search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Test for golden version-7 safe-browsing file.
[chromium-blink-merge.git] / chrome / renderer / chrome_content_renderer_client.cc
blob77d6c346f02f935a15f05080095b3c69b96431e3
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/renderer/chrome_content_renderer_client.h"
6
7 #include "base/command_line.h"
8 #include "base/debug/crash_logging.h"
9 #include "base/logging.h"
10 #include "base/metrics/histogram.h"
11 #include "base/metrics/user_metrics_action.h"
12 #include "base/path_service.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/values.h"
17 #include "chrome/common/chrome_content_client.h"
18 #include "chrome/common/chrome_paths.h"
19 #include "chrome/common/chrome_switches.h"
20 #include "chrome/common/content_settings_pattern.h"
21 #include "chrome/common/crash_keys.h"
22 #include "chrome/common/extensions/chrome_extensions_client.h"
23 #include "chrome/common/extensions/extension_constants.h"
24 #include "chrome/common/extensions/extension_process_policy.h"
25 #include "chrome/common/localized_error.h"
26 #include "chrome/common/pepper_permission_util.h"
27 #include "chrome/common/profile_management_switches.h"
28 #include "chrome/common/render_messages.h"
29 #include "chrome/common/url_constants.h"
30 #include "chrome/renderer/benchmarking_extension.h"
31 #include "chrome/renderer/chrome_render_frame_observer.h"
32 #include "chrome/renderer/chrome_render_process_observer.h"
33 #include "chrome/renderer/chrome_render_view_observer.h"
34 #include "chrome/renderer/content_settings_observer.h"
35 #include "chrome/renderer/extensions/chrome_v8_context.h"
36 #include "chrome/renderer/extensions/chrome_v8_extension.h"
37 #include "chrome/renderer/extensions/dispatcher.h"
38 #include "chrome/renderer/extensions/extension_frame_helper.h"
39 #include "chrome/renderer/extensions/extension_helper.h"
40 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
41 #include "chrome/renderer/extensions/resource_request_policy.h"
42 #include "chrome/renderer/external_extension.h"
43 #include "chrome/renderer/loadtimes_extension_bindings.h"
44 #include "chrome/renderer/media/cast_ipc_dispatcher.h"
45 #include "chrome/renderer/media/chrome_key_systems.h"
46 #include "chrome/renderer/net/net_error_helper.h"
47 #include "chrome/renderer/net/prescient_networking_dispatcher.h"
48 #include "chrome/renderer/net/renderer_net_predictor.h"
49 #include "chrome/renderer/net_benchmarking_extension.h"
50 #include "chrome/renderer/page_load_histograms.h"
51 #include "chrome/renderer/pepper/pepper_helper.h"
52 #include "chrome/renderer/pepper/ppb_pdf_impl.h"
53 #include "chrome/renderer/playback_extension.h"
54 #include "chrome/renderer/plugins/chrome_plugin_placeholder.h"
55 #include "chrome/renderer/plugins/plugin_uma.h"
56 #include "chrome/renderer/prerender/prerender_dispatcher.h"
57 #include "chrome/renderer/prerender/prerender_helper.h"
58 #include "chrome/renderer/prerender/prerender_media_load_deferrer.h"
59 #include "chrome/renderer/prerender/prerenderer_client.h"
60 #include "chrome/renderer/principals_extension_bindings.h"
61 #include "chrome/renderer/printing/print_web_view_helper.h"
62 #include "chrome/renderer/safe_browsing/malware_dom_details.h"
63 #include "chrome/renderer/safe_browsing/phishing_classifier_delegate.h"
64 #include "chrome/renderer/searchbox/search_bouncer.h"
65 #include "chrome/renderer/searchbox/searchbox.h"
66 #include "chrome/renderer/searchbox/searchbox_extension.h"
67 #include "chrome/renderer/tts_dispatcher.h"
68 #include "chrome/renderer/worker_permission_client_proxy.h"
69 #include "components/autofill/content/renderer/autofill_agent.h"
70 #include "components/autofill/content/renderer/password_autofill_agent.h"
71 #include "components/autofill/content/renderer/password_generation_agent.h"
72 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
73 #include "components/plugins/renderer/mobile_youtube_plugin.h"
74 #include "components/visitedlink/renderer/visitedlink_slave.h"
75 #include "content/public/common/content_constants.h"
76 #include "content/public/renderer/render_frame.h"
77 #include "content/public/renderer/render_thread.h"
78 #include "content/public/renderer/render_view.h"
79 #include "content/public/renderer/render_view_visitor.h"
80 #include "extensions/common/constants.h"
81 #include "extensions/common/extension.h"
82 #include "extensions/common/extension_set.h"
83 #include "extensions/common/extension_urls.h"
84 #include "extensions/common/switches.h"
85 #include "grit/generated_resources.h"
86 #include "grit/locale_settings.h"
87 #include "grit/renderer_resources.h"
88 #include "ipc/ipc_sync_channel.h"
89 #include "net/base/net_errors.h"
90 #include "ppapi/c/private/ppb_nacl_private.h"
91 #include "ppapi/c/private/ppb_pdf.h"
92 #include "ppapi/shared_impl/ppapi_switches.h"
93 #include "third_party/WebKit/public/platform/WebURL.h"
94 #include "third_party/WebKit/public/platform/WebURLError.h"
95 #include "third_party/WebKit/public/platform/WebURLRequest.h"
