.event_type) < 0)
1283 continue;
1284
1285 if (!ax_tree_for_testing_) {
1286 if (browser_accessibility_manager_) {
1287 ax_tree_for_testing_.reset(new ui::AXTree(
1288 browser_accessibility_manager_->SnapshotAXTreeForTesting()));
1289 } else {
1290 ax_tree_for_testing_.reset(new ui::AXTree());
1291 CHECK(ax_tree_for_testing_->Unserialize(param.update))
1292 << ax_tree_for_testing_->error();
1293 }
1294 } else {
1295 CHECK(ax_tree_for_testing_->Unserialize(param.update))
1296 << ax_tree_for_testing_->error();
1297 }
1298 accessibility_testing_callback_.Run(param.event_type, param.id);
1299 }
1300 }
1301
1302 void RenderFrameHostImpl::OnAccessibilityLocationChanges(
1303 const std::vector<AccessibilityHostMsg_LocationChangeParams>& params) {
1304 if (accessibility_reset_token_)
1305 return;
1306
1307 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1308 render_view_host_->GetView());
1309 if (view && RenderFrameHostImpl::IsRFHStateActive(rfh_state())) {
1310 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1311 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1312 BrowserAccessibilityManager* manager =
1313 GetOrCreateBrowserAccessibilityManager();
1314 if (manager)
1315 manager->OnLocationChanges(params);
1316 }
1317 // TODO(aboxhall): send location change events to web contents observers too
1318 }
1319 }
1320
1321 void RenderFrameHostImpl::OnAccessibilityFindInPageResult(
1322 const AccessibilityHostMsg_FindInPageResultParams& params) {
1323 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1324 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1325 BrowserAccessibilityManager* manager =
1326 GetOrCreateBrowserAccessibilityManager();
1327 if (manager) {
1328 manager->OnFindInPageResult(
1329 params.request_id, params.match_index, params.start_id,
1330 params.start_offset, params.end_id, params.end_offset);
1331 }
1332 }
1333 }
1334
1335 void RenderFrameHostImpl::OnToggleFullscreen(bool enter_fullscreen) {
1336 if (enter_fullscreen)
1337 delegate_->EnterFullscreenMode(GetLastCommittedURL().GetOrigin());
1338 else
1339 delegate_->ExitFullscreenMode();
1340
1341 // The previous call might change the fullscreen state. We need to make sure
1342 // the renderer is aware of that, which is done via the resize message.
1343 render_view_host_->WasResized();
1344 }
1345
1346 void RenderFrameHostImpl::OnBeforeUnloadHandlersPresent(bool present) {
1347 has_beforeunload_handlers_ = present;
1348 }
1349
1350 void RenderFrameHostImpl::OnUnloadHandlersPresent(bool present) {
1351 has_unload_handlers_ = present;
1352 }
1353
1354 #if defined(OS_MACOSX) || defined(OS_ANDROID)
1355 void RenderFrameHostImpl::OnShowPopup(
1356 const FrameHostMsg_ShowPopup_Params& params) {
1357 RenderViewHostDelegateView* view =
1358 render_view_host_->delegate_->GetDelegateView();
1359 if (view) {
1360 view->ShowPopupMenu(this,
1361 params.bounds,
1362 params.item_height,
1363 params.item_font_size,
1364 params.selected_item,
1365 params.popup_items,
1366 params.right_aligned,
1367 params.allow_multiple_selection);
1368 }
1369 }
1370
1371 void RenderFrameHostImpl::OnHidePopup() {
1372 RenderViewHostDelegateView* view =
1373 render_view_host_->delegate_->GetDelegateView();
1374 if (view)
1375 view->HidePopupMenu();
1376 }
1377 #endif
1378
1379 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
1380 static void CreateMediaRendererService(
1381 mojo::InterfaceRequest<mojo::MediaRenderer> request) {
1382 media::MojoRendererService* service = new media::MojoRendererService();
1383 mojo::BindToRequest(service, &request);
1384 }
1385 #endif
1386
1387 void RenderFrameHostImpl::RegisterMojoServices() {
1388 GeolocationServiceContext* geolocation_service_context =
1389 delegate_ ? delegate_->GetGeolocationServiceContext() : NULL;
1390 if (geolocation_service_context) {
1391 // TODO(creis): Bind process ID here so that GeolocationServiceImpl
1392 // can perform permissions checks once site isolation is complete.
