search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Delete chrome.mediaGalleriesPrivate because the functionality unique to it has since...
[chromium-blink-merge.git] / chrome / renderer / chrome_content_renderer_client.cc
blobf49170d3125b4dbbceeaefee6748e8933b1336df
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/renderer/chrome_content_renderer_client.h"
6
7 #include "base/command_line.h"
8 #include "base/debug/crash_logging.h"
9 #include "base/logging.h"
10 #include "base/metrics/field_trial.h"
11 #include "base/metrics/histogram.h"
12 #include "base/metrics/user_metrics_action.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/values.h"
17 #include "chrome/common/chrome_paths.h"
18 #include "chrome/common/chrome_switches.h"
19 #include "chrome/common/chrome_version_info.h"
20 #include "chrome/common/crash_keys.h"
21 #include "chrome/common/extensions/extension_metrics.h"
22 #include "chrome/common/localized_error.h"
23 #include "chrome/common/pepper_permission_util.h"
24 #include "chrome/common/render_messages.h"
25 #include "chrome/common/url_constants.h"
26 #include "chrome/grit/generated_resources.h"
27 #include "chrome/grit/locale_settings.h"
28 #include "chrome/grit/renderer_resources.h"
29 #include "chrome/renderer/benchmarking_extension.h"
30 #include "chrome/renderer/chrome_render_frame_observer.h"
31 #include "chrome/renderer/chrome_render_process_observer.h"
32 #include "chrome/renderer/chrome_render_view_observer.h"
33 #include "chrome/renderer/content_settings_observer.h"
34 #include "chrome/renderer/external_extension.h"
35 #include "chrome/renderer/loadtimes_extension_bindings.h"
36 #include "chrome/renderer/media/chrome_key_systems.h"
37 #include "chrome/renderer/net/net_error_helper.h"
38 #include "chrome/renderer/net_benchmarking_extension.h"
39 #include "chrome/renderer/page_load_histograms.h"
40 #include "chrome/renderer/pepper/pepper_helper.h"
41 #include "chrome/renderer/playback_extension.h"
42 #include "chrome/renderer/plugins/chrome_plugin_placeholder.h"
43 #include "chrome/renderer/plugins/plugin_uma.h"
44 #include "chrome/renderer/plugins/shadow_dom_plugin_placeholder.h"
45 #include "chrome/renderer/prefetch_helper.h"
46 #include "chrome/renderer/prerender/prerender_dispatcher.h"
47 #include "chrome/renderer/prerender/prerender_helper.h"
48 #include "chrome/renderer/prerender/prerender_media_load_deferrer.h"
49 #include "chrome/renderer/prerender/prerenderer_client.h"
50 #include "chrome/renderer/principals_extension_bindings.h"
51 #include "chrome/renderer/safe_browsing/malware_dom_details.h"
52 #include "chrome/renderer/safe_browsing/phishing_classifier_delegate.h"
53 #include "chrome/renderer/searchbox/search_bouncer.h"
54 #include "chrome/renderer/searchbox/searchbox.h"
55 #include "chrome/renderer/searchbox/searchbox_extension.h"
56 #include "chrome/renderer/tts_dispatcher.h"
57 #include "chrome/renderer/worker_permission_client_proxy.h"
58 #include "components/autofill/content/renderer/autofill_agent.h"
59 #include "components/autofill/content/renderer/password_autofill_agent.h"
60 #include "components/autofill/content/renderer/password_generation_agent.h"
61 #include "components/content_settings/core/common/content_settings_pattern.h"
62 #include "components/dns_prefetch/renderer/prescient_networking_dispatcher.h"
63 #include "components/dom_distiller/core/url_constants.h"
64 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
65 #include "components/password_manager/content/renderer/credential_manager_client.h"
66 #include "components/pdf/renderer/ppb_pdf_impl.h"
67 #include "components/plugins/renderer/mobile_youtube_plugin.h"
68 #include "components/signin/core/common/profile_management_switches.h"
69 #include "components/visitedlink/renderer/visitedlink_slave.h"
70 #include "components/web_cache/renderer/web_cache_render_process_observer.h"
71 #include "content/public/common/content_constants.h"
72 #include "content/public/renderer/plugin_instance_throttler.h"
73 #include "content/public/renderer/render_frame.h"
74 #include "content/public/renderer/render_thread.h"
75 #include "content/public/renderer/render_view.h"
76 #include "content/public/renderer/render_view_visitor.h"
77 #include "extensions/common/constants.h"
78 #include "ipc/ipc_sync_channel.h"
79 #include "net/base/net_errors.h"
80 #include "ppapi/c/private/ppb_nacl_private.h"
81 #include "ppapi/c/private/ppb_pdf.h"
82 #include "ppapi/shared_impl/ppapi_switches.h"
83 #include "third_party/WebKit/public/platform/WebURL.h"
84 #include "third_party/WebKit/public/platform/WebURLError.h"
85 #include "third_party/WebKit/public/platform/WebURLRequest.h"
86 #include "third_party/WebKit/public/web/WebCache.h"
87 #include "third_party/WebKit/public/web/WebDataSource.h"
88 #include "third_party/WebKit/public/web/WebDocument.h"
89 #include "third_party/WebKit/public/web/WebElement.h"
90 #include "third_party/WebKit/public/web/WebLocalFrame.h"
91 #include "third_party/WebKit/public/web/WebPluginContainer.h"
92 #include "third_party/WebKit/public/web/WebPluginParams.h"
93 #include "third_party/WebKit/public/web/WebPluginPlaceholder.h"
94 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
95 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
96 #include "ui/base/l10n/l10n_util.h"
97 #include "ui/base/layout.h"
98 #include "ui/base/resource/resource_bundle.h"
99 #include "ui/base/webui/jstemplate_builder.h"
100 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
101
102 #if !defined(DISABLE_NACL)
103 #include "components/nacl/common/nacl_constants.h"
104 #include "components/nacl/renderer/nacl_helper.h"
105 #endif
106
107 #if defined(ENABLE_EXTENSIONS)
108 #include "chrome/common/extensions/chrome_extensions_client.h"
109 #include "chrome/common/extensions/extension_process_policy.h"
110 #include "chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h"
111 #include "chrome/renderer/extensions/chrome_extensions_renderer_client.h"
112 #include "chrome/renderer/extensions/extension_frame_helper.h"
113 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
114 #include "chrome/renderer/extensions/resource_request_policy.h"
115 #include "chrome/renderer/media/cast_ipc_dispatcher.h"
116 #include "extensions/common/extension.h"
117 #include "extensions/common/extension_set.h"
118 #include "extensions/common/extension_urls.h"
119 #include "extensions/common/switches.h"
120 #include "extensions/renderer/dispatcher.h"
121 #include "extensions/renderer/extension_helper.h"
122 #include "extensions/renderer/extensions_render_frame_observer.h"
123 #include "extensions/renderer/guest_view/extensions_guest_view_container.h"
124 #include "extensions/renderer/guest_view/guest_view_container.h"
125 #include "extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.h"
126 #include "extensions/renderer/script_context.h"
127 #endif
128
129 #if defined(ENABLE_PRINTING)
130 #include "chrome/renderer/printing/chrome_print_web_view_helper_delegate.h"
131 #include "components/printing/renderer/print_web_view_helper.h"
132 #endif
133
134 #if defined(ENABLE_PRINT_PREVIEW)
135 #include "chrome/renderer/pepper/chrome_pdf_print_client.h"
136 #endif
137
138 #if defined(ENABLE_SPELLCHECK)
139 #include "chrome/renderer/spellchecker/spellcheck.h"
140 #include "chrome/renderer/spellchecker/spellcheck_provider.h"
141 #endif
142
143 #if defined(ENABLE_WEBRTC)
144 #include "chrome/renderer/media/webrtc_logging_message_filter.h"
145 #endif
146
147 #if defined(OS_WIN)
148 #include "chrome_elf/blacklist/blacklist.h"
149 #endif
150
151 using autofill::AutofillAgent;
152 using autofill::PasswordAutofillAgent;
153 using autofill::PasswordGenerationAgent;
154 using base::ASCIIToUTF16;
155 using base::UserMetricsAction;
156 using content::PluginInstanceThrottler;
157 using content::PluginPowerSaverMode;
158 using content::RenderFrame;
159 using content::RenderThread;
160 using content::WebPluginInfo;
161 using extensions::Extension;
162 using blink::WebCache;
163 using blink::WebConsoleMessage;
164 using blink::WebDataSource;
165 using blink::WebDocument;
166 using blink::WebFrame;
167 using blink::WebLocalFrame;
168 using blink::WebPlugin;
169 using blink::WebPluginParams;
170 using blink::WebSecurityOrigin;
171 using blink::WebSecurityPolicy;
172 using blink::WebString;
173 using blink::WebURL;
174 using blink::WebURLError;
175 using blink::WebURLRequest;
176 using blink::WebURLResponse;
177 using blink::WebVector;
178
179 namespace {
180
181 ChromeContentRendererClient* g_current_client;
182
183 #if defined(ENABLE_PLUGINS)
184 const char* const kPredefinedAllowedCompositorOrigins[] = {
185 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/383937
186 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/383937
187 };
188 #endif
189
190 void AppendParams(const std::vector<base::string16>& additional_names,
191 const std::vector<base::string16>& additional_values,
192 WebVector<WebString>* existing_names,
193 WebVector<WebString>* existing_values) {
194 DCHECK(additional_names.size() == additional_values.size());
195 DCHECK(existing_names->size() == existing_values->size());
196
197 size_t existing_size = existing_names->size();
198 size_t total_size = existing_size + additional_names.size();
199
200 WebVector<WebString> names(total_size);
201 WebVector<WebString> values(total_size);
202
203 for (size_t i = 0; i < existing_size; ++i) {
204 names[i] = (*existing_names)[i];
205 values[i] = (*existing_values)[i];
206 }
207
208 for (size_t i = 0; i < additional_names.size(); ++i) {
209 names[existing_size + i] = additional_names[i];
210 values[existing_size + i] = additional_values[i];
211 }
212
213 existing_names->swap(names);
214 existing_values->swap(values);
215 }
216
217 #if defined(ENABLE_SPELLCHECK)
218 class SpellCheckReplacer : public content::RenderViewVisitor {
219 public:
220 explicit SpellCheckReplacer(SpellCheck* spellcheck)
221 : spellcheck_(spellcheck) {}
222 bool Visit(content::RenderView* render_view) override;
223
224 private:
