search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Call ComputeWebKitPrefs on the correct RVH, and remove dead code.
[chromium-blink-merge.git] / content / browser / frame_host / render_frame_host_impl.cc
blob05e9633ddcfaf7c339d9278a7f79923299051320
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/frame_host/render_frame_host_impl.h"
6
7 #include "base/bind.h"
8 #include "base/command_line.h"
9 #include "base/containers/hash_tables.h"
10 #include "base/lazy_instance.h"
11 #include "base/metrics/histogram.h"
12 #include "base/metrics/user_metrics_action.h"
13 #include "base/process/kill.h"
14 #include "base/time/time.h"
15 #include "content/browser/accessibility/accessibility_mode_helper.h"
16 #include "content/browser/accessibility/browser_accessibility_manager.h"
17 #include "content/browser/accessibility/browser_accessibility_state_impl.h"
18 #include "content/browser/child_process_security_policy_impl.h"
19 #include "content/browser/frame_host/cross_process_frame_connector.h"
20 #include "content/browser/frame_host/cross_site_transferring_request.h"
21 #include "content/browser/frame_host/frame_accessibility.h"
22 #include "content/browser/frame_host/frame_tree.h"
23 #include "content/browser/frame_host/frame_tree_node.h"
24 #include "content/browser/frame_host/navigator.h"
25 #include "content/browser/frame_host/navigator_impl.h"
26 #include "content/browser/frame_host/render_frame_host_delegate.h"
27 #include "content/browser/frame_host/render_frame_proxy_host.h"
28 #include "content/browser/frame_host/render_widget_host_view_child_frame.h"
29 #include "content/browser/geolocation/geolocation_service_context.h"
30 #include "content/browser/permissions/permission_service_context.h"
31 #include "content/browser/permissions/permission_service_impl.h"
32 #include "content/browser/presentation/presentation_service_impl.h"
33 #include "content/browser/renderer_host/input/input_router.h"
34 #include "content/browser/renderer_host/input/timeout_monitor.h"
35 #include "content/browser/renderer_host/render_process_host_impl.h"
36 #include "content/browser/renderer_host/render_view_host_delegate.h"
37 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
38 #include "content/browser/renderer_host/render_view_host_impl.h"
39 #include "content/browser/renderer_host/render_widget_host_impl.h"
40 #include "content/browser/renderer_host/render_widget_host_view_base.h"
41 #include "content/browser/transition_request_manager.h"
42 #include "content/common/accessibility_messages.h"
43 #include "content/common/frame_messages.h"
44 #include "content/common/input_messages.h"
45 #include "content/common/inter_process_time_ticks_converter.h"
46 #include "content/common/navigation_params.h"
47 #include "content/common/render_frame_setup.mojom.h"
48 #include "content/common/swapped_out_messages.h"
49 #include "content/public/browser/ax_event_notification_details.h"
50 #include "content/public/browser/browser_accessibility_state.h"
51 #include "content/public/browser/browser_context.h"
52 #include "content/public/browser/browser_plugin_guest_manager.h"
53 #include "content/public/browser/browser_thread.h"
54 #include "content/public/browser/content_browser_client.h"
55 #include "content/public/browser/render_process_host.h"
56 #include "content/public/browser/render_widget_host_view.h"
57 #include "content/public/browser/stream_handle.h"
58 #include "content/public/browser/user_metrics.h"
59 #include "content/public/common/content_constants.h"
60 #include "content/public/common/content_switches.h"
61 #include "content/public/common/url_constants.h"
62 #include "content/public/common/url_utils.h"
63 #include "ui/accessibility/ax_tree.h"
64 #include "url/gurl.h"
65
66 #if defined(OS_MACOSX)
67 #include "content/browser/frame_host/popup_menu_helper_mac.h"
68 #endif
69
70 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
71 #include "media/mojo/interfaces/media_renderer.mojom.h"
72 #include "media/mojo/services/mojo_renderer_service.h"
73 #endif
74
75 using base::TimeDelta;
76
77 namespace content {
78
79 namespace {
80
81 // The next value to use for the accessibility reset token.
82 int g_next_accessibility_reset_token = 1;
83
84 // The (process id, routing id) pair that identifies one RenderFrame.
85 typedef std::pair<int32, int32> RenderFrameHostID;
86 typedef base::hash_map<RenderFrameHostID, RenderFrameHostImpl*>
87 RoutingIDFrameMap;
88 base::LazyInstance<RoutingIDFrameMap> g_routing_id_frame_map =
89 LAZY_INSTANCE_INITIALIZER;
90
91 // Translate a WebKit text direction into a base::i18n one.
92 base::i18n::TextDirection WebTextDirectionToChromeTextDirection(
93 blink::WebTextDirection dir) {
94 switch (dir) {
95 case blink::WebTextDirectionLeftToRight:
96 return base::i18n::LEFT_TO_RIGHT;
97 case blink::WebTextDirectionRightToLeft:
98 return base::i18n::RIGHT_TO_LEFT;
99 default:
100 NOTREACHED();
101 return base::i18n::UNKNOWN_DIRECTION;
102 }
103 }
104
105 } // namespace
106
107 // static
108 bool RenderFrameHostImpl::IsRFHStateActive(RenderFrameHostImplState rfh_state) {
109 return rfh_state == STATE_DEFAULT;
110 }
111
112 // static
113 RenderFrameHost* RenderFrameHost::FromID(int render_process_id,
114 int render_frame_id) {
115 return RenderFrameHostImpl::FromID(render_process_id, render_frame_id);
116 }
117
118 // static
119 RenderFrameHostImpl* RenderFrameHostImpl::FromID(int process_id,
120 int routing_id) {
121 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
122 RoutingIDFrameMap* frames = g_routing_id_frame_map.Pointer();
123 RoutingIDFrameMap::iterator it = frames->find(
124 RenderFrameHostID(process_id, routing_id));
125 return it == frames->end() ? NULL : it->second;
126 }
127
128 RenderFrameHostImpl::RenderFrameHostImpl(SiteInstance* site_instance,
129 RenderViewHostImpl* render_view_host,
130 RenderFrameHostDelegate* delegate,
131 RenderWidgetHostDelegate* rwh_delegate,
132 FrameTree* frame_tree,
133 FrameTreeNode* frame_tree_node,
134 int routing_id,
135 int flags)
136 : render_view_host_(render_view_host),
137 delegate_(delegate),
138 site_instance_(static_cast<SiteInstanceImpl*>(site_instance)),
139 process_(site_instance->GetProcess()),
140 cross_process_frame_connector_(NULL),
141 render_frame_proxy_host_(NULL),
142 frame_tree_(frame_tree),
143 frame_tree_node_(frame_tree_node),
144 routing_id_(routing_id),
145 render_frame_created_(false),
146 navigations_suspended_(false),
147 has_beforeunload_handlers_(false),
148 has_unload_handlers_(false),
149 override_sudden_termination_status_(false),
150 is_waiting_for_beforeunload_ack_(false),
151 unload_ack_is_for_navigation_(false),
152 accessibility_reset_token_(0),
153 accessibility_reset_count_(0),
154 no_create_browser_accessibility_manager_for_testing_(false),
155 weak_ptr_factory_(this) {
156 bool is_swapped_out = !!(flags & CREATE_RF_SWAPPED_OUT);
157 bool hidden = !!(flags & CREATE_RF_HIDDEN);
158 frame_tree_->RegisterRenderFrameHost(this);
159 GetProcess()->AddRoute(routing_id_, this);
160 g_routing_id_frame_map.Get().insert(std::make_pair(
161 RenderFrameHostID(GetProcess()->GetID(), routing_id_),
162 this));
163
164 if (is_swapped_out) {
165 rfh_state_ = STATE_SWAPPED_OUT;
166 } else {
167 rfh_state_ = STATE_DEFAULT;
168 GetSiteInstance()->increment_active_frame_count();
169 }
170
171 SetUpMojoIfNeeded();
172 swapout_event_monitor_timeout_.reset(new TimeoutMonitor(base::Bind(
173 &RenderFrameHostImpl::OnSwappedOut, weak_ptr_factory_.GetWeakPtr())));
174
175 if (flags & CREATE_RF_NEEDS_RENDER_WIDGET_HOST) {
176 render_widget_host_.reset(new RenderWidgetHostImpl(
177 rwh_delegate, GetProcess(), MSG_ROUTING_NONE, hidden));
178 render_widget_host_->set_owned_by_render_frame_host(true);
179 }
180 }
181
182 RenderFrameHostImpl::~RenderFrameHostImpl() {
183 GetProcess()->RemoveRoute(routing_id_);
184 g_routing_id_frame_map.Get().erase(
185 RenderFrameHostID(GetProcess()->GetID(), routing_id_));
186
187 if (delegate_)
188 delegate_->RenderFrameDeleted(this);
189
190 FrameAccessibility::GetInstance()->OnRenderFrameHostDestroyed(this);
191
192 // If this was swapped out, it already decremented the active frame count of
193 // the SiteInstance it belongs to.
194 if (IsRFHStateActive(rfh_state_))
195 GetSiteInstance()->decrement_active_frame_count();
196
197 // Notify the FrameTree that this RFH is going away, allowing it to shut down
198 // the corresponding RenderViewHost if it is no longer needed.
199 frame_tree_->UnregisterRenderFrameHost(this);
200
201 // NULL out the swapout timer; in crash dumps this member will be null only if
202 // the dtor has run.