1393 // crbug.com/426384
1394 GetServiceRegistry()->AddService<GeolocationService>(
1395 base::Bind(&GeolocationServiceContext::CreateService,
1396 base::Unretained(geolocation_service_context),
1397 base::Bind(&RenderFrameHostImpl::DidUseGeolocationPermission,
1398 base::Unretained(this))));
1399 }
1400
1401 if (!permission_service_context_)
1402 permission_service_context_.reset(new PermissionServiceContext(this));
1403
1404 GetServiceRegistry()->AddService<PermissionService>(
1405 base::Bind(&PermissionServiceContext::CreateService,
1406 base::Unretained(permission_service_context_.get())));
1407
1408 GetServiceRegistry()->AddService<presentation::PresentationService>(
1409 base::Bind(&PresentationServiceImpl::CreateMojoService,
1410 base::Unretained(this)));
1411
1412 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
1413 GetServiceRegistry()->AddService<mojo::MediaRenderer>(
1414 base::Bind(&CreateMediaRendererService));
1415 #endif
1416 }
1417
1418 void RenderFrameHostImpl::SetState(RenderFrameHostImplState rfh_state) {
1419 // Only main frames should be swapped out and retained inside a proxy host.
1420 if (rfh_state == STATE_SWAPPED_OUT)
1421 CHECK(!GetParent());
1422
1423 // We update the number of RenderFrameHosts in a SiteInstance when the swapped
1424 // out status of a RenderFrameHost gets flipped to/from active.
1425 if (!IsRFHStateActive(rfh_state_) && IsRFHStateActive(rfh_state))
1426 GetSiteInstance()->increment_active_frame_count();
1427 else if (IsRFHStateActive(rfh_state_) && !IsRFHStateActive(rfh_state))
1428 GetSiteInstance()->decrement_active_frame_count();
1429
1430 // The active and swapped out state of the RVH is determined by its main
1431 // frame, since subframes should have their own widgets.
1432 if (frame_tree_node_->IsMainFrame()) {
1433 render_view_host_->set_is_active(IsRFHStateActive(rfh_state));
1434 render_view_host_->set_is_swapped_out(rfh_state == STATE_SWAPPED_OUT);
1435 }
1436
1437 // Whenever we change the RFH state to and from active or swapped out state,
1438 // we should not be waiting for beforeunload or close acks. We clear them
1439 // here to be safe, since they can cause navigations to be ignored in
1440 // OnDidCommitProvisionalLoad.
1441 // TODO(creis): Move is_waiting_for_beforeunload_ack_ into the state machine.
1442 if (rfh_state == STATE_DEFAULT ||
1443 rfh_state == STATE_SWAPPED_OUT ||
1444 rfh_state_ == STATE_DEFAULT ||
1445 rfh_state_ == STATE_SWAPPED_OUT) {
1446 if (is_waiting_for_beforeunload_ack_) {
1447 is_waiting_for_beforeunload_ack_ = false;
1448 render_view_host_->decrement_in_flight_event_count();
1449 render_view_host_->StopHangMonitorTimeout();
1450 }
1451 send_before_unload_start_time_ = base::TimeTicks();
1452 render_view_host_->is_waiting_for_close_ack_ = false;
1453 }
1454 rfh_state_ = rfh_state;
1455 }
1456
1457 bool RenderFrameHostImpl::CanCommitURL(const GURL& url) {
1458 // TODO(creis): We should also check for WebUI pages here. Also, when the
1459 // out-of-process iframes implementation is ready, we should check for
1460 // cross-site URLs that are not allowed to commit in this process.