225 SpellCheck* spellcheck_; // New shared spellcheck for all views. Weak Ptr.
226 DISALLOW_COPY_AND_ASSIGN(SpellCheckReplacer);
227 };
228
229 bool SpellCheckReplacer::Visit(content::RenderView* render_view) {
230 SpellCheckProvider* provider = SpellCheckProvider::Get(render_view);
231 DCHECK(provider);
232 provider->set_spellcheck(spellcheck_);
233 return true;
234 }
235 #endif
236
237 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
238 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
239 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
240 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
241 return false;
242 }
243
244 #if !defined(DISABLE_NACL)
245 // Treat Native Client invocations like JavaScript.
246 if (plugin.name == ASCIIToUTF16(nacl::kNaClPluginName))
247 return true;
248 #endif
249
250 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
251 // Treat CDM invocations like JavaScript.
252 if (plugin.name == ASCIIToUTF16(kWidevineCdmDisplayName)) {
253 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
254 return true;
255 }
256 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
257
258 return false;
259 }
260
261 #if defined(ENABLE_EXTENSIONS)
262 void IsGuestViewApiAvailableToScriptContext(
263 bool* api_is_available,
264 extensions::ScriptContext* context) {
265 if (context->GetAvailability("guestViewInternal").is_available()) {
266 *api_is_available = true;
267 }
268 }
269 #endif
270
271 } // namespace
272
273 ChromeContentRendererClient::ChromeContentRendererClient() {
274 g_current_client = this;
275
276 #if defined(ENABLE_EXTENSIONS)
277 extensions::ExtensionsClient::Set(
278 extensions::ChromeExtensionsClient::GetInstance());
279 extensions::ExtensionsRendererClient::Set(
280 ChromeExtensionsRendererClient::GetInstance());
281 #endif
282 #if defined(ENABLE_PLUGINS)
283 for (size_t i = 0; i < arraysize(kPredefinedAllowedCompositorOrigins); ++i)
284 allowed_compositor_origins_.insert(kPredefinedAllowedCompositorOrigins[i]);
285 #endif
286 }
287
288 ChromeContentRendererClient::~ChromeContentRendererClient() {
289 g_current_client = NULL;
290 }
291
292 void ChromeContentRendererClient::RenderThreadStarted() {
293 RenderThread* thread = RenderThread::Get();
294
295 chrome_observer_.reset(new ChromeRenderProcessObserver(this));
296 web_cache_observer_.reset(new web_cache::WebCacheRenderProcessObserver());
297
298 #if defined(ENABLE_EXTENSIONS)
299 extension_dispatcher_delegate_.reset(
300 new ChromeExtensionsDispatcherDelegate());
301 // ChromeRenderViewTest::SetUp() creates its own ExtensionDispatcher and
302 // injects it using SetExtensionDispatcher(). Don't overwrite it.
303 if (!extension_dispatcher_) {
304 extension_dispatcher_.reset(
305 new extensions::Dispatcher(extension_dispatcher_delegate_.get()));
306 }
307 permissions_policy_delegate_.reset(
308 new extensions::RendererPermissionsPolicyDelegate(
309 extension_dispatcher_.get()));
310 #endif
311
312 prescient_networking_dispatcher_.reset(
313 new dns_prefetch::PrescientNetworkingDispatcher());
314 #if defined(ENABLE_SPELLCHECK)
315 // ChromeRenderViewTest::SetUp() creates a Spellcheck and injects it using
316 // SetSpellcheck(). Don't overwrite it.
317 if (!spellcheck_) {
318 spellcheck_.reset(new SpellCheck());
319 thread->AddObserver(spellcheck_.get());
320 }
321 #endif
322 visited_link_slave_.reset(new visitedlink::VisitedLinkSlave());
323 #if defined(FULL_SAFE_BROWSING)
324 phishing_classifier_.reset(safe_browsing::PhishingClassifierFilter::Create());
325 #endif
326 prerender_dispatcher_.reset(new prerender::PrerenderDispatcher());
327 #if defined(ENABLE_WEBRTC)
328 webrtc_logging_message_filter_ = new WebRtcLoggingMessageFilter(
329 content::RenderThread::Get()->GetIOMessageLoopProxy());
330 #endif
331 search_bouncer_.reset(new SearchBouncer());
332
333 thread->AddObserver(chrome_observer_.get());
334 thread->AddObserver(web_cache_observer_.get());
335 #if defined(ENABLE_EXTENSIONS)
336 thread->AddObserver(extension_dispatcher_.get());
337 #endif
338 #if defined(FULL_SAFE_BROWSING)
339 thread->AddObserver(phishing_classifier_.get());
340 #endif
341 thread->AddObserver(visited_link_slave_.get());
342 thread->AddObserver(prerender_dispatcher_.get());
343 thread->AddObserver(search_bouncer_.get());
344
345 #if defined(ENABLE_WEBRTC)
346 thread->AddFilter(webrtc_logging_message_filter_.get());
347 #endif
348 #if defined(ENABLE_EXTENSIONS)
349 thread->AddFilter(new CastIPCDispatcher(
350 content::RenderThread::Get()->GetIOMessageLoopProxy()));
351 #endif
352
353 thread->RegisterExtension(extensions_v8::ExternalExtension::Get());
354 thread->RegisterExtension(extensions_v8::LoadTimesExtension::Get());
355
356 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
357 if (command_line->HasSwitch(switches::kEnableBenchmarking))
358 thread->RegisterExtension(extensions_v8::BenchmarkingExtension::Get());
359 if (command_line->HasSwitch(switches::kEnableNetBenchmarking))
360 thread->RegisterExtension(extensions_v8::NetBenchmarkingExtension::Get());
361 if (command_line->HasSwitch(switches::kInstantProcess))
362 thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
363
364 if (command_line->HasSwitch(switches::kPlaybackMode) ||
365 command_line->HasSwitch(switches::kRecordMode)) {
366 thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
367 }
368
369 // TODO(guohui): needs to forward the new-profile-management switch to
370 // renderer processes.
371 if (switches::IsEnableAccountConsistency())
372 thread->RegisterExtension(extensions_v8::PrincipalsExtension::Get());
373
374 // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
375 // should not be accessible by normal content, and should also be unable to
376 // script anything but themselves (to help limit the damage that a corrupt
377 // page could cause).
