content/renderer/render_frame_proxy.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/renderer/render_frame_proxy.h"
   6
   7 #include <map>
   8
   9 #include "base/lazy_instance.h"
  10 #include "content/child/webmessageportchannel_impl.h"
  11 #include "content/common/frame_messages.h"
  12 #include "content/common/frame_replication_state.h"
  13 #include "content/common/swapped_out_messages.h"
  14 #include "content/common/view_messages.h"
  15 #include "content/renderer/child_frame_compositing_helper.h"
  16 #include "content/renderer/render_frame_impl.h"
  17 #include "content/renderer/render_thread_impl.h"
  18 #include "content/renderer/render_view_impl.h"
  19 #include "third_party/WebKit/public/platform/WebString.h"
  20 #include "third_party/WebKit/public/web/WebLocalFrame.h"
  21 #include "third_party/WebKit/public/web/WebUserGestureIndicator.h"
  22 #include "third_party/WebKit/public/web/WebView.h"
  23
  24 namespace content {
  25
  26 namespace {
  27
  28 // Facilitates lookup of RenderFrameProxy by routing_id.
  29 typedef std::map<int, RenderFrameProxy*> RoutingIDProxyMap;
  30 static base::LazyInstance<RoutingIDProxyMap> g_routing_id_proxy_map =
  31     LAZY_INSTANCE_INITIALIZER;
  32
  33 // Facilitates lookup of RenderFrameProxy by WebFrame.
  34 typedef std::map<blink::WebFrame*, RenderFrameProxy*> FrameMap;
  35 base::LazyInstance<FrameMap> g_frame_map = LAZY_INSTANCE_INITIALIZER;
  36
  37 }  // namespace
  38
  39 // static
  40 RenderFrameProxy* RenderFrameProxy::CreateProxyToReplaceFrame(
  41     RenderFrameImpl* frame_to_replace,
  42     int routing_id) {
  43   CHECK_NE(routing_id, MSG_ROUTING_NONE);
  44
  45   scoped_ptr<RenderFrameProxy> proxy(
  46       new RenderFrameProxy(routing_id, frame_to_replace->GetRoutingID()));
  47
  48   // When a RenderFrame is replaced by a RenderProxy, the WebRemoteFrame should
  49   // always come from WebRemoteFrame::create and a call to WebFrame::swap must
  50   // follow later.
  51   blink::WebRemoteFrame* web_frame = blink::WebRemoteFrame::create(proxy.get());
  52   proxy->Init(web_frame, frame_to_replace->render_view());
  53   return proxy.release();
  54 }
  55
  56 RenderFrameProxy* RenderFrameProxy::CreateFrameProxy(
  57     int routing_id,
  58     int parent_routing_id,
  59     int render_view_routing_id,
  60     const FrameReplicationState& replicated_state) {
  61   scoped_ptr<RenderFrameProxy> proxy(
  62       new RenderFrameProxy(routing_id, MSG_ROUTING_NONE));
  63   RenderViewImpl* render_view = NULL;
  64   blink::WebRemoteFrame* web_frame = NULL;
  65   if (parent_routing_id == MSG_ROUTING_NONE) {
  66     // Create a top level frame.
  67     render_view = RenderViewImpl::FromRoutingID(render_view_routing_id);
  68     web_frame = blink::WebRemoteFrame::create(proxy.get());
  69     render_view->webview()->setMainFrame(web_frame);
  70   } else {
  71     // Create a frame under an existing parent. The parent is always expected
  72     // to be a RenderFrameProxy, because navigations initiated by local frames
  73     // should not wind up here.
  74     RenderFrameProxy* parent =
  75         RenderFrameProxy::FromRoutingID(parent_routing_id);
  76     web_frame = parent->web_frame()->createRemoteChild(
  77         blink::WebString::fromUTF8(replicated_state.name),
  78         RenderFrameImpl::ContentToWebSandboxFlags(
  79             replicated_state.sandbox_flags),
  80         proxy.get());
  81     render_view = parent->render_view();
  82   }
  83
  84   proxy->Init(web_frame, render_view);
  85
  86   // Initialize proxy's WebRemoteFrame with the security origin and other
  87   // replicated information.