1461
1462 // Give the client a chance to disallow URLs from committing.
1463 return GetContentClient()->browser()->CanCommitURL(GetProcess(), url);
1464 }
1465
1466 void RenderFrameHostImpl::Navigate(const FrameMsg_Navigate_Params& params) {
1467 TRACE_EVENT0("navigation", "RenderFrameHostImpl::Navigate");
1468 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
1469 // so do not grant them the ability to request additional URLs.
1470 if (!GetProcess()->IsIsolatedGuest()) {
1471 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
1472 GetProcess()->GetID(), params.common_params.url);
1473 if (params.common_params.url.SchemeIs(url::kDataScheme) &&
1474 params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
1475 // If 'data:' is used, and we have a 'file:' base url, grant access to
1476 // local files.
1477 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
1478 GetProcess()->GetID(), params.base_url_for_data_url);
1479 }
1480 }
1481
1482 // We may be returning to an existing NavigationEntry that had been granted
1483 // file access. If this is a different process, we will need to grant the
1484 // access again. The files listed in the page state are validated when they
1485 // are received from the renderer to prevent abuse.
1486 if (params.commit_params.page_state.IsValid()) {
1487 render_view_host_->GrantFileAccessFromPageState(
1488 params.commit_params.page_state);
1489 }
1490
1491 // Only send the message if we aren't suspended at the start of a cross-site
1492 // request.
1493 if (navigations_suspended_) {
1494 // Shouldn't be possible to have a second navigation while suspended, since
1495 // navigations will only be suspended during a cross-site request. If a
1496 // second navigation occurs, RenderFrameHostManager will cancel this pending
1497 // RFH and create a new pending RFH.
1498 DCHECK(!suspended_nav_params_.get());
1499 suspended_nav_params_.reset(new FrameMsg_Navigate_Params(params));
1500 } else {
1501 // Get back to a clean state, in case we start a new navigation without
1502 // completing a RFH swap or unload handler.
1503 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1504
1505 Send(new FrameMsg_Navigate(routing_id_, params));
1506 }
1507
1508 // Force the throbber to start. We do this because Blink's "started
1509 // loading" message will be received asynchronously from the UI of the
1510 // browser. But we want to keep the throbber in sync with what's happening
1511 // in the UI. For example, we want to start throbbing immediately when the
1512 // user navigates even if the renderer is delayed. There is also an issue
1513 // with the throbber starting because the WebUI (which controls whether the
1514 // favicon is displayed) happens synchronously. If the start loading
1515 // messages was asynchronous, then the default favicon would flash in.
1516 //
1517 // Blink doesn't send throb notifications for JavaScript URLs, so we
1518 // don't want to either.
1519 if (!params.common_params.url.SchemeIs(url::kJavaScriptScheme))
1520 delegate_->DidStartLoading(this, true);
1521 }
1522
1523 void RenderFrameHostImpl::NavigateToURL(const GURL& url) {
1524 FrameMsg_Navigate_Params params;
1525 params.common_params.url = url;
1526 params.common_params.transition = ui::PAGE_TRANSITION_LINK;
1527 params.common_params.navigation_type = FrameMsg_Navigate_Type::NORMAL;
1528 params.commit_params.browser_navigation_start = base::TimeTicks::Now();
1529 params.page_id = -1;
1530 params.pending_history_list_offset = -1;
1531 params.current_history_list_offset = -1;
1532 params.current_history_list_length = 0;
1533 Navigate(params);
1534 }
1535
1536 void RenderFrameHostImpl::OpenURL(const FrameHostMsg_OpenURL_Params& params,
1537 SiteInstance* source_site_instance) {
1538 GURL validated_url(params.url);
1539 GetProcess()->FilterURL(false, &validated_url);
1540
1541 TRACE_EVENT1("navigation", "RenderFrameHostImpl::OpenURL", "url",
1542 validated_url.possibly_invalid_spec());
1543 frame_tree_node_->navigator()->RequestOpenURL(
1544 this, validated_url, source_site_instance, params.referrer,
1545 params.disposition, params.should_replace_current_entry,
1546 params.user_gesture);
1547 }
1548
1549 void RenderFrameHostImpl::Stop() {
1550 Send(new FrameMsg_Stop(routing_id_));
1551 }
1552
1553 void RenderFrameHostImpl::DispatchBeforeUnload(bool for_navigation) {
1554 // TODO(creis): Support beforeunload on subframes. For now just pretend that
1555 // the handler ran and allowed the navigation to proceed.