378 WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
379 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
380
381 WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
382 // The Instant process can only display the content but not read it. Other
383 // processes can't display it or read it.
384 if (!command_line->HasSwitch(switches::kInstantProcess))
385 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
386
387 WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
388 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
389
390 WebString dom_distiller_scheme(
391 ASCIIToUTF16(dom_distiller::kDomDistillerScheme));
392 // TODO(nyquist): Add test to ensure this happens when the flag is set.
393 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dom_distiller_scheme);
394
395 #if defined(OS_CHROMEOS)
396 WebString external_file_scheme(ASCIIToUTF16(content::kExternalFileScheme));
397 WebSecurityPolicy::registerURLSchemeAsLocal(external_file_scheme);
398 #endif
399
400 // chrome: and chrome-search: pages should not be accessible by bookmarklets
401 // or javascript: URLs typed in the omnibox.
402 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
403 chrome_ui_scheme);
404 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
405 chrome_search_scheme);
406
407 // chrome:, chrome-search:, chrome-extension:, and chrome-extension-resource:
408 // resources shouldn't trigger insecure content warnings.
409 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
410 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
411
412 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
413 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
414
415 WebString extension_resource_scheme(
416 ASCIIToUTF16(extensions::kExtensionResourceScheme));
417 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
418
419 // chrome:, chrome-extension:, chrome-extension-resource: resources should be
420 // allowed to receive CORS requests.
421 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(chrome_ui_scheme);
422 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
423 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
424
425 // chrome-extension: resources should bypass Content Security Policy checks
426 // when included in protected resources.
427 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
428 extension_scheme);
429 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
430 extension_resource_scheme);
431
432 #if defined(OS_WIN)
433 // Report if the renderer process has been patched by chrome_elf.
434 // TODO(csharp): Remove once the renderer is no longer getting
435 // patched this way.
436 if (blacklist::IsBlacklistInitialized())
437 UMA_HISTOGRAM_BOOLEAN("Blacklist.PatchedInRenderer", true);
438 #endif
439 #if defined(ENABLE_PRINT_PREVIEW)
440 pdf_print_client_.reset(new ChromePDFPrintClient());
441 pdf::PPB_PDF_Impl::SetPrintClient(pdf_print_client_.get());
442 #endif
443 }
444
445 void ChromeContentRendererClient::RenderFrameCreated(
446 content::RenderFrame* render_frame) {
447 new ChromeRenderFrameObserver(render_frame);
448
449 bool should_whitelist_for_content_settings =
450 base::CommandLine::ForCurrentProcess()->HasSwitch(
451 switches::kInstantProcess);
452 extensions::Dispatcher* ext_dispatcher = NULL;
453 #if defined(ENABLE_EXTENSIONS)
454 ext_dispatcher = extension_dispatcher_.get();
455 #endif
456 ContentSettingsObserver* content_settings = new ContentSettingsObserver(
457 render_frame, ext_dispatcher, should_whitelist_for_content_settings);
458 if (chrome_observer_.get()) {
459 content_settings->SetContentSettingRules(
460 chrome_observer_->content_setting_rules());
461 }
462
463 #if defined(ENABLE_EXTENSIONS)
464 new extensions::ExtensionsRenderFrameObserver(render_frame);
465 new extensions::ExtensionFrameHelper(render_frame, ext_dispatcher);
466 #endif
467
468 #if defined(ENABLE_PLUGINS)
469 new PepperHelper(render_frame);
470 #endif
471
472 #if !defined(DISABLE_NACL)
473 new nacl::NaClHelper(render_frame);
474 #endif
475
476 // TODO(jam): when the frame tree moves into content and parent() works at
477 // RenderFrame construction, simplify this by just checking parent().
478 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) {
479 // Avoid any race conditions from having the browser tell subframes that
480 // they're prerendering.
481 if (prerender::PrerenderHelper::IsPrerendering(
482 render_frame->GetRenderView()->GetMainRenderFrame())) {
483 new prerender::PrerenderHelper(render_frame);
484 }
485 }
486
487 if (render_frame->GetRenderView()->GetMainRenderFrame() == render_frame) {
488 // Only attach NetErrorHelper to the main frame, since only the main frame
489 // should get error pages.
490 // PrefetchHelper is also needed only for main frames.
491 new NetErrorHelper(render_frame);
492 new prefetch::PrefetchHelper(render_frame);
493 }
494
495 PasswordGenerationAgent* password_generation_agent =
496 new PasswordGenerationAgent(render_frame);
497 PasswordAutofillAgent* password_autofill_agent =
498 new PasswordAutofillAgent(render_frame);
499 new AutofillAgent(render_frame, password_autofill_agent,
500 password_generation_agent);
501 }
502
503 void ChromeContentRendererClient::RenderViewCreated(
504 content::RenderView* render_view) {
505 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
506
507 #if defined(ENABLE_EXTENSIONS)
508 new extensions::ExtensionHelper(render_view, extension_dispatcher_.get());
509 extension_dispatcher_->OnRenderViewCreated(render_view);
510 #endif
511 new PageLoadHistograms(render_view);
512 #if defined(ENABLE_PRINTING)
513 new printing::PrintWebViewHelper(
514 render_view,
515 switches::OutOfProcessPdfEnabled(),
516 command_line->HasSwitch(switches::kDisablePrintPreview),
517 scoped_ptr<printing::PrintWebViewHelper::Delegate>(
518 new ChromePrintWebViewHelperDelegate()));
519 #endif
520 #if defined(ENABLE_SPELLCHECK)
521 new SpellCheckProvider(render_view, spellcheck_.get());
522 #endif
523 new prerender::PrerendererClient(render_view);
524 #if defined(FULL_SAFE_BROWSING)
525 safe_browsing::MalwareDOMDetails::Create(render_view);
526 #endif
527
528 if (command_line->HasSwitch(switches::kInstantProcess))
529 new SearchBox(render_view);
530
531 new ChromeRenderViewObserver(render_view, web_cache_observer_.get());
532
533 new password_manager::CredentialManagerClient(render_view);
534 }
535
536
537 SkBitmap* ChromeContentRendererClient::GetSadPluginBitmap() {
538 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
539 GetImageNamed(IDR_SAD_PLUGIN).ToSkBitmap());
540 }
541
542 SkBitmap* ChromeContentRendererClient::GetSadWebViewBitmap() {
543 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
544 GetImageNamed(IDR_SAD_WEBVIEW).ToSkBitmap());
545 }
546
547 #if defined(ENABLE_EXTENSIONS)
548 const Extension* ChromeContentRendererClient::GetExtensionByOrigin(
549 const WebSecurityOrigin& origin) const {
550 if (!EqualsASCII(origin.protocol(), extensions::kExtensionScheme))
551 return NULL;
552
553 const std::string extension_id = origin.host().utf8().data();
554 return extension_dispatcher_->extensions()->GetByID(extension_id);
555 }
556 #endif
557
558 scoped_ptr<blink::WebPluginPlaceholder>
559 ChromeContentRendererClient::CreatePluginPlaceholder(
560 content::RenderFrame* render_frame,
561 blink::WebLocalFrame* frame,
562 const blink::WebPluginParams& orig_params) {
563 return CreateShadowDOMPlaceholderForPluginInfo(
564 render_frame, frame, orig_params);
565 }
566
567 bool ChromeContentRendererClient::OverrideCreatePlugin(
568 content::RenderFrame* render_frame,
569 WebLocalFrame* frame,
570 const WebPluginParams& params,
571 WebPlugin** plugin) {
572 std::string orig_mime_type = params.mimeType.utf8();
573 #if defined(ENABLE_EXTENSIONS)
574 if (orig_mime_type == content::kBrowserPluginMimeType) {
575 bool guest_view_api_available = false;
576 extension_dispatcher_->script_context_set().ForEach(
577 render_frame->GetRenderView(),
578 base::Bind(&IsGuestViewApiAvailableToScriptContext,
579 &guest_view_api_available));
580 if (guest_view_api_available)
581 return false;
582 }
583 #endif
584
585 ChromeViewHostMsg_GetPluginInfo_Output output;
586 #if defined(ENABLE_PLUGINS)
587 render_frame->Send(new ChromeViewHostMsg_GetPluginInfo(
588 render_frame->GetRoutingID(), GURL(params.url),
589 frame->top()->document().url(), orig_mime_type, &output));
590
591 if (output.plugin.type == content::WebPluginInfo::PLUGIN_TYPE_BROWSER_PLUGIN)
592 return false;
593 #else
594 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
595 #endif
596 *plugin = CreatePlugin(render_frame, frame, params, output);
597 return true;
598 }
599
600 WebPlugin* ChromeContentRendererClient::CreatePluginReplacement(
601 content::RenderFrame* render_frame,
602 const base::FilePath& plugin_path) {
603 ChromePluginPlaceholder* placeholder =
604 ChromePluginPlaceholder::CreateErrorPlugin(render_frame, plugin_path);
605 return placeholder->plugin();
606 }
607
608 void ChromeContentRendererClient::DeferMediaLoad(
609 content::RenderFrame* render_frame,
610 const base::Closure& closure) {
611 #if defined(OS_ANDROID)
612 // Chromium for Android doesn't support prerender yet.