203 swapout_event_monitor_timeout_.reset();
204
205 for (const auto& iter: visual_state_callbacks_) {
206 iter.second.Run(false);
207 }
208
209 if (render_widget_host_)
210 render_widget_host_->Cleanup();
211 }
212
213 int RenderFrameHostImpl::GetRoutingID() {
214 return routing_id_;
215 }
216
217 SiteInstanceImpl* RenderFrameHostImpl::GetSiteInstance() {
218 return site_instance_.get();
219 }
220
221 RenderProcessHost* RenderFrameHostImpl::GetProcess() {
222 return process_;
223 }
224
225 RenderFrameHost* RenderFrameHostImpl::GetParent() {
226 FrameTreeNode* parent_node = frame_tree_node_->parent();
227 if (!parent_node)
228 return NULL;
229 return parent_node->current_frame_host();
230 }
231
232 const std::string& RenderFrameHostImpl::GetFrameName() {
233 return frame_tree_node_->frame_name();
234 }
235
236 bool RenderFrameHostImpl::IsCrossProcessSubframe() {
237 FrameTreeNode* parent_node = frame_tree_node_->parent();
238 if (!parent_node)
239 return false;
240 return GetSiteInstance() !=
241 parent_node->current_frame_host()->GetSiteInstance();
242 }
243
244 GURL RenderFrameHostImpl::GetLastCommittedURL() {
245 return frame_tree_node_->current_url();
246 }
247
248 gfx::NativeView RenderFrameHostImpl::GetNativeView() {
249 RenderWidgetHostView* view = render_view_host_->GetView();
250 if (!view)
251 return NULL;
252 return view->GetNativeView();
253 }
254
255 void RenderFrameHostImpl::ExecuteJavaScript(
256 const base::string16& javascript) {
257 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
258 javascript,
259 0, false));
260 }
261
262 void RenderFrameHostImpl::ExecuteJavaScript(
263 const base::string16& javascript,
264 const JavaScriptResultCallback& callback) {
265 static int next_id = 1;
266 int key = next_id++;
267 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
268 javascript,
269 key, true));
270 javascript_callbacks_.insert(std::make_pair(key, callback));
271 }
272
273 void RenderFrameHostImpl::ExecuteJavaScriptForTests(
274 const base::string16& javascript) {
275 Send(new FrameMsg_JavaScriptExecuteRequestForTests(routing_id_,
276 javascript,
277 0, false));
278 }
279
280 RenderViewHost* RenderFrameHostImpl::GetRenderViewHost() {
281 return render_view_host_;
282 }
283
284 ServiceRegistry* RenderFrameHostImpl::GetServiceRegistry() {
285 return service_registry_.get();
286 }
287
288 blink::WebPageVisibilityState RenderFrameHostImpl::GetVisibilityState() {
289 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops
290 // returning nullptr in some cases. See https://crbug.com/455245.
291 blink::WebPageVisibilityState visibility_state =
292 RenderWidgetHostImpl::From(GetView()->GetRenderWidgetHost())->is_hidden()
293 ? blink::WebPageVisibilityStateHidden
294 : blink::WebPageVisibilityStateVisible;
295 GetContentClient()->browser()->OverridePageVisibilityState(this,
296 &visibility_state);
297 return visibility_state;
298 }
299
300 bool RenderFrameHostImpl::Send(IPC::Message* message) {
301 if (IPC_MESSAGE_ID_CLASS(message->type()) == InputMsgStart) {
302 return render_view_host_->input_router()->SendInput(
303 make_scoped_ptr(message));
304 }
305
306 return GetProcess()->Send(message);
307 }
308
309 bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) {
310 // Filter out most IPC messages if this frame is swapped out.
311 // We still want to handle certain ACKs to keep our state consistent.
312 if (is_swapped_out()) {
313 if (!SwappedOutMessages::CanHandleWhileSwappedOut(msg)) {
314 // If this is a synchronous message and we decided not to handle it,
315 // we must send an error reply, or else the renderer will be stuck
316 // and won't respond to future requests.
317 if (msg.is_sync()) {
318 IPC::Message* reply = IPC::SyncMessage::GenerateReply(&msg);
319 reply->set_reply_error();
320 Send(reply);
321 }
322 // Don't continue looking for someone to handle it.
323 return true;
324 }
325 }
326
327 if (delegate_->OnMessageReceived(this, msg))
328 return true;
329
330 RenderFrameProxyHost* proxy =
331 frame_tree_node_->render_manager()->GetProxyToParent();
332 if (proxy && proxy->cross_process_frame_connector() &&
333 proxy->cross_process_frame_connector()->OnMessageReceived(msg))
334 return true;
335
336 bool handled = true;
337 IPC_BEGIN_MESSAGE_MAP(RenderFrameHostImpl, msg)
338 IPC_MESSAGE_HANDLER(FrameHostMsg_AddMessageToConsole, OnAddMessageToConsole)
339 IPC_MESSAGE_HANDLER(FrameHostMsg_Detach, OnDetach)
340 IPC_MESSAGE_HANDLER(FrameHostMsg_FrameFocused, OnFrameFocused)
341 IPC_MESSAGE_HANDLER(FrameHostMsg_DidStartProvisionalLoadForFrame,
342 OnDidStartProvisionalLoadForFrame)
343 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailProvisionalLoadWithError,
344 OnDidFailProvisionalLoadWithError)
345 IPC_MESSAGE_HANDLER(FrameHostMsg_DidFailLoadWithError,
346 OnDidFailLoadWithError)
347 IPC_MESSAGE_HANDLER_GENERIC(FrameHostMsg_DidCommitProvisionalLoad,
348 OnDidCommitProvisionalLoad(msg))
349 IPC_MESSAGE_HANDLER(FrameHostMsg_DidDropNavigation, OnDidDropNavigation)
350 IPC_MESSAGE_HANDLER(FrameHostMsg_OpenURL, OnOpenURL)
351 IPC_MESSAGE_HANDLER(FrameHostMsg_DocumentOnLoadCompleted,
352 OnDocumentOnLoadCompleted)
353 IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnload_ACK, OnBeforeUnloadACK)
354 IPC_MESSAGE_HANDLER(FrameHostMsg_BeforeUnloadHandlersPresent,
355 OnBeforeUnloadHandlersPresent)
356 IPC_MESSAGE_HANDLER(FrameHostMsg_UnloadHandlersPresent,
357 OnUnloadHandlersPresent)
358 IPC_MESSAGE_HANDLER(FrameHostMsg_SwapOut_ACK, OnSwapOutACK)
359 IPC_MESSAGE_HANDLER(FrameHostMsg_ContextMenu, OnContextMenu)
360 IPC_MESSAGE_HANDLER(FrameHostMsg_JavaScriptExecuteResponse,
361 OnJavaScriptExecuteResponse)
362 IPC_MESSAGE_HANDLER(FrameHostMsg_VisualStateResponse,
363 OnVisualStateResponse)
364 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunJavaScriptMessage,
365 OnRunJavaScriptMessage)
366 IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunBeforeUnloadConfirm,
367 OnRunBeforeUnloadConfirm)
368 IPC_MESSAGE_HANDLER(FrameHostMsg_DidAccessInitialDocument,
369 OnDidAccessInitialDocument)
370 IPC_MESSAGE_HANDLER(FrameHostMsg_DidDisownOpener, OnDidDisownOpener)
371 IPC_MESSAGE_HANDLER(FrameHostMsg_DidAssignPageId, OnDidAssignPageId)
372 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateTitle, OnUpdateTitle)
373 IPC_MESSAGE_HANDLER(FrameHostMsg_UpdateEncoding, OnUpdateEncoding)
374 IPC_MESSAGE_HANDLER(FrameHostMsg_BeginNavigation,
375 OnBeginNavigation)
376 IPC_MESSAGE_HANDLER(FrameHostMsg_TextSurroundingSelectionResponse,
377 OnTextSurroundingSelectionResponse)
378 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_Events, OnAccessibilityEvents)
379 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_LocationChanges,
380 OnAccessibilityLocationChanges)
381 IPC_MESSAGE_HANDLER(AccessibilityHostMsg_FindInPageResult,
382 OnAccessibilityFindInPageResult)
383 IPC_MESSAGE_HANDLER(FrameHostMsg_ToggleFullscreen, OnToggleFullscreen)
384 // The following message is synthetic and doesn't come from RenderFrame, but
385 // from RenderProcessHost.
386 IPC_MESSAGE_HANDLER(FrameHostMsg_RenderProcessGone, OnRenderProcessGone)
387 #if defined(OS_MACOSX) || defined(OS_ANDROID)
388 IPC_MESSAGE_HANDLER(FrameHostMsg_ShowPopup, OnShowPopup)
389 IPC_MESSAGE_HANDLER(FrameHostMsg_HidePopup, OnHidePopup)
390 #endif
391 IPC_END_MESSAGE_MAP()
392
393 // No further actions here, since we may have been deleted.
394 return handled;
395 }
396
397 void RenderFrameHostImpl::AccessibilitySetFocus(int object_id) {
398 Send(new AccessibilityMsg_SetFocus(routing_id_, object_id));
399 }
400
401 void RenderFrameHostImpl::AccessibilityDoDefaultAction(int object_id) {
402 Send(new AccessibilityMsg_DoDefaultAction(routing_id_, object_id));
403 }
404
405 void RenderFrameHostImpl::AccessibilityShowMenu(
406 const gfx::Point& global_point) {
407 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
408 render_view_host_->GetView());
409 if (view)
410 view->AccessibilityShowMenu(global_point);
411 }
412
413 void RenderFrameHostImpl::AccessibilityScrollToMakeVisible(
414 int acc_obj_id, const gfx::Rect& subfocus) {
415 Send(new AccessibilityMsg_ScrollToMakeVisible(
416 routing_id_, acc_obj_id, subfocus));
417 }
418
419 void RenderFrameHostImpl::AccessibilityScrollToPoint(
420 int acc_obj_id, const gfx::Point& point) {
421 Send(new AccessibilityMsg_ScrollToPoint(
422 routing_id_, acc_obj_id, point));
423 }
424
425 void RenderFrameHostImpl::AccessibilitySetTextSelection(
426 int object_id, int start_offset, int end_offset) {
427 Send(new AccessibilityMsg_SetTextSelection(
428 routing_id_, object_id, start_offset, end_offset));
429 }
430
431 void RenderFrameHostImpl::AccessibilitySetValue(
432 int object_id, const base::string16& value) {
433 Send(new AccessibilityMsg_SetValue(routing_id_, object_id, value));
434 }
435
436 bool RenderFrameHostImpl::AccessibilityViewHasFocus() const {
437 RenderWidgetHostView* view = render_view_host_->GetView();
438 if (view)
439 return view->HasFocus();
440 return false;
441 }
442
443 gfx::Rect RenderFrameHostImpl::AccessibilityGetViewBounds() const {
444 RenderWidgetHostView* view = render_view_host_->GetView();
445 if (view)
446 return view->GetViewBounds();
447 return gfx::Rect();
448 }
449
450 gfx::Point RenderFrameHostImpl::AccessibilityOriginInScreen(
451 const gfx::Rect& bounds) const {
452 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
453 render_view_host_->GetView());
454 if (view)
455 return view->AccessibilityOriginInScreen(bounds);
456 return gfx::Point();
457 }
458
459 void RenderFrameHostImpl::AccessibilityHitTest(const gfx::Point& point) {
460 Send(new AccessibilityMsg_HitTest(routing_id_, point));
461 }
462
463 void RenderFrameHostImpl::AccessibilitySetAccessibilityFocus(int acc_obj_id) {
464 Send(new AccessibilityMsg_SetAccessibilityFocus(routing_id_, acc_obj_id));
465 }
466
467 void RenderFrameHostImpl::AccessibilityFatalError() {
468 browser_accessibility_manager_.reset(NULL);
469 if (accessibility_reset_token_)
470 return;
471
472 accessibility_reset_count_++;
473 if (accessibility_reset_count_ >= kMaxAccessibilityResets) {
474 Send(new AccessibilityMsg_FatalError(routing_id_));
475 } else {
476 accessibility_reset_token_ = g_next_accessibility_reset_token++;
477 UMA_HISTOGRAM_COUNTS("Accessibility.FrameResetCount", 1);
478 Send(new AccessibilityMsg_Reset(routing_id_, accessibility_reset_token_));
479 }
480 }
481
482 gfx::AcceleratedWidget
483 RenderFrameHostImpl::AccessibilityGetAcceleratedWidget() {
484 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
485 render_view_host_->GetView());
486 if (view)
487 return view->AccessibilityGetAcceleratedWidget();
488 return gfx::kNullAcceleratedWidget;
489 }
490
491 gfx::NativeViewAccessible
492 RenderFrameHostImpl::AccessibilityGetNativeViewAccessible() {
493 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
494 render_view_host_->GetView());
495 if (view)
496 return view->AccessibilityGetNativeViewAccessible();
497 return NULL;
498 }
499
500 BrowserAccessibilityManager* RenderFrameHostImpl::AccessibilityGetChildFrame(
501 int accessibility_node_id) {
502 RenderFrameHostImpl* child_frame =
503 FrameAccessibility::GetInstance()->GetChild(this, accessibility_node_id);
504 if (!child_frame || IsSameSiteInstance(child_frame))
505 return nullptr;
506
507 return child_frame->GetOrCreateBrowserAccessibilityManager();
508 }
509
510 void RenderFrameHostImpl::AccessibilityGetAllChildFrames(
511 std::vector<BrowserAccessibilityManager*>* child_frames) {
512 std::vector<RenderFrameHostImpl*> child_frame_hosts;
513 FrameAccessibility::GetInstance()->GetAllChildFrames(
514 this, &child_frame_hosts);
515 for (size_t i = 0; i < child_frame_hosts.size(); ++i) {
516 RenderFrameHostImpl* child_frame_host = child_frame_hosts[i];
517 if (!child_frame_host || IsSameSiteInstance(child_frame_host))
518 continue;
519
520 BrowserAccessibilityManager* manager =
521 child_frame_host->GetOrCreateBrowserAccessibilityManager();
522 if (manager)
523 child_frames->push_back(manager);
524 }
525 }
526
527 BrowserAccessibility* RenderFrameHostImpl::AccessibilityGetParentFrame() {
528 RenderFrameHostImpl* parent_frame = NULL;
529 int parent_node_id = 0;
530 if (!FrameAccessibility::GetInstance()->GetParent(
531 this, &parent_frame, &parent_node_id)) {
532 return NULL;
533 }
534
535 // As a sanity check, make sure the frame we're going to return belongs
536 // to the same BrowserContext.