  88   proxy->SetReplicatedState(replicated_state);
  89
  90   return proxy.release();
  91 }
  92
  93 // static
  94 RenderFrameProxy* RenderFrameProxy::FromRoutingID(int32 routing_id) {
  95   RoutingIDProxyMap* proxies = g_routing_id_proxy_map.Pointer();
  96   RoutingIDProxyMap::iterator it = proxies->find(routing_id);
  97   return it == proxies->end() ? NULL : it->second;
  98 }
  99
 100 // static
 101 RenderFrameProxy* RenderFrameProxy::FromWebFrame(blink::WebFrame* web_frame) {
 102   FrameMap::iterator iter = g_frame_map.Get().find(web_frame);
 103   if (iter != g_frame_map.Get().end()) {
 104     RenderFrameProxy* proxy = iter->second;
 105     DCHECK_EQ(web_frame, proxy->web_frame());
 106     return proxy;
 107   }
 108   return NULL;
 109 }
 110
 111 RenderFrameProxy::RenderFrameProxy(int routing_id, int frame_routing_id)
 112     : routing_id_(routing_id),
 113       frame_routing_id_(frame_routing_id),
 114       web_frame_(NULL),
 115       render_view_(NULL) {
 116   std::pair<RoutingIDProxyMap::iterator, bool> result =
 117       g_routing_id_proxy_map.Get().insert(std::make_pair(routing_id_, this));
 118   CHECK(result.second) << "Inserting a duplicate item.";
 119   RenderThread::Get()->AddRoute(routing_id_, this);
 120 }
 121
 122 RenderFrameProxy::~RenderFrameProxy() {
 123   // TODO(nasko): Set the render_frame_proxy to null to avoid a double deletion
 124   // when detaching the main frame. This can be removed once RenderFrameImpl and
 125   // RenderFrameProxy have been completely decoupled. See
 126   // https://crbug.com/357747.
 127   RenderFrameImpl* render_frame =
 128       RenderFrameImpl::FromRoutingID(frame_routing_id_);
 129   if (render_frame)
 130     render_frame->set_render_frame_proxy(nullptr);
 131
 132   render_view()->UnregisterRenderFrameProxy(this);
 133
 134   CHECK(!web_frame_);
 135   RenderThread::Get()->RemoveRoute(routing_id_);
 136   g_routing_id_proxy_map.Get().erase(routing_id_);
 137 }
 138
 139 void RenderFrameProxy::Init(blink::WebRemoteFrame* web_frame,
 140                             RenderViewImpl* render_view) {
 141   CHECK(web_frame);
 142   CHECK(render_view);
 143
 144   web_frame_ = web_frame;
 145   render_view_ = render_view;
 146
 147   // TODO(nick): Should all RenderFrameProxies remain observers of their views?
 148   render_view_->RegisterRenderFrameProxy(this);
 149
 150   std::pair<FrameMap::iterator, bool> result =
 151       g_frame_map.Get().insert(std::make_pair(web_frame_, this));
 152   CHECK(result.second) << "Inserted a duplicate item.";
 153 }
 154
 155 bool RenderFrameProxy::IsMainFrameDetachedFromTree() const {
 156   return web_frame_->top() == web_frame_ &&
 157       render_view_->webview()->mainFrame()->isWebLocalFrame();
 158 }
 159
 160 void RenderFrameProxy::DidCommitCompositorFrame() {
 161   if (compositing_helper_.get())
 162     compositing_helper_->DidCommitCompositorFrame();
 163 }
 164
 165 void RenderFrameProxy::SetReplicatedState(const FrameReplicationState& state) {
 166   DCHECK(web_frame_);
 167   web_frame_->setReplicatedOrigin(blink::WebSecurityOrigin::createFromString(
 168       blink::WebString::fromUTF8(state.origin.string())));
 169   web_frame_->setReplicatedSandboxFlags(
 170       RenderFrameImpl::ContentToWebSandboxFlags(state.sandbox_flags));
 171   web_frame_->setReplicatedName(blink::WebString::fromUTF8(state.name));
 172 }
 173
 174 // Update the proxy's SecurityContext and FrameOwner with new sandbox flags
 175 // that were set by its parent in another process.
 176 //
 177 // Normally, when a frame's sandbox attribute is changed dynamically, the
 178 // frame's FrameOwner is updated with the new sandbox flags right away, while
 179 // the frame's SecurityContext is updated when the frame is navigated and the
 180 // new sandbox flags take effect.
 181 //
 182 // Currently, there is no use case for a proxy's pending FrameOwner sandbox
 183 // flags, so there's no message sent to proxies when the sandbox attribute is
 184 // first updated.  Instead, the update message is sent and this function is
 185 // called when the new flags take effect, so that the proxy updates its
 186 // SecurityContext. This is needed to ensure that sandbox flags are inherited
 187 // properly if this proxy ever parents a local frame.  The proxy's FrameOwner
 188 // flags are also updated here with the caveat that the FrameOwner won't learn
 189 // about updates to its flags until they take effect.