613 closure.Run();
614 return;
615 #else
616 if (!prerender::PrerenderHelper::IsPrerendering(render_frame)) {
617 closure.Run();
618 return;
619 }
620
621 // Lifetime is tied to |render_frame| via content::RenderFrameObserver.
622 new prerender::PrerenderMediaLoadDeferrer(render_frame, closure);
623 #endif
624 }
625
626 WebPlugin* ChromeContentRendererClient::CreatePlugin(
627 content::RenderFrame* render_frame,
628 WebLocalFrame* frame,
629 const WebPluginParams& original_params,
630 const ChromeViewHostMsg_GetPluginInfo_Output& output) {
631 const ChromeViewHostMsg_GetPluginInfo_Status& status = output.status;
632 const WebPluginInfo& plugin = output.plugin;
633 const std::string& actual_mime_type = output.actual_mime_type;
634 const base::string16& group_name = output.group_name;
635 const std::string& identifier = output.group_identifier;
636 ChromeViewHostMsg_GetPluginInfo_Status::Value status_value = status.value;
637 GURL url(original_params.url);
638 std::string orig_mime_type = original_params.mimeType.utf8();
639 ChromePluginPlaceholder* placeholder = NULL;
640
641 // If the browser plugin is to be enabled, this should be handled by the
642 // renderer, so the code won't reach here due to the early exit in
643 // OverrideCreatePlugin.
644 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound ||
645 orig_mime_type == content::kBrowserPluginMimeType) {
646 #if defined(OS_ANDROID)
647 if (plugins::MobileYouTubePlugin::IsYouTubeURL(url, orig_mime_type)) {
648 base::StringPiece template_html(
649 ResourceBundle::GetSharedInstance().GetRawDataResource(
650 IDR_MOBILE_YOUTUBE_PLUGIN_HTML));
651 return (new plugins::MobileYouTubePlugin(
652 render_frame,
653 frame,
654 original_params,
655 template_html,
656 GURL(ChromePluginPlaceholder::kPluginPlaceholderDataURL)))
657 ->plugin();
658 }
659 #endif
660 PluginUMAReporter::GetInstance()->ReportPluginMissing(orig_mime_type, url);
661 placeholder = ChromePluginPlaceholder::CreateMissingPlugin(
662 render_frame, frame, original_params);
663 } else {
664 // TODO(bauerb): This should be in content/.
665 WebPluginParams params(original_params);
666 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
667 if (plugin.mime_types[i].mime_type == actual_mime_type) {
668 AppendParams(plugin.mime_types[i].additional_param_names,
669 plugin.mime_types[i].additional_param_values,
670 &params.attributeNames,
671 &params.attributeValues);
672 break;
673 }
674 }
675 if (params.mimeType.isNull() && (actual_mime_type.size() > 0)) {
676 // Webkit might say that mime type is null while we already know the
677 // actual mime type via ChromeViewHostMsg_GetPluginInfo. In that case
678 // we should use what we know since WebpluginDelegateProxy does some
679 // specific initializations based on this information.
680 params.mimeType = WebString::fromUTF8(actual_mime_type.c_str());
681 }
682
683 ContentSettingsObserver* observer =
684 ContentSettingsObserver::Get(render_frame);
685
686 const ContentSettingsType content_type =
687 ShouldUseJavaScriptSettingForPlugin(plugin) ?
688 CONTENT_SETTINGS_TYPE_JAVASCRIPT :
689 CONTENT_SETTINGS_TYPE_PLUGINS;
690
691 if ((status_value ==
692 ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized ||
693 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay ||
694 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kBlocked) &&
695 observer->IsPluginTemporarilyAllowed(identifier)) {
696 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
697 }
698
699 // Allow full-screen plug-ins for left-click-to-play.
700 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay &&
701 !frame->parent() && !frame->opener() &&
702 frame->document().isPluginDocument()) {
703 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
704 }
705
706 #if defined(ENABLE_PLUGINS)
707 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
708 switches::kEnablePluginPowerSaver)) {
709 status_value =
710 ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent;
711 }
712 #endif
713
714 #if defined(OS_WIN)
715 // In Windows we need to check if we can load NPAPI plugins.
716 // For example, if the render view is in the Ash desktop, we should not.
717 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
718 plugin.type == content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
719 if (observer->AreNPAPIPluginsBlocked())
720 status_value =
721 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
722 }
723 #endif
724
725 auto create_blocked_plugin =
726 [&render_frame, &frame, &params, &plugin, &identifier, &group_name](
727 int template_id, const base::string16& message,
728 const GURL& poster_url) {
729 return ChromePluginPlaceholder::CreateBlockedPlugin(
730 render_frame, frame, params, plugin, identifier, group_name,
731 template_id, message, poster_url);
732 };
733 switch (status_value) {
734 case ChromeViewHostMsg_GetPluginInfo_Status::kNotFound: {
735 NOTREACHED();
736 break;
737 }
738 case ChromeViewHostMsg_GetPluginInfo_Status::kAllowed:
739 case ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent: {
740 #if !defined(DISABLE_NACL) && defined(ENABLE_EXTENSIONS)
741 const bool is_nacl_plugin =
742 plugin.name == ASCIIToUTF16(nacl::kNaClPluginName);
743 const bool is_nacl_mime_type =
744 actual_mime_type == nacl::kNaClPluginMimeType;
745 const bool is_pnacl_mime_type =
746 actual_mime_type == nacl::kPnaclPluginMimeType;
747 if (is_nacl_plugin || is_nacl_mime_type || is_pnacl_mime_type) {
748 bool is_nacl_unrestricted = false;
749 if (is_nacl_mime_type) {
750 is_nacl_unrestricted =
751 base::CommandLine::ForCurrentProcess()->HasSwitch(
752 switches::kEnableNaCl);
753 } else if (is_pnacl_mime_type) {
754 is_nacl_unrestricted = true;
755 }
756 GURL manifest_url;
757 GURL app_url;
758 if (is_nacl_mime_type || is_pnacl_mime_type) {
759 // Normal NaCl/PNaCl embed. The app URL is the page URL.
760 manifest_url = url;
761 app_url = frame->top()->document().url();
762 } else {
763 // NaCl is being invoked as a content handler. Look up the NaCl
764 // module using the MIME type. The app URL is the manifest URL.
765 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin);
766 app_url = manifest_url;
767 }
768 const Extension* extension =
769 g_current_client->extension_dispatcher_->extensions()->
770 GetExtensionOrAppByURL(manifest_url);
771 if (!IsNaClAllowed(manifest_url,
772 app_url,
773 is_nacl_unrestricted,
774 extension,
775 &params)) {
776 WebString error_message;
777 if (is_nacl_mime_type) {
778 error_message =
779 "Only unpacked extensions and apps installed from the Chrome "
780 "Web Store can load NaCl modules without enabling Native "
781 "Client in about:flags.";
782 } else if (is_pnacl_mime_type) {
783 error_message =
784 "Portable Native Client must not be disabled in about:flags.";
785 }
786 frame->addMessageToConsole(
787 WebConsoleMessage(WebConsoleMessage::LevelError,
788 error_message));
789 placeholder = create_blocked_plugin(
790 IDR_BLOCKED_PLUGIN_HTML,
791 #if defined(OS_CHROMEOS)
792 l10n_util::GetStringUTF16(IDS_NACL_PLUGIN_BLOCKED),
793 #else
794 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name),
795 #endif
796 GURL());
797 break;
798 }
799 }
800 #endif // !defined(DISABLE_NACL) && defined(ENABLE_EXTENSIONS)
801
802 scoped_ptr<content::PluginInstanceThrottler> throttler;
803 #if defined(ENABLE_PLUGINS)
804 PluginPowerSaverMode power_saver_mode =
805 PluginPowerSaverMode::POWER_SAVER_MODE_ESSENTIAL;
806 bool show_poster = false;
807 GURL poster_url;
808 bool cross_origin_main_content = false;
809 bool blocked_for_background_tab =
810 render_frame->IsHidden() &&
811 status_value ==
812 ChromeViewHostMsg_GetPluginInfo_Status::kPlayImportantContent;
813 if (render_frame->ShouldThrottleContent(params, frame->document().url(),
814 &poster_url,
815 &cross_origin_main_content)) {
816 // TODO(tommycli): Apply throttler behavior to all plugins.