537 if (GetSiteInstance()->GetBrowserContext() !=
538 parent_frame->GetSiteInstance()->GetBrowserContext()) {
539 NOTREACHED();
540 return NULL;
541 }
542
543 BrowserAccessibilityManager* manager =
544 parent_frame->browser_accessibility_manager();
545 if (!manager)
546 return NULL;
547
548 return manager->GetFromID(parent_node_id);
549 }
550
551 bool RenderFrameHostImpl::CreateRenderFrame(int parent_routing_id,
552 int proxy_routing_id) {
553 TRACE_EVENT0("navigation", "RenderFrameHostImpl::CreateRenderFrame");
554 DCHECK(!IsRenderFrameLive()) << "Creating frame twice";
555
556 // The process may (if we're sharing a process with another host that already
557 // initialized it) or may not (we have our own process or the old process
558 // crashed) have been initialized. Calling Init multiple times will be
559 // ignored, so this is safe.
560 if (!GetProcess()->Init())
561 return false;
562
563 DCHECK(GetProcess()->HasConnection());
564
565 FrameMsg_NewFrame_WidgetParams widget_params;
566 if (render_widget_host_) {
567 widget_params.routing_id = render_widget_host_->GetRoutingID();
568 widget_params.surface_id = render_widget_host_->surface_id();
569 widget_params.hidden = render_widget_host_->is_hidden();
570 } else {
571 // MSG_ROUTING_NONE will prevent a new RenderWidget from being created in
572 // the renderer process.
573 widget_params.routing_id = MSG_ROUTING_NONE;
574 widget_params.surface_id = 0;
575 widget_params.hidden = true;
576 }
577
578 Send(new FrameMsg_NewFrame(routing_id_, parent_routing_id, proxy_routing_id,
579 frame_tree_node()->current_replication_state(),
580 widget_params));
581
582 // The RenderWidgetHost takes ownership of its view. It is tied to the
583 // lifetime of the current RenderProcessHost for this RenderFrameHost.
584 if (render_widget_host_) {
585 RenderWidgetHostView* rwhv =
586 new RenderWidgetHostViewChildFrame(render_widget_host_.get());
587 rwhv->Hide();
588 }
589
590 if (proxy_routing_id != MSG_ROUTING_NONE) {
591 RenderFrameProxyHost* proxy = RenderFrameProxyHost::FromID(
592 GetProcess()->GetID(), proxy_routing_id);
593 // We have also created a RenderFrameProxy in FrameMsg_NewFrame above, so
594 // remember that.
595 proxy->set_render_frame_proxy_created(true);
596 }
597
598 // The renderer now has a RenderFrame for this RenderFrameHost. Note that
599 // this path is only used for out-of-process iframes. Main frame RenderFrames
600 // are created with their RenderView, and same-site iframes are created at the
601 // time of OnCreateChildFrame.
602 SetRenderFrameCreated(true);
603
604 return true;
605 }
606
607 bool RenderFrameHostImpl::IsRenderFrameLive() {
608 // RenderFrames are created for main frames at the same time as RenderViews,
609 // so we rely on IsRenderViewLive. For subframes, we keep track of each
610 // RenderFrame individually with render_frame_created_.
611 bool is_live = !GetParent() ?
612 render_view_host_->IsRenderViewLive() :
613 GetProcess()->HasConnection() && render_frame_created_;
614
615 // Sanity check: the RenderView should always be live if the RenderFrame is.
616 DCHECK(!is_live || render_view_host_->IsRenderViewLive());
617
618 return is_live;
619 }
620
621 void RenderFrameHostImpl::SetRenderFrameCreated(bool created) {
622 render_frame_created_ = created;
623 if (created && render_widget_host_)
624 render_widget_host_->InitForFrame();
625 }
626
627 void RenderFrameHostImpl::Init() {
628 GetProcess()->ResumeRequestsForView(routing_id_);
629 }
630
631 void RenderFrameHostImpl::OnAddMessageToConsole(
632 int32 level,
633 const base::string16& message,
634 int32 line_no,
635 const base::string16& source_id) {
636 if (delegate_->AddMessageToConsole(level, message, line_no, source_id))
637 return;
638
639 // Pass through log level only on WebUI pages to limit console spew.
640 const bool is_web_ui =
641 HasWebUIScheme(delegate_->GetMainFrameLastCommittedURL());
642 const int32 resolved_level = is_web_ui ? level : ::logging::LOG_INFO;
643
644 // LogMessages shouldn't be created for console messages because of privacy
645 // reasons (on some platforms these get persisted to disk). However because
646 // WebUI pages are a part of Chrome's source code, we want to treat messages
647 // from WebUI the same way as we treat log messages from native code.
648 if (::logging::GetMinLogLevel() <= resolved_level && is_web_ui) {
649 logging::LogMessage("CONSOLE", line_no, resolved_level).stream()
650 << "\"" << message << "\", source: " << source_id << " (" << line_no
651 << ")";
652 }
653 }
654
655 void RenderFrameHostImpl::OnCreateChildFrame(int new_routing_id,
656 const std::string& frame_name,
657 SandboxFlags sandbox_flags) {
658 // It is possible that while a new RenderFrameHost was committed, the
659 // RenderFrame corresponding to this host sent an IPC message to create a
660 // frame and it is delivered after this host is swapped out.
661 // Ignore such messages, as we know this RenderFrameHost is going away.
662 if (rfh_state_ != RenderFrameHostImpl::STATE_DEFAULT)
663 return;
664
665 RenderFrameHostImpl* new_frame = frame_tree_->AddFrame(
666 frame_tree_node_, GetProcess()->GetID(), new_routing_id, frame_name);
667 if (!new_frame)
668 return;
669
670 // We know that the RenderFrame has been created in this case, immediately
671 // after the CreateChildFrame IPC was sent.
672 new_frame->SetRenderFrameCreated(true);
673
674 new_frame->frame_tree_node()->set_sandbox_flags(sandbox_flags);
675
676 if (delegate_)
677 delegate_->RenderFrameCreated(new_frame);
678 }
679
680 void RenderFrameHostImpl::OnDetach() {
681 frame_tree_->RemoveFrame(frame_tree_node_);
682 }
683
684 void RenderFrameHostImpl::OnFrameFocused() {
685 frame_tree_->SetFocusedFrame(frame_tree_node_);
686 }
687
688 void RenderFrameHostImpl::OnOpenURL(const FrameHostMsg_OpenURL_Params& params) {
689 OpenURL(params, GetSiteInstance());
690 }
691
692 void RenderFrameHostImpl::OnDocumentOnLoadCompleted(
693 FrameMsg_UILoadMetricsReportType::Value report_type,
694 base::TimeTicks ui_timestamp) {
695 if (report_type == FrameMsg_UILoadMetricsReportType::REPORT_LINK) {
696 UMA_HISTOGRAM_CUSTOM_TIMES("Navigation.UI_OnLoadComplete.Link",
697 base::TimeTicks::Now() - ui_timestamp,
698 base::TimeDelta::FromMilliseconds(10),
699 base::TimeDelta::FromMinutes(10), 100);
700 } else if (report_type == FrameMsg_UILoadMetricsReportType::REPORT_INTENT) {
701 UMA_HISTOGRAM_CUSTOM_TIMES("Navigation.UI_OnLoadComplete.Intent",
702 base::TimeTicks::Now() - ui_timestamp,
703 base::TimeDelta::FromMilliseconds(10),
704 base::TimeDelta::FromMinutes(10), 100);
705 }
706 // This message is only sent for top-level frames. TODO(avi): when frame tree
707 // mirroring works correctly, add a check here to enforce it.