1556 if (GetParent() || !IsRenderFrameLive()) {
1557 // We don't have a live renderer, so just skip running beforeunload.
1558 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1559 switches::kEnableBrowserSideNavigation)) {
1560 frame_tree_node_->navigator()->OnBeforeUnloadACK(
1561 frame_tree_node_, true);
1562 } else {
1563 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
1564 for_navigation, true, base::TimeTicks::Now());
1565 }
1566 return;
1567 }
1568 TRACE_EVENT_ASYNC_BEGIN0(
1569 "navigation", "RenderFrameHostImpl::BeforeUnload", this);
1570
1571 // This may be called more than once (if the user clicks the tab close button
1572 // several times, or if she clicks the tab close button then the browser close
1573 // button), and we only send the message once.
1574 if (is_waiting_for_beforeunload_ack_) {
1575 // Some of our close messages could be for the tab, others for cross-site
1576 // transitions. We always want to think it's for closing the tab if any
1577 // of the messages were, since otherwise it might be impossible to close
1578 // (if there was a cross-site "close" request pending when the user clicked
1579 // the close button). We want to keep the "for cross site" flag only if
1580 // both the old and the new ones are also for cross site.
1581 unload_ack_is_for_navigation_ =
1582 unload_ack_is_for_navigation_ && for_navigation;
1583 } else {
1584 // Start the hang monitor in case the renderer hangs in the beforeunload
1585 // handler.
1586 is_waiting_for_beforeunload_ack_ = true;
1587 unload_ack_is_for_navigation_ = for_navigation;
1588 // Increment the in-flight event count, to ensure that input events won't
1589 // cancel the timeout timer.
1590 render_view_host_->increment_in_flight_event_count();
1591 render_view_host_->StartHangMonitorTimeout(
1592 TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
1593 send_before_unload_start_time_ = base::TimeTicks::Now();
1594 Send(new FrameMsg_BeforeUnload(routing_id_));
1595 }
1596 }
1597
1598 void RenderFrameHostImpl::DisownOpener() {
1599 Send(new FrameMsg_DisownOpener(GetRoutingID()));
1600 }
1601
1602 void RenderFrameHostImpl::ExtendSelectionAndDelete(size_t before,
1603 size_t after) {
1604 Send(new InputMsg_ExtendSelectionAndDelete(routing_id_, before, after));
1605 }
1606
1607 void RenderFrameHostImpl::JavaScriptDialogClosed(
1608 IPC::Message* reply_msg,
1609 bool success,
1610 const base::string16& user_input,
1611 bool dialog_was_suppressed) {
1612 GetProcess()->SetIgnoreInputEvents(false);
1613 bool is_waiting = is_waiting_for_beforeunload_ack_ || IsWaitingForUnloadACK();
1614
1615 // If we are executing as part of (before)unload event handling, we don't
1616 // want to use the regular hung_renderer_delay_ms_ if the user has agreed to
1617 // leave the current page. In this case, use the regular timeout value used
1618 // during the (before)unload handling.