817 if (plugin.name == base::ASCIIToUTF16(content::kFlashPluginName) &&
818 status_value == ChromeViewHostMsg_GetPluginInfo_Status::
819 kPlayImportantContent) {
820 power_saver_mode =
821 PluginPowerSaverMode::POWER_SAVER_MODE_PERIPHERAL_THROTTLED;
822 show_poster = poster_url.is_valid();
823 } else {
824 power_saver_mode =
825 PluginPowerSaverMode::POWER_SAVER_MODE_PERIPHERAL_UNTHROTTLED;
826 }
827
828 throttler = content::PluginInstanceThrottler::Get(render_frame, url,
829 power_saver_mode);
830 }
831
832 // Delay loading plugins if prerendering.
833 // TODO(mmenke): In the case of prerendering, feed into
834 // ChromeContentRendererClient::CreatePlugin instead, to
835 // reduce the chance of future regressions.
836 bool is_prerendering =
837 prerender::PrerenderHelper::IsPrerendering(render_frame);
838 if (blocked_for_background_tab || is_prerendering || show_poster) {
839 placeholder = create_blocked_plugin(
840 show_poster ? IDR_PLUGIN_POSTER_HTML : IDR_BLOCKED_PLUGIN_HTML,
841 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name),
842 poster_url);
843 placeholder->set_blocked_for_background_tab(
844 blocked_for_background_tab);
845 placeholder->set_blocked_for_prerendering(is_prerendering);
846 placeholder->set_power_saver_mode(power_saver_mode);
847 placeholder->set_allow_loading(true);
848 break;
849 } else if (cross_origin_main_content) {
850 GURL content_origin = GURL(params.url).GetOrigin();
851 render_frame->WhitelistContentOrigin(content_origin);
852 }
853 #endif // defined(ENABLE_PLUGINS)
854 return render_frame->CreatePlugin(frame, plugin, params,
855 throttler.Pass());
856 }
857 case ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported: {
858 RenderThread::Get()->RecordAction(
859 UserMetricsAction("Plugin_NPAPINotSupported"));
860 placeholder = create_blocked_plugin(
861 IDR_BLOCKED_PLUGIN_HTML,
862 l10n_util::GetStringUTF16(IDS_PLUGIN_NOT_SUPPORTED_METRO), GURL());
863 render_frame->Send(new ChromeViewHostMsg_NPAPINotSupported(
864 render_frame->GetRoutingID(), identifier));
865 break;
866 }
867 case ChromeViewHostMsg_GetPluginInfo_Status::kDisabled: {
868 PluginUMAReporter::GetInstance()->ReportPluginDisabled(orig_mime_type,
869 url);
870 placeholder = create_blocked_plugin(
871 IDR_DISABLED_PLUGIN_HTML,
872 l10n_util::GetStringFUTF16(IDS_PLUGIN_DISABLED, group_name),
873 GURL());
874 break;
875 }
876 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked: {
877 #if defined(ENABLE_PLUGIN_INSTALLATION)
878 placeholder = create_blocked_plugin(
879 IDR_BLOCKED_PLUGIN_HTML,
880 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name),
881 GURL());
882 placeholder->set_allow_loading(true);
883 render_frame->Send(new ChromeViewHostMsg_BlockedOutdatedPlugin(
884 render_frame->GetRoutingID(), placeholder->CreateRoutingId(),
885 identifier));
886 #else
887 NOTREACHED();
888 #endif
889 break;
890 }
891 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed: {
892 placeholder = create_blocked_plugin(
893 IDR_BLOCKED_PLUGIN_HTML,
894 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name),
895 GURL());
896 break;
897 }
898 case ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized: {
899 placeholder = create_blocked_plugin(
900 IDR_BLOCKED_PLUGIN_HTML,
901 l10n_util::GetStringFUTF16(IDS_PLUGIN_NOT_AUTHORIZED, group_name),
902 GURL());
903 placeholder->set_allow_loading(true);
904 if (plugin.type != content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
905 render_frame->Send(new ChromeViewHostMsg_BlockedUnauthorizedPlugin(
906 render_frame->GetRoutingID(),
907 group_name,
908 identifier));
909 }
910 observer->DidBlockContentType(content_type, group_name);
911 break;
912 }
913 case ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay: {
914 placeholder = create_blocked_plugin(
915 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
916 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name), GURL());
917 placeholder->set_allow_loading(true);
918 RenderThread::Get()->RecordAction(
919 UserMetricsAction("Plugin_ClickToPlay"));
920 observer->DidBlockContentType(content_type, group_name);
921 break;
922 }
923 case ChromeViewHostMsg_GetPluginInfo_Status::kBlocked: {
924 placeholder = create_blocked_plugin(
925 IDR_BLOCKED_PLUGIN_HTML,
926 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name), GURL());
927 placeholder->set_allow_loading(true);
928 RenderThread::Get()->RecordAction(UserMetricsAction("Plugin_Blocked"));
929 observer->DidBlockContentType(content_type, group_name);
930 break;
931 }
932 case ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy: {
933 placeholder = create_blocked_plugin(
934 IDR_BLOCKED_PLUGIN_HTML,
935 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name), GURL());
936 placeholder->set_allow_loading(false);
937 RenderThread::Get()->RecordAction(
938 UserMetricsAction("Plugin_BlockedByPolicy"));
939 observer->DidBlockContentType(content_type, group_name);
940 break;
941 }
942 }
943 }
944 placeholder->SetStatus(status);
945 return placeholder->plugin();
946 }
947
948 // For NaCl content handling plugins, the NaCl manifest is stored in an
949 // additonal 'nacl' param associated with the MIME type.
950 // static
951 GURL ChromeContentRendererClient::GetNaClContentHandlerURL(
952 const std::string& actual_mime_type,
953 const content::WebPluginInfo& plugin) {
954 // Look for the manifest URL among the MIME type's additonal parameters.
955 const char kNaClPluginManifestAttribute[] = "nacl";
956 base::string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
957 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
958 if (plugin.mime_types[i].mime_type == actual_mime_type) {
959 const content::WebPluginMimeType& content_type = plugin.mime_types[i];
960 for (size_t i = 0; i < content_type.additional_param_names.size(); ++i) {
961 if (content_type.additional_param_names[i] == nacl_attr)
962 return GURL(content_type.additional_param_values[i]);
963 }
964 break;
965 }
966 }
967 return GURL();
968 }
969
970 #if !defined(DISABLE_NACL)
971 // static
972 bool ChromeContentRendererClient::IsNaClAllowed(
973 const GURL& manifest_url,
974 const GURL& app_url,
975 bool is_nacl_unrestricted,
976 const Extension* extension,
977 WebPluginParams* params) {
978 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.
979 std::string app_url_host = app_url.host();
980 std::string manifest_url_path = manifest_url.path();
981
982 bool is_whitelisted_web_ui =
983 app_url.spec() == chrome::kChromeUIAppListStartPageURL;
984
985 bool is_photo_app =
986 // Whitelisted apps must be served over https.
987 app_url.SchemeIs("https") &&
988 manifest_url.SchemeIs("https") &&
989 (EndsWith(app_url_host, "plus.google.com", false) ||
990 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
991 manifest_url.DomainIs("ssl.gstatic.com") &&
992 (manifest_url_path.find("s2/oz/nacl/") == 1 ||
993 manifest_url_path.find("photos/nacl/") == 1);
994
995 std::string manifest_fs_host;
996 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {
997 manifest_fs_host = manifest_url.inner_url()->host();
998 }
999 bool is_hangouts_app =
1000 // Whitelisted apps must be served over secure scheme.