708 delegate_->DocumentOnLoadCompleted(this);
709 }
710
711 void RenderFrameHostImpl::OnDidStartProvisionalLoadForFrame(
712 const GURL& url,
713 bool is_transition_navigation) {
714 frame_tree_node_->navigator()->DidStartProvisionalLoad(
715 this, url, is_transition_navigation);
716 }
717
718 void RenderFrameHostImpl::OnDidFailProvisionalLoadWithError(
719 const FrameHostMsg_DidFailProvisionalLoadWithError_Params& params) {
720 frame_tree_node_->navigator()->DidFailProvisionalLoadWithError(this, params);
721 }
722
723 void RenderFrameHostImpl::OnDidFailLoadWithError(
724 const GURL& url,
725 int error_code,
726 const base::string16& error_description) {
727 GURL validated_url(url);
728 GetProcess()->FilterURL(false, &validated_url);
729
730 frame_tree_node_->navigator()->DidFailLoadWithError(
731 this, validated_url, error_code, error_description);
732 }
733
734 // Called when the renderer navigates. For every frame loaded, we'll get this
735 // notification containing parameters identifying the navigation.
736 //
737 // Subframes are identified by the page transition type. For subframes loaded
738 // as part of a wider page load, the page_id will be the same as for the top
739 // level frame. If the user explicitly requests a subframe navigation, we will
740 // get a new page_id because we need to create a new navigation entry for that
741 // action.
742 void RenderFrameHostImpl::OnDidCommitProvisionalLoad(const IPC::Message& msg) {
743 // Read the parameters out of the IPC message directly to avoid making another
744 // copy when we filter the URLs.
745 PickleIterator iter(msg);
746 FrameHostMsg_DidCommitProvisionalLoad_Params validated_params;
747 if (!IPC::ParamTraits<FrameHostMsg_DidCommitProvisionalLoad_Params>::
748 Read(&msg, &iter, &validated_params))
749 return;
750 TRACE_EVENT1("navigation", "RenderFrameHostImpl::OnDidCommitProvisionalLoad",
751 "url", validated_params.url.possibly_invalid_spec());
752
753 // If we're waiting for a cross-site beforeunload ack from this renderer and
754 // we receive a Navigate message from the main frame, then the renderer was
755 // navigating already and sent it before hearing the FrameMsg_Stop message.
756 // We do not want to cancel the pending navigation in this case, since the
757 // old page will soon be stopped. Instead, treat this as a beforeunload ack
758 // to allow the pending navigation to continue.
759 if (is_waiting_for_beforeunload_ack_ &&
760 unload_ack_is_for_navigation_ &&
761 ui::PageTransitionIsMainFrame(validated_params.transition)) {
762 base::TimeTicks approx_renderer_start_time = send_before_unload_start_time_;
763 OnBeforeUnloadACK(true, approx_renderer_start_time, base::TimeTicks::Now());
764 return;
765 }
766
767 // If we're waiting for an unload ack from this renderer and we receive a
768 // Navigate message, then the renderer was navigating before it received the
769 // unload request. It will either respond to the unload request soon or our
770 // timer will expire. Either way, we should ignore this message, because we
771 // have already committed to closing this renderer.
772 if (IsWaitingForUnloadACK())
773 return;
774
775 if (validated_params.report_type ==
776 FrameMsg_UILoadMetricsReportType::REPORT_LINK) {
777 UMA_HISTOGRAM_CUSTOM_TIMES(
778 "Navigation.UI_OnCommitProvisionalLoad.Link",
779 base::TimeTicks::Now() - validated_params.ui_timestamp,
780 base::TimeDelta::FromMilliseconds(10), base::TimeDelta::FromMinutes(10),
781 100);
782 } else if (validated_params.report_type ==
783 FrameMsg_UILoadMetricsReportType::REPORT_INTENT) {
784 UMA_HISTOGRAM_CUSTOM_TIMES(
785 "Navigation.UI_OnCommitProvisionalLoad.Intent",
786 base::TimeTicks::Now() - validated_params.ui_timestamp,
787 base::TimeDelta::FromMilliseconds(10), base::TimeDelta::FromMinutes(10),
788 100);
789 }
790
791 RenderProcessHost* process = GetProcess();
792
793 // Attempts to commit certain off-limits URL should be caught more strictly
794 // than our FilterURL checks below. If a renderer violates this policy, it
795 // should be killed.
796 if (!CanCommitURL(validated_params.url)) {
797 VLOG(1) << "Blocked URL " << validated_params.url.spec();
798 validated_params.url = GURL(url::kAboutBlankURL);
799 RecordAction(base::UserMetricsAction("CanCommitURL_BlockedAndKilled"));
800 // Kills the process.
801 process->ReceivedBadMessage();
802 }
803
804 // Without this check, an evil renderer can trick the browser into creating
805 // a navigation entry for a banned URL. If the user clicks the back button
806 // followed by the forward button (or clicks reload, or round-trips through
807 // session restore, etc), we'll think that the browser commanded the
808 // renderer to load the URL and grant the renderer the privileges to request
809 // the URL. To prevent this attack, we block the renderer from inserting
810 // banned URLs into the navigation controller in the first place.
811 process->FilterURL(false, &validated_params.url);
812 process->FilterURL(true, &validated_params.referrer.url);
813 for (std::vector<GURL>::iterator it(validated_params.redirects.begin());
814 it != validated_params.redirects.end(); ++it) {
815 process->FilterURL(false, &(*it));
816 }
817 process->FilterURL(true, &validated_params.searchable_form_url);
818
819 // Without this check, the renderer can trick the browser into using
820 // filenames it can't access in a future session restore.
821 if (!render_view_host_->CanAccessFilesOfPageState(
822 validated_params.page_state)) {
823 GetProcess()->ReceivedBadMessage();
824 return;
825 }
826
827 accessibility_reset_count_ = 0;
828 frame_tree_node()->navigator()->DidNavigate(this, validated_params);
829 }
830
831 void RenderFrameHostImpl::OnDidDropNavigation() {
832 // At the end of Navigate(), the delegate's DidStartLoading is called to force
833 // the spinner to start, even if the renderer didn't yet begin the load. If it
834 // turns out that the renderer dropped the navigation, we need to turn off the
835 // spinner.
836 delegate_->DidStopLoading(this);
837 }
838
839 RenderWidgetHostImpl* RenderFrameHostImpl::GetRenderWidgetHost() {
840 if (render_widget_host_)
841 return render_widget_host_.get();
842
843 // TODO(kenrb): When RenderViewHost no longer inherits RenderWidgetHost,
844 // we can remove this fallback. Currently it is only used for the main
845 // frame.
846 if (!GetParent())
847 return static_cast<RenderWidgetHostImpl*>(render_view_host_);
848
849 return nullptr;
850 }
851
852 RenderWidgetHostView* RenderFrameHostImpl::GetView() {
853 RenderFrameHostImpl* frame = this;
854 while (frame) {
855 if (frame->render_widget_host_)
856 return frame->render_widget_host_->GetView();
857 frame = static_cast<RenderFrameHostImpl*>(frame->GetParent());
858 }
859
860 return render_view_host_->GetView();
861 }
862
863 int RenderFrameHostImpl::GetEnabledBindings() {
864 return render_view_host_->GetEnabledBindings();
865 }
866
867 void RenderFrameHostImpl::OnCrossSiteResponse(
868 const GlobalRequestID& global_request_id,
869 scoped_ptr<CrossSiteTransferringRequest> cross_site_transferring_request,
870 const std::vector<GURL>& transfer_url_chain,
871 const Referrer& referrer,
872 ui::PageTransition page_transition,
873 bool should_replace_current_entry) {
874 frame_tree_node_->render_manager()->OnCrossSiteResponse(
875 this, global_request_id, cross_site_transferring_request.Pass(),
876 transfer_url_chain, referrer, page_transition,
877 should_replace_current_entry);
878 }
879
880 void RenderFrameHostImpl::OnDeferredAfterResponseStarted(
881 const GlobalRequestID& global_request_id,
882 const TransitionLayerData& transition_data) {
883 frame_tree_node_->render_manager()->OnDeferredAfterResponseStarted(
884 global_request_id, this);
885
886 if (GetParent() || !delegate_->WillHandleDeferAfterResponseStarted())
887 frame_tree_node_->render_manager()->ResumeResponseDeferredAtStart();
888 else
889 delegate_->DidDeferAfterResponseStarted(transition_data);
890 }
891
892 void RenderFrameHostImpl::SwapOut(
893 RenderFrameProxyHost* proxy,
894 bool is_loading) {
895 // The end of this event is in OnSwapOutACK when the RenderFrame has completed
896 // the operation and sends back an IPC message.
897 // The trace event may not end properly if the ACK times out. We expect this
898 // to be fixed when RenderViewHostImpl::OnSwapOut moves to RenderFrameHost.
899 TRACE_EVENT_ASYNC_BEGIN0("navigation", "RenderFrameHostImpl::SwapOut", this);
900
901 // If this RenderFrameHost is not in the default state, it must have already
902 // gone through this, therefore just return.
903 if (rfh_state_ != RenderFrameHostImpl::STATE_DEFAULT) {
904 NOTREACHED() << "RFH should be in default state when calling SwapOut.";
905 return;
906 }
907
908 SetState(RenderFrameHostImpl::STATE_PENDING_SWAP_OUT);
909 swapout_event_monitor_timeout_->Start(
910 base::TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
911
912 // There may be no proxy if there are no active views in the process.
913 int proxy_routing_id = MSG_ROUTING_NONE;
914 FrameReplicationState replication_state;
915 if (proxy) {
916 set_render_frame_proxy_host(proxy);
917 proxy_routing_id = proxy->GetRoutingID();
918 replication_state = proxy->frame_tree_node()->current_replication_state();
919 }
920
921 if (IsRenderFrameLive()) {
922 Send(new FrameMsg_SwapOut(routing_id_, proxy_routing_id, is_loading,
923 replication_state));
924 }
925
926 if (!GetParent())
927 delegate_->SwappedOut(this);
928 }
929
930 void RenderFrameHostImpl::OnBeforeUnloadACK(
931 bool proceed,
932 const base::TimeTicks& renderer_before_unload_start_time,
933 const base::TimeTicks& renderer_before_unload_end_time) {
934 TRACE_EVENT_ASYNC_END0(
935 "navigation", "RenderFrameHostImpl::BeforeUnload", this);
936 DCHECK(!GetParent());
937 // If this renderer navigated while the beforeunload request was in flight, we
938 // may have cleared this state in OnDidCommitProvisionalLoad, in which case we
939 // can ignore this message.
940 // However renderer might also be swapped out but we still want to proceed
941 // with navigation, otherwise it would block future navigations. This can
942 // happen when pending cross-site navigation is canceled by a second one just
943 // before OnDidCommitProvisionalLoad while current RVH is waiting for commit
944 // but second navigation is started from the beginning.