1619 if (is_waiting) {
1620 render_view_host_->StartHangMonitorTimeout(TimeDelta::FromMilliseconds(
1621 success ? RenderViewHostImpl::kUnloadTimeoutMS
1622 : render_view_host_->hung_renderer_delay_ms_));
1623 }
1624
1625 FrameHostMsg_RunJavaScriptMessage::WriteReplyParams(reply_msg,
1626 success, user_input);
1627 Send(reply_msg);
1628
1629 // If we are waiting for an unload or beforeunload ack and the user has
1630 // suppressed messages, kill the tab immediately; a page that's spamming
1631 // alerts in onbeforeunload is presumably malicious, so there's no point in
1632 // continuing to run its script and dragging out the process.
1633 // This must be done after sending the reply since RenderView can't close
1634 // correctly while waiting for a response.
1635 if (is_waiting && dialog_was_suppressed)
1636 render_view_host_->delegate_->RendererUnresponsive(render_view_host_);
1637 }
1638
1639 // PlzNavigate
1640 void RenderFrameHostImpl::CommitNavigation(
1641 ResourceResponse* response,
1642 scoped_ptr<StreamHandle> body,
1643 const CommonNavigationParams& common_params,
1644 const CommitNavigationParams& commit_params) {
1645 // TODO(clamy): Check if we have to add security checks for the browser plugin
1646 // guests.
1647
1648 // Get back to a clean state, in case we start a new navigation without
1649 // completing a RFH swap or unload handler.
1650 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1651
1652 Send(new FrameMsg_CommitNavigation(
1653 routing_id_, response->head, body->GetURL(),
1654 common_params, commit_params));
1655 // TODO(clamy): Check if we should start the throbber for non javascript urls
1656 // here.
1657
1658 // TODO(clamy): Release the stream handle once the renderer has finished
1659 // reading it.
1660 stream_handle_ = body.Pass();
1661 }
1662
1663 void RenderFrameHostImpl::SetUpMojoIfNeeded() {
1664 if (service_registry_.get())
1665 return;
1666
1667 service_registry_.reset(new ServiceRegistryImpl());
1668 if (!GetProcess()->GetServiceRegistry())
1669 return;
1670
1671 RegisterMojoServices();
1672 RenderFrameSetupPtr setup;
1673 GetProcess()->GetServiceRegistry()->ConnectToRemoteService(&setup);
1674
1675 mojo::ServiceProviderPtr exposed_services;
1676 service_registry_->Bind(GetProxy(&exposed_services));
1677
1678 mojo::ServiceProviderPtr services;
1679 setup->ExchangeServiceProviders(routing_id_, GetProxy(&services),
1680 exposed_services.Pass());
1681 service_registry_->BindRemoteServiceProvider(services.Pass());
1682
1683 #if defined(OS_ANDROID)
1684 service_registry_android_.reset(
1685 new ServiceRegistryAndroid(service_registry_.get()));
1686 #endif
1687 }
1688
1689 void RenderFrameHostImpl::InvalidateMojoConnection() {
1690 #if defined(OS_ANDROID)
1691 // The Android-specific service registry has a reference to
1692 // |service_registry_| and thus must be torn down first.
1693 service_registry_android_.reset();
1694 #endif
1695
1696 service_registry_.reset();
1697 }
1698
1699 bool RenderFrameHostImpl::IsFocused() {
1700 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops
1701 // returning nullptr in some cases. See https://crbug.com/455245.
1702 return RenderWidgetHostImpl::From(
1703 GetView()->GetRenderWidgetHost())->is_focused() &&
1704 frame_tree_->GetFocusedFrame() &&
1705 (frame_tree_->GetFocusedFrame() == frame_tree_node() ||
1706 frame_tree_->GetFocusedFrame()->IsDescendantOf(frame_tree_node()));
1707 }
1708
1709 void RenderFrameHostImpl::UpdateCrossProcessIframeAccessibility(
1710 const std::map<int32, int>& node_to_frame_routing_id_map) {
1711 for (const auto& iter : node_to_frame_routing_id_map) {
1712 // This is the id of the accessibility node that has a child frame.
1713 int32 node_id = iter.first;
1714 // The routing id from either a RenderFrame or a RenderFrameProxy.