 190 void RenderFrameProxy::OnDidUpdateSandboxFlags(SandboxFlags flags) {
 191   web_frame_->setReplicatedSandboxFlags(
 192       RenderFrameImpl::ContentToWebSandboxFlags(flags));
 193   web_frame_->setFrameOwnerSandboxFlags(
 194       RenderFrameImpl::ContentToWebSandboxFlags(flags));
 195 }
 196
 197 bool RenderFrameProxy::OnMessageReceived(const IPC::Message& msg) {
 198   bool handled = true;
 199   IPC_BEGIN_MESSAGE_MAP(RenderFrameProxy, msg)
 200     IPC_MESSAGE_HANDLER(FrameMsg_DeleteProxy, OnDeleteProxy)
 201     IPC_MESSAGE_HANDLER(FrameMsg_ChildFrameProcessGone, OnChildFrameProcessGone)
 202     IPC_MESSAGE_HANDLER_GENERIC(FrameMsg_CompositorFrameSwapped,
 203                                 OnCompositorFrameSwapped(msg))
 204     IPC_MESSAGE_HANDLER(FrameMsg_DisownOpener, OnDisownOpener)
 205     IPC_MESSAGE_HANDLER(FrameMsg_DidStartLoading, OnDidStartLoading)
 206     IPC_MESSAGE_HANDLER(FrameMsg_DidStopLoading, OnDidStopLoading)
 207     IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateSandboxFlags, OnDidUpdateSandboxFlags)
 208     IPC_MESSAGE_HANDLER(FrameMsg_DispatchLoad, OnDispatchLoad)
 209     IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateName, OnDidUpdateName)
 210     IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateOrigin, OnDidUpdateOrigin)
 211     IPC_MESSAGE_UNHANDLED(handled = false)
 212   IPC_END_MESSAGE_MAP()
 213
 214   // Note: If |handled| is true, |this| may have been deleted.
 215   return handled;
 216 }
 217
 218 bool RenderFrameProxy::Send(IPC::Message* message) {
 219   return RenderThread::Get()->Send(message);
 220 }
 221
 222 void RenderFrameProxy::OnDeleteProxy() {
 223   DCHECK(web_frame_->isWebRemoteFrame());
 224   web_frame_->detach();
 225 }
 226
 227 void RenderFrameProxy::OnChildFrameProcessGone() {
 228   if (compositing_helper_.get())
 229     compositing_helper_->ChildFrameGone();
 230 }
 231
 232 void RenderFrameProxy::OnCompositorFrameSwapped(const IPC::Message& message) {
 233   // If this WebFrame has already been detached, its parent will be null. This
 234   // can happen when swapping a WebRemoteFrame with a WebLocalFrame, where this
 235   // message may arrive after the frame was removed from the frame tree, but
 236   // before the frame has been destroyed. http://crbug.com/446575.
 237   if (!web_frame()->parent())
 238     return;
 239
 240   FrameMsg_CompositorFrameSwapped::Param param;
 241   if (!FrameMsg_CompositorFrameSwapped::Read(&message, &param))
 242     return;
 243
 244   scoped_ptr<cc::CompositorFrame> frame(new cc::CompositorFrame);
 245   get<0>(param).frame.AssignTo(frame.get());
 246
 247   if (!compositing_helper_.get()) {
 248     compositing_helper_ =
 249         ChildFrameCompositingHelper::CreateForRenderFrameProxy(this);
 250     compositing_helper_->EnableCompositing(true);
 251   }
 252   compositing_helper_->OnCompositorFrameSwapped(
 253       frame.Pass(),
 254       get<0>(param).producing_route_id,
 255       get<0>(param).output_surface_id,
 256       get<0>(param).producing_host_id,
 257       get<0>(param).shared_memory_handle);
 258 }
 259
 260 void RenderFrameProxy::OnDisownOpener() {
 261   // TODO(creis): We should only see this for main frames for now.  To support
 262   // disowning the opener on subframes, we will need to move WebContentsImpl's
 263   // opener_ to FrameTreeNode.
 264   CHECK(!web_frame_->parent());
 265
 266   // When there is a RenderFrame for this proxy, tell it to disown its opener.
 267   // TODO(creis): Remove this when we only have WebRemoteFrames and make sure
 268   // they know they have an opener.