945 if (!is_waiting_for_beforeunload_ack_) {
946 return;
947 }
948 DCHECK(!send_before_unload_start_time_.is_null());
949
950 // Sets a default value for before_unload_end_time so that the browser
951 // survives a hacked renderer.
952 base::TimeTicks before_unload_end_time = renderer_before_unload_end_time;
953 if (!renderer_before_unload_start_time.is_null() &&
954 !renderer_before_unload_end_time.is_null()) {
955 // When passing TimeTicks across process boundaries, we need to compensate
956 // for any skew between the processes. Here we are converting the
957 // renderer's notion of before_unload_end_time to TimeTicks in the browser
958 // process. See comments in inter_process_time_ticks_converter.h for more.
959 base::TimeTicks receive_before_unload_ack_time = base::TimeTicks::Now();
960 InterProcessTimeTicksConverter converter(
961 LocalTimeTicks::FromTimeTicks(send_before_unload_start_time_),
962 LocalTimeTicks::FromTimeTicks(receive_before_unload_ack_time),
963 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_start_time),
964 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
965 LocalTimeTicks browser_before_unload_end_time =
966 converter.ToLocalTimeTicks(
967 RemoteTimeTicks::FromTimeTicks(renderer_before_unload_end_time));
968 before_unload_end_time = browser_before_unload_end_time.ToTimeTicks();
969
970 // Collect UMA on the inter-process skew.
971 bool is_skew_additive = false;
972 if (converter.IsSkewAdditiveForMetrics()) {
973 is_skew_additive = true;
974 base::TimeDelta skew = converter.GetSkewForMetrics();
975 if (skew >= base::TimeDelta()) {
976 UMA_HISTOGRAM_TIMES(
977 "InterProcessTimeTicks.BrowserBehind_RendererToBrowser", skew);
978 } else {
979 UMA_HISTOGRAM_TIMES(
980 "InterProcessTimeTicks.BrowserAhead_RendererToBrowser", -skew);
981 }
982 }
983 UMA_HISTOGRAM_BOOLEAN(
984 "InterProcessTimeTicks.IsSkewAdditive_RendererToBrowser",
985 is_skew_additive);
986
987 base::TimeDelta on_before_unload_overhead_time =
988 (receive_before_unload_ack_time - send_before_unload_start_time_) -
989 (renderer_before_unload_end_time - renderer_before_unload_start_time);
990 UMA_HISTOGRAM_TIMES("Navigation.OnBeforeUnloadOverheadTime",
991 on_before_unload_overhead_time);
992
993 frame_tree_node_->navigator()->LogBeforeUnloadTime(
994 renderer_before_unload_start_time, renderer_before_unload_end_time);
995 }
996 // Resets beforeunload waiting state.
997 is_waiting_for_beforeunload_ack_ = false;
998 render_view_host_->decrement_in_flight_event_count();
999 render_view_host_->StopHangMonitorTimeout();
1000 send_before_unload_start_time_ = base::TimeTicks();
1001
1002 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1003 switches::kEnableBrowserSideNavigation)) {
1004 // TODO(clamy): see if before_unload_end_time should be transmitted to the
1005 // Navigator.
1006 frame_tree_node_->navigator()->OnBeforeUnloadACK(
1007 frame_tree_node_, proceed);
1008 } else {
1009 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
1010 unload_ack_is_for_navigation_, proceed,
1011 before_unload_end_time);
1012 }
1013
1014 // If canceled, notify the delegate to cancel its pending navigation entry.
1015 if (!proceed)
1016 render_view_host_->GetDelegate()->DidCancelLoading();
1017 }
1018
1019 bool RenderFrameHostImpl::IsWaitingForBeforeUnloadACK() const {
1020 if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
1021 switches::kEnableBrowserSideNavigation)) {
1022 return is_waiting_for_beforeunload_ack_;
1023 }
1024 return frame_tree_node_->navigator()->IsWaitingForBeforeUnloadACK(
1025 frame_tree_node_);
1026 }
1027
1028 bool RenderFrameHostImpl::IsWaitingForUnloadACK() const {
1029 return render_view_host_->is_waiting_for_close_ack_ ||
1030 rfh_state_ == STATE_PENDING_SWAP_OUT;
1031 }
1032
1033 bool RenderFrameHostImpl::SuddenTerminationAllowed() const {
1034 return override_sudden_termination_status_ ||
1035 (!has_beforeunload_handlers_ && !has_unload_handlers_);
1036 }
1037
1038 void RenderFrameHostImpl::OnSwapOutACK() {
1039 OnSwappedOut();
1040 }
1041
1042 void RenderFrameHostImpl::OnRenderProcessGone(int status, int exit_code) {
1043 if (frame_tree_node_->IsMainFrame()) {
1044 // Keep the termination status so we can get at it later when we
1045 // need to know why it died.
1046 render_view_host_->render_view_termination_status_ =
1047 static_cast<base::TerminationStatus>(status);
1048 }
1049
1050 SetRenderFrameCreated(false);
1051 InvalidateMojoConnection();
1052
1053 // Reset frame tree state associated with this process. This must happen
1054 // before RenderViewTerminated because observers expect the subframes of any
1055 // affected frames to be cleared first.
1056 // Note: When a RenderFrameHost is swapped out there is a different one
1057 // which is the current host. In this case, the FrameTreeNode state must
1058 // not be reset.
1059 if (!is_swapped_out())
1060 frame_tree_node_->ResetForNewProcess();
1061
1062 if (frame_tree_node_->IsMainFrame()) {
1063 // RenderViewHost/RenderWidgetHost needs to reset some stuff.
1064 render_view_host_->RendererExited(
1065 render_view_host_->render_view_termination_status_, exit_code);
1066
1067 render_view_host_->delegate_->RenderViewTerminated(
1068 render_view_host_, static_cast<base::TerminationStatus>(status),
1069 exit_code);
1070 }
1071 }
1072
1073 void RenderFrameHostImpl::OnSwappedOut() {
1074 // Ignore spurious swap out ack.
1075 if (rfh_state_ != STATE_PENDING_SWAP_OUT)
1076 return;
1077
1078 TRACE_EVENT_ASYNC_END0("navigation", "RenderFrameHostImpl::SwapOut", this);
1079 swapout_event_monitor_timeout_->Stop();
1080
1081 if (frame_tree_node_->render_manager()->DeleteFromPendingList(this)) {
1082 // We are now deleted.
1083 return;
1084 }
1085
1086 // If this RFH wasn't pending deletion, then it is now swapped out.
1087 SetState(RenderFrameHostImpl::STATE_SWAPPED_OUT);
1088 }
1089
1090 void RenderFrameHostImpl::OnContextMenu(const ContextMenuParams& params) {
1091 // Validate the URLs in |params|. If the renderer can't request the URLs
1092 // directly, don't show them in the context menu.
1093 ContextMenuParams validated_params(params);
1094 RenderProcessHost* process = GetProcess();
1095
1096 // We don't validate |unfiltered_link_url| so that this field can be used
1097 // when users want to copy the original link URL.
1098 process->FilterURL(true, &validated_params.link_url);
1099 process->FilterURL(true, &validated_params.src_url);
1100 process->FilterURL(false, &validated_params.page_url);
1101 process->FilterURL(true, &validated_params.frame_url);
1102
1103 delegate_->ShowContextMenu(this, validated_params);
1104 }
1105
1106 void RenderFrameHostImpl::OnJavaScriptExecuteResponse(
1107 int id, const base::ListValue& result) {
1108 const base::Value* result_value;
1109 if (!result.Get(0, &result_value)) {
1110 // Programming error or rogue renderer.
1111 NOTREACHED() << "Got bad arguments for OnJavaScriptExecuteResponse";
1112 return;
1113 }
1114
1115 std::map<int, JavaScriptResultCallback>::iterator it =
1116 javascript_callbacks_.find(id);
1117 if (it != javascript_callbacks_.end()) {
1118 it->second.Run(result_value);
1119 javascript_callbacks_.erase(it);
1120 } else {
1121 NOTREACHED() << "Received script response for unknown request";
1122 }
1123 }
1124
1125 void RenderFrameHostImpl::OnVisualStateResponse(uint64 id) {
1126 auto it = visual_state_callbacks_.find(id);
1127 if (it != visual_state_callbacks_.end()) {
1128 it->second.Run(true);
1129 visual_state_callbacks_.erase(it);
1130 } else {
1131 NOTREACHED() << "Received script response for unknown request";
1132 }
1133 }
1134
1135 void RenderFrameHostImpl::OnRunJavaScriptMessage(
1136 const base::string16& message,
1137 const base::string16& default_prompt,
1138 const GURL& frame_url,
1139 JavaScriptMessageType type,
1140 IPC::Message* reply_msg) {
1141 // While a JS message dialog is showing, tabs in the same process shouldn't
1142 // process input events.
1143 GetProcess()->SetIgnoreInputEvents(true);
1144 render_view_host_->StopHangMonitorTimeout();
1145 delegate_->RunJavaScriptMessage(this, message, default_prompt,
1146 frame_url, type, reply_msg);
1147 }
1148
1149 void RenderFrameHostImpl::OnRunBeforeUnloadConfirm(
1150 const GURL& frame_url,
1151 const base::string16& message,
1152 bool is_reload,
1153 IPC::Message* reply_msg) {
1154 // While a JS beforeunload dialog is showing, tabs in the same process
1155 // shouldn't process input events.
1156 GetProcess()->SetIgnoreInputEvents(true);
1157 render_view_host_->StopHangMonitorTimeout();
1158 delegate_->RunBeforeUnloadConfirm(this, message, is_reload, reply_msg);
1159 }
1160
1161 void RenderFrameHostImpl::OnTextSurroundingSelectionResponse(
1162 const base::string16& content,
1163 size_t start_offset,
1164 size_t end_offset) {
1165 render_view_host_->OnTextSurroundingSelectionResponse(
1166 content, start_offset, end_offset);
1167 }
1168
1169 void RenderFrameHostImpl::OnDidAccessInitialDocument() {
1170 delegate_->DidAccessInitialDocument();
1171 }
1172
1173 void RenderFrameHostImpl::OnDidDisownOpener() {
1174 // This message is only sent for top-level frames. TODO(avi): when frame tree
1175 // mirroring works correctly, add a check here to enforce it.
1176 delegate_->DidDisownOpener(this);
1177 }
1178
1179 void RenderFrameHostImpl::OnDidAssignPageId(int32 page_id) {
1180 // Update the RVH's current page ID so that future IPCs from the renderer
1181 // correspond to the new page.