1001 app_url.SchemeIs("https") &&
1002 manifest_url.SchemeIsSecure() &&
1003 manifest_url.SchemeIsFileSystem() &&
1004 (EndsWith(app_url_host, "talkgadget.google.com", false) ||
1005 EndsWith(app_url_host, "plus.google.com", false) ||
1006 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
1007 // The manifest must be loaded from the host's FileSystem.
1008 (manifest_fs_host == app_url_host);
1009
1010 bool is_whitelisted_app = is_photo_app || is_hangouts_app;
1011
1012 bool is_extension_from_webstore = false;
1013 bool is_invoked_by_hosted_app = false;
1014 bool is_extension_unrestricted = false;
1015 #if defined(ENABLE_EXTENSIONS)
1016 is_extension_from_webstore = extension && extension->from_webstore();
1017
1018 is_invoked_by_hosted_app = extension &&
1019 extension->is_hosted_app() &&
1020 extension->web_extent().MatchesURL(app_url);
1021
1022 // Allow built-in extensions and extensions under development.
1023 is_extension_unrestricted = extension &&
1024 (extension->location() == extensions::Manifest::COMPONENT ||
1025 extensions::Manifest::IsUnpackedLocation(extension->location()));
1026 #endif // defined(ENABLE_EXTENSIONS)
1027
1028 bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
1029
1030 // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
1031 bool is_nacl_pdf_viewer =
1032 (is_extension_from_webstore &&
1033 manifest_url.SchemeIs("chrome-extension") &&
1034 manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
1035
1036 // Allow Chrome Web Store extensions, built-in extensions and extensions
1037 // under development if the invocation comes from a URL with an extension
1038 // scheme. Also allow invocations if they are from whitelisted URLs or
1039 // if --enable-nacl is set.
1040 bool is_nacl_allowed = is_nacl_unrestricted ||
1041 is_whitelisted_web_ui ||
1042 is_whitelisted_app ||
1043 is_nacl_pdf_viewer ||
1044 is_invoked_by_hosted_app ||
1045 (is_invoked_by_extension &&
1046 (is_extension_from_webstore ||
1047 is_extension_unrestricted));
1048 if (is_nacl_allowed) {
1049 bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
1050 // Make sure that PPAPI 'dev' interfaces aren't available for production
1051 // apps unless they're whitelisted.
1052 WebString dev_attribute = WebString::fromUTF8("@dev");
1053 if ((!is_whitelisted_app && !is_extension_from_webstore) ||
1054 app_can_use_dev_interfaces) {
1055 // Add the special '@dev' attribute.
1056 std::vector<base::string16> param_names;
1057 std::vector<base::string16> param_values;
1058 param_names.push_back(dev_attribute);
1059 param_values.push_back(WebString());
1060 AppendParams(
1061 param_names,
1062 param_values,
1063 &params->attributeNames,
1064 &params->attributeValues);
1065 } else {
1066 // If the params somehow contain '@dev', remove it.
1067 size_t attribute_count = params->attributeNames.size();
1068 for (size_t i = 0; i < attribute_count; ++i) {
1069 if (params->attributeNames[i].equals(dev_attribute))
1070 params->attributeNames[i] = WebString();
1071 }
1072 }
1073 }
1074 return is_nacl_allowed;
1075 }
1076 #endif // defined(DISABLE_NACL)
1077
1078 bool ChromeContentRendererClient::HasErrorPage(int http_status_code,
1079 std::string* error_domain) {
1080 // Use an internal error page, if we have one for the status code.
1081 if (!LocalizedError::HasStrings(LocalizedError::kHttpErrorDomain,
1082 http_status_code)) {
1083 return false;
1084 }
1085
1086 *error_domain = LocalizedError::kHttpErrorDomain;
1087 return true;
1088 }
1089
1090 bool ChromeContentRendererClient::ShouldSuppressErrorPage(
1091 content::RenderFrame* render_frame,
1092 const GURL& url) {
1093 // Unit tests for ChromeContentRendererClient pass a NULL RenderFrame here.
1094 // Unfortunately it's very difficult to construct a mock RenderView, so skip
1095 // this functionality in this case.
1096 if (render_frame) {
1097 content::RenderView* render_view = render_frame->GetRenderView();
1098 content::RenderFrame* main_render_frame = render_view->GetMainRenderFrame();
1099 blink::WebFrame* web_frame = render_frame->GetWebFrame();
1100 NetErrorHelper* net_error_helper = NetErrorHelper::Get(main_render_frame);
1101 if (net_error_helper->ShouldSuppressErrorPage(web_frame, url))
1102 return true;
1103 }
1104 // Do not flash an error page if the Instant new tab page fails to load.
1105 return search_bouncer_.get() && search_bouncer_->IsNewTabPage(url);
1106 }
1107
1108 void ChromeContentRendererClient::GetNavigationErrorStrings(
1109 content::RenderView* render_view,
1110 blink::WebFrame* frame,
1111 const blink::WebURLRequest& failed_request,
1112 const blink::WebURLError& error,
1113 std::string* error_html,
1114 base::string16* error_description) {
1115 const GURL failed_url = error.unreachableURL;
1116 const Extension* extension = NULL;
1117
1118 #if defined(ENABLE_EXTENSIONS)
1119 if (failed_url.is_valid() &&
1120 !failed_url.SchemeIs(extensions::kExtensionScheme)) {
1121 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
1122 failed_url);
1123 }
1124 #endif
1125
1126 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST");
1127
1128 if (error_html) {
1129 bool extension_but_not_bookmark_app = false;
1130 #if defined(ENABLE_EXTENSIONS)
1131 extension_but_not_bookmark_app = extension && !extension->from_bookmark();
1132 #endif
1133 // Use a local error page.
1134 if (extension_but_not_bookmark_app) {
1135 #if defined(ENABLE_EXTENSIONS)
1136 // TODO(erikkay): Should we use a different template for different
1137 // error messages?
1138 int resource_id = IDR_ERROR_APP_HTML;
1139 const base::StringPiece template_html(
1140 ResourceBundle::GetSharedInstance().GetRawDataResource(
1141 resource_id));
1142 if (template_html.empty()) {
1143 NOTREACHED() << "unable to load template. ID: " << resource_id;
1144 } else {
1145 base::DictionaryValue error_strings;
1146 LocalizedError::GetAppErrorStrings(failed_url, extension,
1147 &error_strings);
1148 // "t" is the id of the template's root node.
1149 *error_html = webui::GetTemplatesHtml(template_html, &error_strings,
1150 "t");
1151 }
1152 #endif
1153 } else {
1154 // TODO(ellyjones): change GetNavigationErrorStrings to take a RenderFrame
1155 // instead of a RenderView, then pass that in.
1156 // This is safe for now because we only install the NetErrorHelper on the
1157 // main render frame anyway; see the TODO(ellyjones) in
1158 // RenderFrameCreated.
1159 content::RenderFrame* main_render_frame =
1160 render_view->GetMainRenderFrame();
1161 NetErrorHelper* helper = NetErrorHelper::Get(main_render_frame);
1162 helper->GetErrorHTML(frame, error, is_post, error_html);
1163 }
1164 }
1165
1166 if (error_description) {
1167 if (!extension)
1168 *error_description = LocalizedError::GetErrorDetails(error, is_post);
1169 }
1170 }
1171
1172 bool ChromeContentRendererClient::RunIdleHandlerWhenWidgetsHidden() {
1173 #if defined(ENABLE_EXTENSIONS)
1174 return !extension_dispatcher_->is_extension_process();
1175 #else
1176 return true;
1177 #endif
1178 }
1179
1180 bool ChromeContentRendererClient::AllowPopup() {
1181 #if defined(ENABLE_EXTENSIONS)
1182 extensions::ScriptContext* current_context =
1183 extension_dispatcher_->script_context_set().GetCurrent();
1184 if (!current_context || !current_context->extension())
1185 return false;
1186 // See http://crbug.com/117446 for the subtlety of this check.