1715 int frame_routing_id = iter.second;
1716
1717 FrameTree* frame_tree = frame_tree_node()->frame_tree();
1718 FrameTreeNode* child_frame_tree_node = frame_tree->FindByRoutingID(
1719 GetProcess()->GetID(), frame_routing_id);
1720
1721 if (child_frame_tree_node) {
1722 FrameAccessibility::GetInstance()->AddChildFrame(
1723 this, node_id, child_frame_tree_node->frame_tree_node_id());
1724 }
1725 }
1726 }
1727
1728 void RenderFrameHostImpl::UpdateGuestFrameAccessibility(
1729 const std::map<int32, int>& node_to_browser_plugin_instance_id_map) {
1730 for (const auto& iter : node_to_browser_plugin_instance_id_map) {
1731 // This is the id of the accessibility node that hosts a plugin.
1732 int32 node_id = iter.first;
1733 // The id of the browser plugin.
1734 int browser_plugin_instance_id = iter.second;
1735 FrameAccessibility::GetInstance()->AddGuestWebContents(
1736 this, node_id, browser_plugin_instance_id);
1737 }
1738 }
1739
1740 bool RenderFrameHostImpl::IsSameSiteInstance(
1741 RenderFrameHostImpl* other_render_frame_host) {
1742 // As a sanity check, make sure the frame belongs to the same BrowserContext.
1743 CHECK_EQ(GetSiteInstance()->GetBrowserContext(),
1744 other_render_frame_host->GetSiteInstance()->GetBrowserContext());
1745 return GetSiteInstance() == other_render_frame_host->GetSiteInstance();
1746 }
1747
1748 void RenderFrameHostImpl::SetAccessibilityMode(AccessibilityMode mode) {
1749 Send(new FrameMsg_SetAccessibilityMode(routing_id_, mode));
1750 }
1751
1752 void RenderFrameHostImpl::SetAccessibilityCallbackForTesting(
1753 const base::Callback<void(ui::AXEvent, int)>& callback) {
1754 accessibility_testing_callback_ = callback;
1755 }
1756
1757 const ui::AXTree* RenderFrameHostImpl::GetAXTreeForTesting() {
1758 return ax_tree_for_testing_.get();
1759 }
1760
1761 BrowserAccessibilityManager*
1762 RenderFrameHostImpl::GetOrCreateBrowserAccessibilityManager() {
1763 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1764 render_view_host_->GetView());
1765 if (view &&
1766 !browser_accessibility_manager_ &&
1767 !no_create_browser_accessibility_manager_for_testing_) {
1768 browser_accessibility_manager_.reset(
1769 view->CreateBrowserAccessibilityManager(this));
1770 if (browser_accessibility_manager_)
1771 UMA_HISTOGRAM_COUNTS("Accessibility.FrameEnabledCount", 1);
1772 else
1773 UMA_HISTOGRAM_COUNTS("Accessibility.FrameDidNotEnableCount", 1);
1774 }
1775 return browser_accessibility_manager_.get();
1776 }
1777
1778 void RenderFrameHostImpl::ActivateFindInPageResultForAccessibility(
1779 int request_id) {
1780 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1781 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1782 BrowserAccessibilityManager* manager =
1783 GetOrCreateBrowserAccessibilityManager();
1784 if (manager)
1785 manager->ActivateFindInPageResult(request_id);
1786 }
1787 }
1788
1789 void RenderFrameHostImpl::InsertVisualStateCallback(
1790 const VisualStateCallback& callback) {
1791 static uint64 next_id = 1;
1792 uint64 key = next_id++;
1793 Send(new FrameMsg_VisualStateRequest(routing_id_, key));
1794 visual_state_callbacks_.insert(std::make_pair(key, callback));
1795 }
1796
1797 #if defined(OS_WIN)
1798
1799 void RenderFrameHostImpl::SetParentNativeViewAccessible(
1800 gfx::NativeViewAccessible accessible_parent) {