1182 render_view_host_->page_id_ = page_id;
1183 }
1184
1185 void RenderFrameHostImpl::OnUpdateTitle(
1186 const base::string16& title,
1187 blink::WebTextDirection title_direction) {
1188 // This message is only sent for top-level frames. TODO(avi): when frame tree
1189 // mirroring works correctly, add a check here to enforce it.
1190 if (title.length() > kMaxTitleChars) {
1191 NOTREACHED() << "Renderer sent too many characters in title.";
1192 return;
1193 }
1194
1195 delegate_->UpdateTitle(this, render_view_host_->page_id_, title,
1196 WebTextDirectionToChromeTextDirection(
1197 title_direction));
1198 }
1199
1200 void RenderFrameHostImpl::OnUpdateEncoding(const std::string& encoding_name) {
1201 // This message is only sent for top-level frames. TODO(avi): when frame tree
1202 // mirroring works correctly, add a check here to enforce it.
1203 delegate_->UpdateEncoding(this, encoding_name);
1204 }
1205
1206 void RenderFrameHostImpl::OnBeginNavigation(
1207 const CommonNavigationParams& common_params,
1208 const BeginNavigationParams& begin_params,
1209 scoped_refptr<ResourceRequestBody> body) {
1210 CHECK(base::CommandLine::ForCurrentProcess()->HasSwitch(
1211 switches::kEnableBrowserSideNavigation));
1212 frame_tree_node()->navigator()->OnBeginNavigation(
1213 frame_tree_node(), common_params, begin_params, body);
1214 }
1215
1216 void RenderFrameHostImpl::OnAccessibilityEvents(
1217 const std::vector<AccessibilityHostMsg_EventParams>& params,
1218 int reset_token) {
1219 // Don't process this IPC if either we're waiting on a reset and this
1220 // IPC doesn't have the matching token ID, or if we're not waiting on a
1221 // reset but this message includes a reset token.
1222 if (accessibility_reset_token_ != reset_token) {
1223 Send(new AccessibilityMsg_Events_ACK(routing_id_));
1224 return;
1225 }
1226 accessibility_reset_token_ = 0;
1227
1228 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1229 render_view_host_->GetView());
1230
1231 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1232 if ((accessibility_mode != AccessibilityModeOff) && view &&
1233 RenderFrameHostImpl::IsRFHStateActive(rfh_state())) {
1234 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1235 GetOrCreateBrowserAccessibilityManager();
1236 if (browser_accessibility_manager_)
1237 browser_accessibility_manager_->OnAccessibilityEvents(params);
1238 }
1239
1240 if (browser_accessibility_manager_) {
1241 // Get the frame routing ids from out-of-process iframes and
1242 // browser plugin instance ids from guests and update the mappings in
1243 // FrameAccessibility.
1244 for (size_t i = 0; i < params.size(); ++i) {
1245 const AccessibilityHostMsg_EventParams& param = params[i];
1246 UpdateCrossProcessIframeAccessibility(
1247 param.node_to_frame_routing_id_map);
1248 UpdateGuestFrameAccessibility(
1249 param.node_to_browser_plugin_instance_id_map);
1250 }
1251 }
1252
1253 // Send the updates to the automation extension API.
1254 std::vector<AXEventNotificationDetails> details;
1255 details.reserve(params.size());
1256 for (size_t i = 0; i < params.size(); ++i) {
1257 const AccessibilityHostMsg_EventParams& param = params[i];
1258 AXEventNotificationDetails detail(param.update.node_id_to_clear,
1259 param.update.nodes,
1260 param.event_type,
1261 param.id,
1262 GetProcess()->GetID(),
1263 routing_id_);
1264 details.push_back(detail);
1265 }
1266
1267 delegate_->AccessibilityEventReceived(details);
1268 }
1269
1270 // Always send an ACK or the renderer can be in a bad state.
1271 Send(new AccessibilityMsg_Events_ACK(routing_id_));
1272
1273 // The rest of this code is just for testing; bail out if we're not
1274 // in that mode.
1275 if (accessibility_testing_callback_.is_null())
1276 return;
1277
1278 for (size_t i = 0; i < params.size(); i++) {
1279 const AccessibilityHostMsg_EventParams& param = params[i];
1280 if (static_cast<int>(param.event_type) < 0)
1281 continue;
1282
1283 if (!ax_tree_for_testing_) {
1284 if (browser_accessibility_manager_) {
1285 ax_tree_for_testing_.reset(new ui::AXTree(
1286 browser_accessibility_manager_->SnapshotAXTreeForTesting()));
1287 } else {
1288 ax_tree_for_testing_.reset(new ui::AXTree());
1289 CHECK(ax_tree_for_testing_->Unserialize(param.update))
1290 << ax_tree_for_testing_->error();
1291 }
1292 } else {
1293 CHECK(ax_tree_for_testing_->Unserialize(param.update))
1294 << ax_tree_for_testing_->error();
1295 }
1296 accessibility_testing_callback_.Run(param.event_type, param.id);
1297 }
1298 }
1299
1300 void RenderFrameHostImpl::OnAccessibilityLocationChanges(
1301 const std::vector<AccessibilityHostMsg_LocationChangeParams>& params) {
1302 if (accessibility_reset_token_)
1303 return;
1304
1305 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1306 render_view_host_->GetView());
1307 if (view && RenderFrameHostImpl::IsRFHStateActive(rfh_state())) {
1308 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1309 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1310 BrowserAccessibilityManager* manager =
1311 GetOrCreateBrowserAccessibilityManager();
1312 if (manager)
1313 manager->OnLocationChanges(params);
1314 }
1315 // TODO(aboxhall): send location change events to web contents observers too
1316 }
1317 }
1318
1319 void RenderFrameHostImpl::OnAccessibilityFindInPageResult(
1320 const AccessibilityHostMsg_FindInPageResultParams& params) {
1321 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1322 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1323 BrowserAccessibilityManager* manager =
1324 GetOrCreateBrowserAccessibilityManager();
1325 if (manager) {
1326 manager->OnFindInPageResult(
1327 params.request_id, params.match_index, params.start_id,
1328 params.start_offset, params.end_id, params.end_offset);
1329 }
1330 }
1331 }
1332
1333 void RenderFrameHostImpl::OnToggleFullscreen(bool enter_fullscreen) {
1334 if (enter_fullscreen)
1335 delegate_->EnterFullscreenMode(GetLastCommittedURL().GetOrigin());
1336 else
1337 delegate_->ExitFullscreenMode();
1338
1339 // The previous call might change the fullscreen state. We need to make sure
1340 // the renderer is aware of that, which is done via the resize message.
1341 render_view_host_->WasResized();
1342 }
1343
1344 void RenderFrameHostImpl::OnBeforeUnloadHandlersPresent(bool present) {
1345 has_beforeunload_handlers_ = present;
1346 }
1347
1348 void RenderFrameHostImpl::OnUnloadHandlersPresent(bool present) {
1349 has_unload_handlers_ = present;
1350 }
1351
1352 #if defined(OS_MACOSX) || defined(OS_ANDROID)
1353 void RenderFrameHostImpl::OnShowPopup(
1354 const FrameHostMsg_ShowPopup_Params& params) {
1355 RenderViewHostDelegateView* view =
1356 render_view_host_->delegate_->GetDelegateView();
1357 if (view) {
1358 view->ShowPopupMenu(this,
1359 params.bounds,
1360 params.item_height,
1361 params.item_font_size,
1362 params.selected_item,
1363 params.popup_items,
1364 params.right_aligned,
1365 params.allow_multiple_selection);
1366 }
1367 }
1368
1369 void RenderFrameHostImpl::OnHidePopup() {
1370 RenderViewHostDelegateView* view =
1371 render_view_host_->delegate_->GetDelegateView();
1372 if (view)
1373 view->HidePopupMenu();
1374 }
1375 #endif
1376
1377 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
1378 static void CreateMediaRendererService(
1379 mojo::InterfaceRequest<mojo::MediaRenderer> request) {
1380 media::MojoRendererService* service = new media::MojoRendererService();
1381 mojo::BindToRequest(service, &request);
1382 }
1383 #endif
1384
1385 void RenderFrameHostImpl::RegisterMojoServices() {
1386 GeolocationServiceContext* geolocation_service_context =
1387 delegate_ ? delegate_->GetGeolocationServiceContext() : NULL;
1388 if (geolocation_service_context) {
1389 // TODO(creis): Bind process ID here so that GeolocationServiceImpl
1390 // can perform permissions checks once site isolation is complete.
1391 // crbug.com/426384
1392 GetServiceRegistry()->AddService<GeolocationService>(
1393 base::Bind(&GeolocationServiceContext::CreateService,
1394 base::Unretained(geolocation_service_context),
1395 base::Bind(&RenderFrameHostImpl::DidUseGeolocationPermission,
1396 base::Unretained(this))));
1397 }
1398
1399 if (!permission_service_context_)
1400 permission_service_context_.reset(new PermissionServiceContext(this));
1401
1402 GetServiceRegistry()->AddService<PermissionService>(
1403 base::Bind(&PermissionServiceContext::CreateService,
1404 base::Unretained(permission_service_context_.get())));
1405
1406 GetServiceRegistry()->AddService<presentation::PresentationService>(
1407 base::Bind(&PresentationServiceImpl::CreateMojoService,
1408 base::Unretained(this)));
1409
1410 #if defined(ENABLE_MEDIA_MOJO_RENDERER)
1411 GetServiceRegistry()->AddService<mojo::MediaRenderer>(
1412 base::Bind(&CreateMediaRendererService));
1413 #endif
1414 }
1415
1416 void RenderFrameHostImpl::SetState(RenderFrameHostImplState rfh_state) {
1417 // Only main frames should be swapped out and retained inside a proxy host.
1418 if (rfh_state == STATE_SWAPPED_OUT)
1419 CHECK(!GetParent());
1420
1421 // We update the number of RenderFrameHosts in a SiteInstance when the swapped
1422 // out status of a RenderFrameHost gets flipped to/from active.
1423 if (!IsRFHStateActive(rfh_state_) && IsRFHStateActive(rfh_state))
1424 GetSiteInstance()->increment_active_frame_count();
1425 else if (IsRFHStateActive(rfh_state_) && !IsRFHStateActive(rfh_state))
1426 GetSiteInstance()->decrement_active_frame_count();
1427
1428 // The active and swapped out state of the RVH is determined by its main
1429 // frame, since subframes should have their own widgets.
1430 if (frame_tree_node_->IsMainFrame()) {
1431 render_view_host_->set_is_active(IsRFHStateActive(rfh_state));
1432 render_view_host_->set_is_swapped_out(rfh_state == STATE_SWAPPED_OUT);
1433 }
1434
1435 // Whenever we change the RFH state to and from active or swapped out state,
1436 // we should not be waiting for beforeunload or close acks. We clear them
1437 // here to be safe, since they can cause navigations to be ignored in
1438 // OnDidCommitProvisionalLoad.