1187 switch (current_context->context_type()) {
1188 case extensions::Feature::UNSPECIFIED_CONTEXT:
1189 case extensions::Feature::WEB_PAGE_CONTEXT:
1190 case extensions::Feature::UNBLESSED_EXTENSION_CONTEXT:
1191 case extensions::Feature::WEBUI_CONTEXT:
1192 return false;
1193 case extensions::Feature::BLESSED_EXTENSION_CONTEXT:
1194 case extensions::Feature::CONTENT_SCRIPT_CONTEXT:
1195 return true;
1196 case extensions::Feature::BLESSED_WEB_PAGE_CONTEXT:
1197 return !current_context->web_frame()->parent();
1198 }
1199 NOTREACHED();
1200 #endif
1201 return false;
1202 }
1203
1204 bool ChromeContentRendererClient::ShouldFork(WebFrame* frame,
1205 const GURL& url,
1206 const std::string& http_method,
1207 bool is_initial_navigation,
1208 bool is_server_redirect,
1209 bool* send_referrer) {
1210 DCHECK(!frame->parent());
1211
1212 // If this is the Instant process, fork all navigations originating from the
1213 // renderer. The destination page will then be bucketed back to this Instant
1214 // process if it is an Instant url, or to another process if not. Conversely,
1215 // fork if this is a non-Instant process navigating to an Instant url, so that
1216 // such navigations can also be bucketed into an Instant renderer.
1217 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1218 switches::kInstantProcess) ||
1219 (search_bouncer_.get() && search_bouncer_->ShouldFork(url))) {
1220 *send_referrer = true;
1221 return true;
1222 }
1223
1224 // For now, we skip the rest for POST submissions. This is because
1225 // http://crbug.com/101395 is more likely to cause compatibility issues
1226 // with hosted apps and extensions than WebUI pages. We will remove this
1227 // check when cross-process POST submissions are supported.
1228 if (http_method != "GET")
1229 return false;
1230
1231 // If this is the Signin process, fork all navigations originating from the
1232 // renderer. The destination page will then be bucketed back to this Signin
1233 // process if it is a Signin url, or to another process if not.
1234 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1235 switches::kSigninProcess)) {
1236 // We never want to allow non-signin pages to fork-on-POST to a
1237 // signin-related action URL. We'll need to handle this carefully once
1238 // http://crbug.com/101395 is fixed. The CHECK ensures we don't forget.
1239 CHECK_NE(http_method, "POST");
1240 return true;
1241 }
1242
1243 // If |url| matches one of the prerendered URLs, stop this navigation and try
1244 // to swap in the prerendered page on the browser process. If the prerendered
1245 // page no longer exists by the time the OpenURL IPC is handled, a normal
1246 // navigation is attempted.
1247 if (prerender_dispatcher_.get() &&
1248 prerender_dispatcher_->IsPrerenderURL(url)) {
1249 *send_referrer = true;
1250 return true;
1251 }
1252
1253 #if defined(ENABLE_EXTENSIONS)
1254 const extensions::ExtensionSet* extensions =
1255 extension_dispatcher_->extensions();
1256
1257 // Determine if the new URL is an extension (excluding bookmark apps).
1258 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
1259 *extensions, url);
1260 bool is_extension_url = !!new_url_extension;
1261
1262 // If the navigation would cross an app extent boundary, we also need
1263 // to defer to the browser to ensure process isolation. This is not necessary
1264 // for server redirects, which will be transferred to a new process by the
1265 // browser process when they are ready to commit. It is necessary for client
1266 // redirects, which won't be transferred in the same way.
1267 if (!is_server_redirect &&
1268 CrossesExtensionExtents(frame, url, *extensions, is_extension_url,
1269 is_initial_navigation)) {
1270 // Include the referrer in this case since we're going from a hosted web
1271 // page. (the packaged case is handled previously by the extension
1272 // navigation test)
1273 *send_referrer = true;
1274
1275 const Extension* extension =
1276 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url);
1277 if (extension && extension->is_app()) {
1278 extensions::RecordAppLaunchType(
1279 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION, extension->GetType());
1280 }
1281 return true;
1282 }
1283
1284 // If this is a reload, check whether it has the wrong process type. We
1285 // should send it to the browser if it's an extension URL (e.g., hosted app)
1286 // in a normal process, or if it's a process for an extension that has been
1287 // uninstalled.
1288 if (frame->top()->document().url() == url) {
1289 if (is_extension_url != extension_dispatcher_->is_extension_process())
1290 return true;
1291 }
1292 #endif // defined(ENABLE_EXTENSIONS)
1293
1294 return false;
1295 }
1296
1297 #if defined(ENABLE_EXTENSIONS)
1298 bool ChromeContentRendererClient::ShouldForwardToGuestContainer(
1299 const IPC::Message& msg) {
1300 return extensions::GuestViewContainer::HandlesMessage(msg);
1301 }
1302 #endif
1303
1304 bool ChromeContentRendererClient::WillSendRequest(
1305 blink::WebFrame* frame,
1306 ui::PageTransition transition_type,
1307 const GURL& url,
1308 const GURL& first_party_for_cookies,
1309 GURL* new_url) {
1310 // Check whether the request should be allowed. If not allowed, we reset the
1311 // URL to something invalid to prevent the request and cause an error.
1312 #if defined(ENABLE_EXTENSIONS)
1313 if (url.SchemeIs(extensions::kExtensionScheme) &&
1314 !extensions::ResourceRequestPolicy::CanRequestResource(
1315 url,
1316 frame,
1317 transition_type,
1318 extension_dispatcher_->extensions())) {
1319 *new_url = GURL(chrome::kExtensionInvalidRequestURL);
1320 return true;
1321 }
1322
1323 if (url.SchemeIs(extensions::kExtensionResourceScheme) &&
1324 !extensions::ResourceRequestPolicy::CanRequestExtensionResourceScheme(
1325 url,
1326 frame)) {
1327 *new_url = GURL(chrome::kExtensionResourceInvalidRequestURL);
1328 return true;
1329 }
1330 #endif
1331
1332 const content::RenderView* render_view =
1333 content::RenderView::FromWebView(frame->view());
1334 SearchBox* search_box = SearchBox::Get(render_view);
1335 if (search_box && url.SchemeIs(chrome::kChromeSearchScheme)) {
1336 if (url.host() == chrome::kChromeUIThumbnailHost)
1337 return search_box->GenerateThumbnailURLFromTransientURL(url, new_url);
1338 else if (url.host() == chrome::kChromeUIFaviconHost)
1339 return search_box->GenerateFaviconURLFromTransientURL(url, new_url);
1340 }
1341
1342 return false;
1343 }
1344
1345 void ChromeContentRendererClient::DidCreateScriptContext(
1346 WebFrame* frame, v8::Handle<v8::Context> context, int extension_group,
1347 int world_id) {
1348 #if defined(ENABLE_EXTENSIONS)
1349 extension_dispatcher_->DidCreateScriptContext(
1350 frame, context, extension_group, world_id);
1351 #endif
1352 }
1353
1354 unsigned long long ChromeContentRendererClient::VisitedLinkHash(
1355 const char* canonical_url, size_t length) {
1356 return visited_link_slave_->ComputeURLFingerprint(canonical_url, length);
1357 }
1358
1359 bool ChromeContentRendererClient::IsLinkVisited(unsigned long long link_hash) {
1360 return visited_link_slave_->IsVisited(link_hash);
1361 }
1362
1363 blink::WebPrescientNetworking*
1364 ChromeContentRendererClient::GetPrescientNetworking() {
1365 return prescient_networking_dispatcher_.get();
1366 }
1367
1368 bool ChromeContentRendererClient::ShouldOverridePageVisibilityState(
1369 const content::RenderFrame* render_frame,
1370 blink::WebPageVisibilityState* override_state) {
1371 if (!prerender::PrerenderHelper::IsPrerendering(render_frame))
1372 return false;
1373
1374 *override_state = blink::WebPageVisibilityStatePrerender;
1375 return true;
1376 }
1377
1378 #if defined(ENABLE_EXTENSIONS)
1379 void ChromeContentRendererClient::SetExtensionDispatcherForTest(
1380 extensions::Dispatcher* extension_dispatcher) {
1381 extension_dispatcher_.reset(extension_dispatcher);
1382 permissions_policy_delegate_.reset(
1383 new extensions::RendererPermissionsPolicyDelegate(
1384 extension_dispatcher_.get()));
1385 }
1386
1387 extensions::Dispatcher*
1388 ChromeContentRendererClient::GetExtensionDispatcherForTest() {
1389 return extension_dispatcher_.get();
1390 }
1391
1392 bool ChromeContentRendererClient::CrossesExtensionExtents(
1393 WebFrame* frame,
1394 const GURL& new_url,
1395 const extensions::ExtensionSet& extensions,
1396 bool is_extension_url,
1397 bool is_initial_navigation) {
1398 GURL old_url(frame->top()->document().url());
1399
1400 // If old_url is still empty and this is an initial navigation, then this is
1401 // a window.open operation. We should look at the opener URL.