1801 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1802 render_view_host_->GetView());
1803 if (view)
1804 view->SetParentNativeViewAccessible(accessible_parent);
1805 }
1806
1807 gfx::NativeViewAccessible
1808 RenderFrameHostImpl::GetParentNativeViewAccessible() const {
1809 return delegate_->GetParentNativeViewAccessible();
1810 }
1811
1812 #elif defined(OS_MACOSX)
1813
1814 void RenderFrameHostImpl::DidSelectPopupMenuItem(int selected_index) {
1815 Send(new FrameMsg_SelectPopupMenuItem(routing_id_, selected_index));
1816 }
1817
1818 void RenderFrameHostImpl::DidCancelPopupMenu() {
1819 Send(new FrameMsg_SelectPopupMenuItem(routing_id_, -1));
1820 }
1821
1822 #elif defined(OS_ANDROID)
1823
1824 void RenderFrameHostImpl::DidSelectPopupMenuItems(
1825 const std::vector<int>& selected_indices) {
1826 Send(new FrameMsg_SelectPopupMenuItems(routing_id_, false, selected_indices));
1827 }
1828
1829 void RenderFrameHostImpl::DidCancelPopupMenu() {
1830 Send(new FrameMsg_SelectPopupMenuItems(
1831 routing_id_, true, std::vector<int>()));
1832 }
1833
1834 #endif
1835
1836 void RenderFrameHostImpl::ClearPendingTransitionRequestData() {
1837 BrowserThread::PostTask(
1838 BrowserThread::IO,
1839 FROM_HERE,
1840 base::Bind(
1841 &TransitionRequestManager::ClearPendingTransitionRequestData,
1842 base::Unretained(TransitionRequestManager::GetInstance()),
1843 GetProcess()->GetID(),
1844 routing_id_));
1845 }
1846
1847 void RenderFrameHostImpl::SetNavigationsSuspended(
1848 bool suspend,
1849 const base::TimeTicks& proceed_time) {
1850 // This should only be called to toggle the state.
1851 DCHECK(navigations_suspended_ != suspend);
1852
1853 navigations_suspended_ = suspend;
1854 if (navigations_suspended_) {
1855 TRACE_EVENT_ASYNC_BEGIN0("navigation",
1856 "RenderFrameHostImpl navigation suspended", this);
1857 } else {
1858 TRACE_EVENT_ASYNC_END0("navigation",
1859 "RenderFrameHostImpl navigation suspended", this);
1860 }
1861
1862 if (!suspend && suspended_nav_params_) {
1863 // There's navigation message params waiting to be sent. Now that we're not
1864 // suspended anymore, resume navigation by sending them. If we were swapped
1865 // out, we should also stop filtering out the IPC messages now.
1866 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1867
1868 DCHECK(!proceed_time.is_null());
1869 suspended_nav_params_->commit_params.browser_navigation_start =
1870 proceed_time;
1871 Send(new FrameMsg_Navigate(routing_id_, *suspended_nav_params_));
1872 suspended_nav_params_.reset();
1873 }
1874 }
1875
1876 void RenderFrameHostImpl::CancelSuspendedNavigations() {
1877 // Clear any state if a pending navigation is canceled or preempted.
1878 if (suspended_nav_params_)
1879 suspended_nav_params_.reset();
1880
1881 TRACE_EVENT_ASYNC_END0("navigation",
1882 "RenderFrameHostImpl navigation suspended", this);
1883 navigations_suspended_ = false;
1884 }
1885
1886 void RenderFrameHostImpl::DidUseGeolocationPermission() {
1887 RenderFrameHost* top_frame = frame_tree_node()->frame_tree()->GetMainFrame();
1888 GetContentClient()->browser()->RegisterPermissionUsage(
1889 PERMISSION_GEOLOCATION,
1890 delegate_->GetAsWebContents(),
1891 GetLastCommittedURL().GetOrigin(),
1892 top_frame->GetLastCommittedURL().GetOrigin());
1893 }
1894
1895 } // namespace content