1439 // TODO(creis): Move is_waiting_for_beforeunload_ack_ into the state machine.
1440 if (rfh_state == STATE_DEFAULT ||
1441 rfh_state == STATE_SWAPPED_OUT ||
1442 rfh_state_ == STATE_DEFAULT ||
1443 rfh_state_ == STATE_SWAPPED_OUT) {
1444 if (is_waiting_for_beforeunload_ack_) {
1445 is_waiting_for_beforeunload_ack_ = false;
1446 render_view_host_->decrement_in_flight_event_count();
1447 render_view_host_->StopHangMonitorTimeout();
1448 }
1449 send_before_unload_start_time_ = base::TimeTicks();
1450 render_view_host_->is_waiting_for_close_ack_ = false;
1451 }
1452 rfh_state_ = rfh_state;
1453 }
1454
1455 bool RenderFrameHostImpl::CanCommitURL(const GURL& url) {
1456 // TODO(creis): We should also check for WebUI pages here. Also, when the
1457 // out-of-process iframes implementation is ready, we should check for
1458 // cross-site URLs that are not allowed to commit in this process.
1459
1460 // Give the client a chance to disallow URLs from committing.
1461 return GetContentClient()->browser()->CanCommitURL(GetProcess(), url);
1462 }
1463
1464 void RenderFrameHostImpl::Navigate(const FrameMsg_Navigate_Params& params) {
1465 TRACE_EVENT0("navigation", "RenderFrameHostImpl::Navigate");
1466 // Browser plugin guests are not allowed to navigate outside web-safe schemes,
1467 // so do not grant them the ability to request additional URLs.
1468 if (!GetProcess()->IsIsolatedGuest()) {
1469 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
1470 GetProcess()->GetID(), params.common_params.url);
1471 if (params.common_params.url.SchemeIs(url::kDataScheme) &&
1472 params.base_url_for_data_url.SchemeIs(url::kFileScheme)) {
1473 // If 'data:' is used, and we have a 'file:' base url, grant access to
1474 // local files.
1475 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL(
1476 GetProcess()->GetID(), params.base_url_for_data_url);
1477 }
1478 }
1479
1480 // We may be returning to an existing NavigationEntry that had been granted
1481 // file access. If this is a different process, we will need to grant the
1482 // access again. The files listed in the page state are validated when they
1483 // are received from the renderer to prevent abuse.
1484 if (params.commit_params.page_state.IsValid()) {
1485 render_view_host_->GrantFileAccessFromPageState(
1486 params.commit_params.page_state);
1487 }
1488
1489 // Only send the message if we aren't suspended at the start of a cross-site
1490 // request.
1491 if (navigations_suspended_) {
1492 // Shouldn't be possible to have a second navigation while suspended, since
1493 // navigations will only be suspended during a cross-site request. If a
1494 // second navigation occurs, RenderFrameHostManager will cancel this pending
1495 // RFH and create a new pending RFH.
1496 DCHECK(!suspended_nav_params_.get());
1497 suspended_nav_params_.reset(new FrameMsg_Navigate_Params(params));
1498 } else {
1499 // Get back to a clean state, in case we start a new navigation without
1500 // completing a RFH swap or unload handler.
1501 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1502
1503 Send(new FrameMsg_Navigate(routing_id_, params));
1504 }
1505
1506 // Force the throbber to start. We do this because Blink's "started
1507 // loading" message will be received asynchronously from the UI of the
1508 // browser. But we want to keep the throbber in sync with what's happening
1509 // in the UI. For example, we want to start throbbing immediately when the
1510 // user navigates even if the renderer is delayed. There is also an issue
1511 // with the throbber starting because the WebUI (which controls whether the
1512 // favicon is displayed) happens synchronously. If the start loading
1513 // messages was asynchronous, then the default favicon would flash in.
1514 //
1515 // Blink doesn't send throb notifications for JavaScript URLs, so we
1516 // don't want to either.
1517 if (!params.common_params.url.SchemeIs(url::kJavaScriptScheme))
1518 delegate_->DidStartLoading(this, true);
1519 }
1520
1521 void RenderFrameHostImpl::NavigateToURL(const GURL& url) {
1522 FrameMsg_Navigate_Params params;
1523 params.common_params.url = url;
1524 params.common_params.transition = ui::PAGE_TRANSITION_LINK;
1525 params.common_params.navigation_type = FrameMsg_Navigate_Type::NORMAL;
1526 params.commit_params.browser_navigation_start = base::TimeTicks::Now();
1527 params.page_id = -1;
1528 params.pending_history_list_offset = -1;
1529 params.current_history_list_offset = -1;
1530 params.current_history_list_length = 0;
1531 Navigate(params);
1532 }
1533
1534 void RenderFrameHostImpl::OpenURL(const FrameHostMsg_OpenURL_Params& params,
1535 SiteInstance* source_site_instance) {
1536 GURL validated_url(params.url);
1537 GetProcess()->FilterURL(false, &validated_url);
1538
1539 TRACE_EVENT1("navigation", "RenderFrameHostImpl::OpenURL", "url",
1540 validated_url.possibly_invalid_spec());
1541 frame_tree_node_->navigator()->RequestOpenURL(
1542 this, validated_url, source_site_instance, params.referrer,
1543 params.disposition, params.should_replace_current_entry,
1544 params.user_gesture);
1545 }
1546
1547 void RenderFrameHostImpl::Stop() {
1548 Send(new FrameMsg_Stop(routing_id_));
1549 }
1550
1551 void RenderFrameHostImpl::DispatchBeforeUnload(bool for_navigation) {
1552 // TODO(creis): Support beforeunload on subframes. For now just pretend that
1553 // the handler ran and allowed the navigation to proceed.
1554 if (GetParent() || !IsRenderFrameLive()) {
1555 // We don't have a live renderer, so just skip running beforeunload.
1556 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1557 switches::kEnableBrowserSideNavigation)) {
1558 frame_tree_node_->navigator()->OnBeforeUnloadACK(
1559 frame_tree_node_, true);
1560 } else {
1561 frame_tree_node_->render_manager()->OnBeforeUnloadACK(
1562 for_navigation, true, base::TimeTicks::Now());
1563 }
1564 return;
1565 }
1566 TRACE_EVENT_ASYNC_BEGIN0(
1567 "navigation", "RenderFrameHostImpl::BeforeUnload", this);
1568
1569 // This may be called more than once (if the user clicks the tab close button
1570 // several times, or if she clicks the tab close button then the browser close
1571 // button), and we only send the message once.
1572 if (is_waiting_for_beforeunload_ack_) {
1573 // Some of our close messages could be for the tab, others for cross-site
1574 // transitions. We always want to think it's for closing the tab if any
1575 // of the messages were, since otherwise it might be impossible to close
1576 // (if there was a cross-site "close" request pending when the user clicked
1577 // the close button). We want to keep the "for cross site" flag only if
1578 // both the old and the new ones are also for cross site.
1579 unload_ack_is_for_navigation_ =
1580 unload_ack_is_for_navigation_ && for_navigation;
1581 } else {
1582 // Start the hang monitor in case the renderer hangs in the beforeunload
1583 // handler.
1584 is_waiting_for_beforeunload_ack_ = true;
1585 unload_ack_is_for_navigation_ = for_navigation;
1586 // Increment the in-flight event count, to ensure that input events won't
1587 // cancel the timeout timer.
1588 render_view_host_->increment_in_flight_event_count();
1589 render_view_host_->StartHangMonitorTimeout(
1590 TimeDelta::FromMilliseconds(RenderViewHostImpl::kUnloadTimeoutMS));
1591 send_before_unload_start_time_ = base::TimeTicks::Now();
1592 Send(new FrameMsg_BeforeUnload(routing_id_));
1593 }
1594 }
1595
1596 void RenderFrameHostImpl::DisownOpener() {
1597 Send(new FrameMsg_DisownOpener(GetRoutingID()));
1598 }
1599
1600 void RenderFrameHostImpl::ExtendSelectionAndDelete(size_t before,
1601 size_t after) {
1602 Send(new InputMsg_ExtendSelectionAndDelete(routing_id_, before, after));
1603 }
1604
1605 void RenderFrameHostImpl::JavaScriptDialogClosed(
1606 IPC::Message* reply_msg,
1607 bool success,
1608 const base::string16& user_input,
1609 bool dialog_was_suppressed) {
1610 GetProcess()->SetIgnoreInputEvents(false);
1611 bool is_waiting = is_waiting_for_beforeunload_ack_ || IsWaitingForUnloadACK();
1612
1613 // If we are executing as part of (before)unload event handling, we don't
1614 // want to use the regular hung_renderer_delay_ms_ if the user has agreed to
1615 // leave the current page. In this case, use the regular timeout value used
1616 // during the (before)unload handling.
1617 if (is_waiting) {
1618 render_view_host_->StartHangMonitorTimeout(TimeDelta::FromMilliseconds(
1619 success ? RenderViewHostImpl::kUnloadTimeoutMS
1620 : render_view_host_->hung_renderer_delay_ms_));
1621 }
1622
1623 FrameHostMsg_RunJavaScriptMessage::WriteReplyParams(reply_msg,
1624 success, user_input);
1625 Send(reply_msg);
1626
1627 // If we are waiting for an unload or beforeunload ack and the user has
1628 // suppressed messages, kill the tab immediately; a page that's spamming
1629 // alerts in onbeforeunload is presumably malicious, so there's no point in
1630 // continuing to run its script and dragging out the process.
1631 // This must be done after sending the reply since RenderView can't close
1632 // correctly while waiting for a response.
1633 if (is_waiting && dialog_was_suppressed)
1634 render_view_host_->delegate_->RendererUnresponsive(render_view_host_);
1635 }
1636
1637 // PlzNavigate
1638 void RenderFrameHostImpl::CommitNavigation(
1639 ResourceResponse* response,
1640 scoped_ptr<StreamHandle> body,
1641 const CommonNavigationParams& common_params,
1642 const CommitNavigationParams& commit_params) {
1643 // TODO(clamy): Check if we have to add security checks for the browser plugin
1644 // guests.
1645
1646 // Get back to a clean state, in case we start a new navigation without
1647 // completing a RFH swap or unload handler.
1648 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1649
1650 Send(new FrameMsg_CommitNavigation(
1651 routing_id_, response->head, body->GetURL(),
1652 common_params, commit_params));
1653 // TODO(clamy): Check if we should start the throbber for non javascript urls
1654 // here.