1402 if (is_initial_navigation && old_url.is_empty() && frame->opener()) {
1403 // If we're about to open a normal web page from a same-origin opener stuck
1404 // in an extension process, we want to keep it in process to allow the
1405 // opener to script it.
1406 WebDocument opener_document = frame->opener()->document();
1407 WebSecurityOrigin opener = frame->opener()->document().securityOrigin();
1408 bool opener_is_extension_url =
1409 !opener.isUnique() && extensions.GetExtensionOrAppByURL(
1410 opener_document.url()) != NULL;
1411 if (!is_extension_url &&
1412 !opener_is_extension_url &&
1413 extension_dispatcher_->is_extension_process() &&
1414 opener.canRequest(WebURL(new_url)))
1415 return false;
1416
1417 // In all other cases, we want to compare against the top frame's URL (as
1418 // opposed to the opener frame's), since that's what determines the type of
1419 // process. This allows iframes outside an app to open a popup in the app.
1420 old_url = frame->top()->opener()->top()->document().url();
1421 }
1422
1423 // Only consider keeping non-app URLs in an app process if this window
1424 // has an opener (in which case it might be an OAuth popup that tries to
1425 // script an iframe within the app).
1426 bool should_consider_workaround = !!frame->opener();
1427
1428 return extensions::CrossesExtensionProcessBoundary(
1429 extensions, old_url, new_url, should_consider_workaround);
1430 }
1431 #endif // defined(ENABLE_EXTENSIONS)
1432
1433 #if defined(ENABLE_SPELLCHECK)
1434 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) {
1435 RenderThread* thread = RenderThread::Get();
1436 if (spellcheck_.get() && thread)
1437 thread->RemoveObserver(spellcheck_.get());
1438 spellcheck_.reset(spellcheck);
1439 SpellCheckReplacer replacer(spellcheck_.get());
1440 content::RenderView::ForEach(&replacer);
1441 if (thread)
1442 thread->AddObserver(spellcheck_.get());
1443 }
1444 #endif
1445
1446 // static
1447 bool ChromeContentRendererClient::WasWebRequestUsedBySomeExtensions() {
1448 #if defined(ENABLE_EXTENSIONS)
1449 return g_current_client->extension_dispatcher_
1450 ->WasWebRequestUsedBySomeExtensions();
1451 #else
1452 return false;
1453 #endif
1454 }
1455
1456 const void* ChromeContentRendererClient::CreatePPAPIInterface(
1457 const std::string& interface_name) {
1458 #if defined(ENABLE_PLUGINS)
1459 #if !defined(DISABLE_NACL)
1460 if (interface_name == PPB_NACL_PRIVATE_INTERFACE)
1461 return nacl::GetNaClPrivateInterface();
1462 #endif // DISABLE_NACL
1463 if (interface_name == PPB_PDF_INTERFACE)
1464 return pdf::PPB_PDF_Impl::GetInterface();
1465 #endif
1466 return NULL;
1467 }
1468
1469 bool ChromeContentRendererClient::IsExternalPepperPlugin(
1470 const std::string& module_name) {
1471 // TODO(bbudge) remove this when the trusted NaCl plugin has been removed.
1472 // We must defer certain plugin events for NaCl instances since we switch
1473 // from the in-process to the out-of-process proxy after instantiating them.
1474 return module_name == "Native Client";
1475 }
1476
1477 #if defined(ENABLE_PLUGINS) && defined(ENABLE_EXTENSIONS)
1478 bool ChromeContentRendererClient::IsExtensionOrSharedModuleWhitelisted(
1479 const GURL& url, const std::set<std::string>& whitelist) {
1480 const extensions::ExtensionSet* extension_set =
1481 g_current_client->extension_dispatcher_->extensions();
1482 return chrome::IsExtensionOrSharedModuleWhitelisted(url, extension_set,
1483 whitelist);
1484 }
1485 #endif
1486
1487 blink::WebSpeechSynthesizer*
1488 ChromeContentRendererClient::OverrideSpeechSynthesizer(
1489 blink::WebSpeechSynthesizerClient* client) {
1490 return new TtsDispatcher(client);
1491 }
1492
1493 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
1494 const GURL& url) {
1495 #if !defined(OS_ANDROID)
1496 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
1497 // the whitelist in the renderer, since we're only preventing access until
1498 // these APIs are public and stable.
1499 std::string url_host = url.host();
1500 if (url.SchemeIs("https") &&
1501 (EndsWith(url_host, "talkgadget.google.com", false) ||
1502 EndsWith(url_host, "plus.google.com", false) ||
1503 EndsWith(url_host, "plus.sandbox.google.com", false)) &&
1504 StartsWithASCII(url.path(), "/hangouts/", false)) {
1505 return true;
1506 }
1507 // Allow access for tests.
1508 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1509 switches::kEnablePepperTesting)) {
1510 return true;
1511 }
1512 #endif // !defined(OS_ANDROID)
1513 return false;
1514 }
1515
1516 void ChromeContentRendererClient::AddKeySystems(
1517 std::vector<media::KeySystemInfo>* key_systems) {
1518 AddChromeKeySystems(key_systems);
1519 }
1520
1521 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(
1522 const base::string16& source) const {
1523 #if defined(ENABLE_EXTENSIONS)
1524 return extensions::IsSourceFromAnExtension(source);
1525 #else
1526 return false;
1527 #endif
1528 }
1529
1530 bool ChromeContentRendererClient::ShouldEnableSiteIsolationPolicy() const {
1531 // SiteIsolationPolicy is off by default. We would like to activate cross-site
1532 // document blocking (for UMA data collection) for normal renderer processes
1533 // running a normal web page from the Internet. We only turn on
1534 // SiteIsolationPolicy for a renderer process that does not have the extension
1535 // flag on.
1536 #if defined(ENABLE_EXTENSIONS)
1537 base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
1538 return !command_line->HasSwitch(extensions::switches::kExtensionProcess);
1539 #else
1540 return true;
1541 #endif
1542 }
1543
1544 blink::WebWorkerPermissionClientProxy*
1545 ChromeContentRendererClient::CreateWorkerPermissionClientProxy(
1546 content::RenderFrame* render_frame,
1547 blink::WebFrame* frame) {
1548 return new WorkerPermissionClientProxy(render_frame, frame);
1549 }
1550
1551 bool ChromeContentRendererClient::IsPluginAllowedToUseDevChannelAPIs() {
1552 #if defined(ENABLE_PLUGINS)
1553 // Allow access for tests.
1554 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1555 switches::kEnablePepperTesting)) {
1556 return true;
1557 }
1558
1559 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
1560 // Allow dev channel APIs to be used on "Canary", "Dev", and "Unknown"
1561 // releases of Chrome. Permitting "Unknown" allows these APIs to be used on
1562 // Chromium builds as well.
1563 return channel <= chrome::VersionInfo::CHANNEL_DEV;
1564 #else
1565 return false;
1566 #endif
1567 }
1568
1569 bool ChromeContentRendererClient::IsPluginAllowedToUseCompositorAPI(
1570 const GURL& url) {
1571 #if defined(ENABLE_PLUGINS) && defined(ENABLE_EXTENSIONS)
1572 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
1573 switches::kEnablePepperTesting))
1574 return true;
1575 if (IsExtensionOrSharedModuleWhitelisted(url, allowed_compositor_origins_))
1576 return true;
1577
1578 chrome::VersionInfo::Channel channel = chrome::VersionInfo::GetChannel();
1579 return channel <= chrome::VersionInfo::CHANNEL_DEV;
1580 #else
1581 return false;
1582 #endif
1583 }
1584
1585 content::BrowserPluginDelegate*
1586 ChromeContentRendererClient::CreateBrowserPluginDelegate(
1587 content::RenderFrame* render_frame,
1588 const std::string& mime_type,
1589 const GURL& original_url) {
1590 #if defined(ENABLE_EXTENSIONS)
1591 if (mime_type == content::kBrowserPluginMimeType) {
1592 return new extensions::ExtensionsGuestViewContainer(render_frame);
1593 } else {
1594 return new extensions::MimeHandlerViewContainer(
1595 render_frame, mime_type, original_url);
1596 }
1597 #else
1598 return NULL;
1599 #endif
1600 }