 269   RenderFrameImpl* render_frame =
 270       RenderFrameImpl::FromRoutingID(frame_routing_id_);
 271   if (render_frame) {
 272     if (render_frame->GetWebFrame()->opener())
 273       render_frame->GetWebFrame()->setOpener(NULL);
 274     return;
 275   }
 276
 277   if (web_frame_->opener())
 278     web_frame_->setOpener(NULL);
 279 }
 280
 281 void RenderFrameProxy::OnDidStartLoading() {
 282   if (IsMainFrameDetachedFromTree())
 283     return;
 284
 285   web_frame_->didStartLoading();
 286 }
 287
 288 void RenderFrameProxy::OnDidStopLoading() {
 289   if (IsMainFrameDetachedFromTree())
 290     return;
 291
 292   web_frame_->didStopLoading();
 293 }
 294
 295 void RenderFrameProxy::OnDispatchLoad() {
 296   web_frame_->DispatchLoadEventForFrameOwner();
 297 }
 298
 299 void RenderFrameProxy::OnDidUpdateName(const std::string& name) {
 300   web_frame_->setReplicatedName(blink::WebString::fromUTF8(name));
 301 }
 302
 303 void RenderFrameProxy::OnDidUpdateOrigin(const url::Origin& origin) {
 304   web_frame_->setReplicatedOrigin(blink::WebSecurityOrigin::createFromString(
 305       blink::WebString::fromUTF8(origin.string())));
 306 }
 307
 308 void RenderFrameProxy::frameDetached() {
 309   if (web_frame_->parent()) {
 310     web_frame_->parent()->removeChild(web_frame_);
 311
 312     // Let the browser process know this subframe is removed, so that it is
 313     // destroyed in its current process.
 314     Send(new FrameHostMsg_Detach(routing_id_));
 315   }
 316
 317   web_frame_->close();
 318
 319   // Remove the entry in the WebFrame->RenderFrameProxy map, as the |web_frame_|
 320   // is no longer valid.
 321   FrameMap::iterator it = g_frame_map.Get().find(web_frame_);
 322   CHECK(it != g_frame_map.Get().end());
 323   CHECK_EQ(it->second, this);
 324   g_frame_map.Get().erase(it);
 325
 326   web_frame_ = nullptr;
 327
 328   delete this;
 329 }
 330
 331 void RenderFrameProxy::postMessageEvent(
 332     blink::WebLocalFrame* source_frame,
 333     blink::WebRemoteFrame* target_frame,
 334     blink::WebSecurityOrigin target_origin,
 335     blink::WebDOMMessageEvent event) {
 336   DCHECK(!web_frame_ || web_frame_ == target_frame);
 337
 338   FrameMsg_PostMessage_Params params;
 339   params.is_data_raw_string = false;
 340   params.data = event.data().toString();
 341   params.source_origin = event.origin();
 342   if (!target_origin.isNull())
 343     params.target_origin = target_origin.toString();
 344
 345   params.message_ports =
 346       WebMessagePortChannelImpl::ExtractMessagePortIDs(event.releaseChannels());
 347
 348   // Include the routing ID for the source frame (if one exists), which the
 349   // browser process will translate into the routing ID for the equivalent
 350   // frame in the target process.
 351   params.source_routing_id = MSG_ROUTING_NONE;
 352   if (source_frame) {
 353     RenderFrameImpl* source_render_frame =
 354         RenderFrameImpl::FromWebFrame(source_frame);
 355     if (source_render_frame)
 356       params.source_routing_id = source_render_frame->GetRoutingID();
 357   }
 358   params.source_view_routing_id = MSG_ROUTING_NONE;
 359
 360   Send(new FrameHostMsg_RouteMessageEvent(routing_id_, params));
 361 }
 362
 363 void RenderFrameProxy::initializeChildFrame(
 364     const blink::WebRect& frame_rect,
 365     float scale_factor) {
 366   Send(new FrameHostMsg_InitializeChildFrame(
 367       routing_id_, frame_rect, scale_factor));
 368 }
 369
 370 void RenderFrameProxy::navigate(const blink::WebURLRequest& request,
 371                                 bool should_replace_current_entry) {
 372   FrameHostMsg_OpenURL_Params params;
 373   params.url = request.url();
 374   params.referrer = Referrer(
 375       GURL(request.httpHeaderField(blink::WebString::fromUTF8("Referer"))),
 376       request.referrerPolicy());
 377   params.disposition = CURRENT_TAB;
 378   params.should_replace_current_entry = should_replace_current_entry;
 379   params.user_gesture =
 380       blink::WebUserGestureIndicator::isProcessingUserGesture();
 381   blink::WebUserGestureIndicator::consumeUserGesture();
 382   Send(new FrameHostMsg_OpenURL(routing_id_, params));
 383 }
 384
 385 void RenderFrameProxy::forwardInputEvent(const blink::WebInputEvent* event) {
 386   Send(new FrameHostMsg_ForwardInputEvent(routing_id_, event));
 387 }
 388
 389 }  // namespace