1655
1656 // TODO(clamy): Release the stream handle once the renderer has finished
1657 // reading it.
1658 stream_handle_ = body.Pass();
1659 }
1660
1661 void RenderFrameHostImpl::SetUpMojoIfNeeded() {
1662 if (service_registry_.get())
1663 return;
1664
1665 service_registry_.reset(new ServiceRegistryImpl());
1666 if (!GetProcess()->GetServiceRegistry())
1667 return;
1668
1669 RegisterMojoServices();
1670 RenderFrameSetupPtr setup;
1671 GetProcess()->GetServiceRegistry()->ConnectToRemoteService(&setup);
1672
1673 mojo::ServiceProviderPtr exposed_services;
1674 service_registry_->Bind(GetProxy(&exposed_services));
1675
1676 mojo::ServiceProviderPtr services;
1677 setup->ExchangeServiceProviders(routing_id_, GetProxy(&services),
1678 exposed_services.Pass());
1679 service_registry_->BindRemoteServiceProvider(services.Pass());
1680
1681 #if defined(OS_ANDROID)
1682 service_registry_android_.reset(
1683 new ServiceRegistryAndroid(service_registry_.get()));
1684 #endif
1685 }
1686
1687 void RenderFrameHostImpl::InvalidateMojoConnection() {
1688 #if defined(OS_ANDROID)
1689 // The Android-specific service registry has a reference to
1690 // |service_registry_| and thus must be torn down first.
1691 service_registry_android_.reset();
1692 #endif
1693
1694 service_registry_.reset();
1695 }
1696
1697 bool RenderFrameHostImpl::IsFocused() {
1698 // TODO(mlamouri,kenrb): call GetRenderWidgetHost() directly when it stops
1699 // returning nullptr in some cases. See https://crbug.com/455245.
1700 return RenderWidgetHostImpl::From(
1701 GetView()->GetRenderWidgetHost())->is_focused() &&
1702 frame_tree_->GetFocusedFrame() &&
1703 (frame_tree_->GetFocusedFrame() == frame_tree_node() ||
1704 frame_tree_->GetFocusedFrame()->IsDescendantOf(frame_tree_node()));
1705 }
1706
1707 void RenderFrameHostImpl::UpdateCrossProcessIframeAccessibility(
1708 const std::map<int32, int>& node_to_frame_routing_id_map) {
1709 for (const auto& iter : node_to_frame_routing_id_map) {
1710 // This is the id of the accessibility node that has a child frame.
1711 int32 node_id = iter.first;
1712 // The routing id from either a RenderFrame or a RenderFrameProxy.
1713 int frame_routing_id = iter.second;
1714
1715 FrameTree* frame_tree = frame_tree_node()->frame_tree();
1716 FrameTreeNode* child_frame_tree_node = frame_tree->FindByRoutingID(
1717 frame_routing_id, GetProcess()->GetID());
1718
1719 if (child_frame_tree_node) {
1720 FrameAccessibility::GetInstance()->AddChildFrame(
1721 this, node_id, child_frame_tree_node->frame_tree_node_id());
1722 }
1723 }
1724 }
1725
1726 void RenderFrameHostImpl::UpdateGuestFrameAccessibility(
1727 const std::map<int32, int>& node_to_browser_plugin_instance_id_map) {
1728 for (const auto& iter : node_to_browser_plugin_instance_id_map) {
1729 // This is the id of the accessibility node that hosts a plugin.
1730 int32 node_id = iter.first;
1731 // The id of the browser plugin.
1732 int browser_plugin_instance_id = iter.second;
1733 FrameAccessibility::GetInstance()->AddGuestWebContents(
1734 this, node_id, browser_plugin_instance_id);
1735 }
1736 }
1737
1738 bool RenderFrameHostImpl::IsSameSiteInstance(
1739 RenderFrameHostImpl* other_render_frame_host) {
1740 // As a sanity check, make sure the frame belongs to the same BrowserContext.
1741 CHECK_EQ(GetSiteInstance()->GetBrowserContext(),
1742 other_render_frame_host->GetSiteInstance()->GetBrowserContext());
1743 return GetSiteInstance() == other_render_frame_host->GetSiteInstance();
1744 }
1745
1746 void RenderFrameHostImpl::SetAccessibilityMode(AccessibilityMode mode) {
1747 Send(new FrameMsg_SetAccessibilityMode(routing_id_, mode));
1748 }
1749
1750 void RenderFrameHostImpl::SetAccessibilityCallbackForTesting(
1751 const base::Callback<void(ui::AXEvent, int)>& callback) {
1752 accessibility_testing_callback_ = callback;
1753 }
1754
1755 const ui::AXTree* RenderFrameHostImpl::GetAXTreeForTesting() {
1756 return ax_tree_for_testing_.get();
1757 }
1758
1759 BrowserAccessibilityManager*
1760 RenderFrameHostImpl::GetOrCreateBrowserAccessibilityManager() {
1761 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1762 render_view_host_->GetView());
1763 if (view &&
1764 !browser_accessibility_manager_ &&
1765 !no_create_browser_accessibility_manager_for_testing_) {
1766 browser_accessibility_manager_.reset(
1767 view->CreateBrowserAccessibilityManager(this));
1768 if (browser_accessibility_manager_)
1769 UMA_HISTOGRAM_COUNTS("Accessibility.FrameEnabledCount", 1);
1770 else
1771 UMA_HISTOGRAM_COUNTS("Accessibility.FrameDidNotEnableCount", 1);
1772 }
1773 return browser_accessibility_manager_.get();
1774 }
1775
1776 void RenderFrameHostImpl::ActivateFindInPageResultForAccessibility(
1777 int request_id) {
1778 AccessibilityMode accessibility_mode = delegate_->GetAccessibilityMode();
1779 if (accessibility_mode & AccessibilityModeFlagPlatform) {
1780 BrowserAccessibilityManager* manager =
1781 GetOrCreateBrowserAccessibilityManager();
1782 if (manager)
1783 manager->ActivateFindInPageResult(request_id);
1784 }
1785 }
1786
1787 void RenderFrameHostImpl::InsertVisualStateCallback(
1788 const VisualStateCallback& callback) {
1789 static uint64 next_id = 1;
1790 uint64 key = next_id++;
1791 Send(new FrameMsg_VisualStateRequest(routing_id_, key));
1792 visual_state_callbacks_.insert(std::make_pair(key, callback));
1793 }
1794
1795 #if defined(OS_WIN)
1796
1797 void RenderFrameHostImpl::SetParentNativeViewAccessible(
1798 gfx::NativeViewAccessible accessible_parent) {
1799 RenderWidgetHostViewBase* view = static_cast<RenderWidgetHostViewBase*>(
1800 render_view_host_->GetView());
1801 if (view)
1802 view->SetParentNativeViewAccessible(accessible_parent);
1803 }
1804
1805 gfx::NativeViewAccessible
1806 RenderFrameHostImpl::GetParentNativeViewAccessible() const {
1807 return delegate_->GetParentNativeViewAccessible();
1808 }
1809
1810 #elif defined(OS_MACOSX)
1811
1812 void RenderFrameHostImpl::DidSelectPopupMenuItem(int selected_index) {
1813 Send(new FrameMsg_SelectPopupMenuItem(routing_id_, selected_index));
1814 }
1815
1816 void RenderFrameHostImpl::DidCancelPopupMenu() {
1817 Send(new FrameMsg_SelectPopupMenuItem(routing_id_, -1));
1818 }
1819
1820 #elif defined(OS_ANDROID)
1821
1822 void RenderFrameHostImpl::DidSelectPopupMenuItems(
1823 const std::vector<int>& selected_indices) {
1824 Send(new FrameMsg_SelectPopupMenuItems(routing_id_, false, selected_indices));
1825 }
1826
1827 void RenderFrameHostImpl::DidCancelPopupMenu() {
1828 Send(new FrameMsg_SelectPopupMenuItems(
1829 routing_id_, true, std::vector<int>()));
1830 }
1831
1832 #endif
1833
1834 void RenderFrameHostImpl::ClearPendingTransitionRequestData() {
1835 BrowserThread::PostTask(
1836 BrowserThread::IO,
1837 FROM_HERE,
1838 base::Bind(
1839 &TransitionRequestManager::ClearPendingTransitionRequestData,
1840 base::Unretained(TransitionRequestManager::GetInstance()),
1841 GetProcess()->GetID(),
1842 routing_id_));
1843 }
1844
1845 void RenderFrameHostImpl::SetNavigationsSuspended(
1846 bool suspend,
1847 const base::TimeTicks& proceed_time) {
1848 // This should only be called to toggle the state.
1849 DCHECK(navigations_suspended_ != suspend);
1850
1851 navigations_suspended_ = suspend;
1852 if (navigations_suspended_) {
1853 TRACE_EVENT_ASYNC_BEGIN0("navigation",
1854 "RenderFrameHostImpl navigation suspended", this);
1855 } else {
1856 TRACE_EVENT_ASYNC_END0("navigation",
1857 "RenderFrameHostImpl navigation suspended", this);
1858 }
1859
1860 if (!suspend && suspended_nav_params_) {
1861 // There's navigation message params waiting to be sent. Now that we're not
1862 // suspended anymore, resume navigation by sending them. If we were swapped
1863 // out, we should also stop filtering out the IPC messages now.
1864 SetState(RenderFrameHostImpl::STATE_DEFAULT);
1865
1866 DCHECK(!proceed_time.is_null());
1867 suspended_nav_params_->commit_params.browser_navigation_start =
1868 proceed_time;
1869 Send(new FrameMsg_Navigate(routing_id_, *suspended_nav_params_));
1870 suspended_nav_params_.reset();
1871 }
1872 }
1873
1874 void RenderFrameHostImpl::CancelSuspendedNavigations() {
1875 // Clear any state if a pending navigation is canceled or preempted.
1876 if (suspended_nav_params_)
1877 suspended_nav_params_.reset();
1878
1879 TRACE_EVENT_ASYNC_END0("navigation",
1880 "RenderFrameHostImpl navigation suspended", this);
1881 navigations_suspended_ = false;
1882 }
1883
1884 void RenderFrameHostImpl::DidUseGeolocationPermission() {
1885 RenderFrameHost* top_frame = frame_tree_node()->frame_tree()->GetMainFrame();
1886 GetContentClient()->browser()->RegisterPermissionUsage(
1887 PERMISSION_GEOLOCATION,
1888 delegate_->GetAsWebContents(),
1889 GetLastCommittedURL().GetOrigin(),
1890 top_frame->GetLastCommittedURL().GetOrigin());
1891 }
1892
1893 } // namespace content