96 #include "third_party/WebKit/public/web/WebCache.h"
97 #include "third_party/WebKit/public/web/WebDataSource.h"
98 #include "third_party/WebKit/public/web/WebDocument.h"
99 #include "third_party/WebKit/public/web/WebElement.h"
100 #include "third_party/WebKit/public/web/WebFrame.h"
101 #include "third_party/WebKit/public/web/WebPluginContainer.h"
102 #include "third_party/WebKit/public/web/WebPluginParams.h"
103 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
104 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
105 #include "ui/base/l10n/l10n_util.h"
106 #include "ui/base/layout.h"
107 #include "ui/base/resource/resource_bundle.h"
108 #include "ui/base/webui/jstemplate_builder.h"
109 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
110
111 #if defined(ENABLE_WEBRTC)
112 #include "chrome/renderer/media/webrtc_logging_message_filter.h"
113 #endif
114
115 #if defined(ENABLE_SPELLCHECK)
116 #include "chrome/renderer/spellchecker/spellcheck.h"
117 #include "chrome/renderer/spellchecker/spellcheck_provider.h"
118 #endif
119
120 #if defined(OS_WIN)
121 #include "chrome_elf/blacklist/blacklist.h"
122 #endif // OS_WIN
123
124 using autofill::AutofillAgent;
125 using autofill::PasswordAutofillAgent;
126 using autofill::PasswordGenerationAgent;
127 using base::ASCIIToUTF16;
128 using base::UserMetricsAction;
129 using content::RenderThread;
130 using content::WebPluginInfo;
131 using extensions::Extension;
132 using blink::WebCache;
133 using blink::WebConsoleMessage;
134 using blink::WebDataSource;
135 using blink::WebDocument;
136 using blink::WebFrame;
137 using blink::WebPlugin;
138 using blink::WebPluginParams;
139 using blink::WebSecurityOrigin;
140 using blink::WebSecurityPolicy;
141 using blink::WebString;
142 using blink::WebURL;
143 using blink::WebURLError;
144 using blink::WebURLRequest;
145 using blink::WebURLResponse;
146 using blink::WebVector;
147
148 namespace {
149
150 const char kWebViewTagName[] = "WEBVIEW";
151 const char kAdViewTagName[] = "ADVIEW";
152
153 ChromeContentRendererClient* g_current_client;
154
155 static void AppendParams(const std::vector<base::string16>& additional_names,
156 const std::vector<base::string16>& additional_values,
157 WebVector<WebString>* existing_names,
158 WebVector<WebString>* existing_values) {
159 DCHECK(additional_names.size() == additional_values.size());
160 DCHECK(existing_names->size() == existing_values->size());
161
162 size_t existing_size = existing_names->size();
163 size_t total_size = existing_size + additional_names.size();
164
165 WebVector<WebString> names(total_size);
166 WebVector<WebString> values(total_size);
167
168 for (size_t i = 0; i < existing_size; ++i) {
169 names[i] = (*existing_names)[i];
170 values[i] = (*existing_values)[i];
171 }
172
173 for (size_t i = 0; i < additional_names.size(); ++i) {
174 names[existing_size + i] = additional_names[i];
175 values[existing_size + i] = additional_values[i];
176 }
177
178 existing_names->swap(names);
179 existing_values->swap(values);
180 }
181
182 #if defined(ENABLE_SPELLCHECK)
183 class SpellCheckReplacer : public content::RenderViewVisitor {
184 public:
185 explicit SpellCheckReplacer(SpellCheck* spellcheck)
186 : spellcheck_(spellcheck) {}
187 virtual bool Visit(content::RenderView* render_view) OVERRIDE;
188
189 private:
190 SpellCheck* spellcheck_; // New shared spellcheck for all views. Weak Ptr.
191 DISALLOW_COPY_AND_ASSIGN(SpellCheckReplacer);
192 };
193
194 bool SpellCheckReplacer::Visit(content::RenderView* render_view) {
195 SpellCheckProvider* provider = SpellCheckProvider::Get(render_view);
196 DCHECK(provider);
197 provider->set_spellcheck(spellcheck_);
198 return true;
199 }
200 #endif
201
202 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
203 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
204 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
205 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
206 return false;
207 }
208
209 // Treat Native Client invocations like JavaScript.
210 if (plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName))
211 return true;
212
213 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
214 // Treat CDM invocations like JavaScript.
215 if (plugin.name == ASCIIToUTF16(kWidevineCdmDisplayName)) {
216 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
217 return true;
218 }
219 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
220
221 return false;
222 }
223
224 } // namespace
225
226 ChromeContentRendererClient::ChromeContentRendererClient() {
227 g_current_client = this;
228 }
229
230 ChromeContentRendererClient::~ChromeContentRendererClient() {
231 g_current_client = NULL;
232 }
233
234 void ChromeContentRendererClient::RenderThreadStarted() {
235 RenderThread* thread = RenderThread::Get();
236
237 chrome_observer_.reset(new ChromeRenderProcessObserver(this));
238 // ChromeRenderViewTest::SetUp() creates its own ExtensionDispatcher and
239 // injects it using SetExtensionDispatcher(). Don't overwrite it.
240 if (!extension_dispatcher_)
241 extension_dispatcher_.reset(new extensions::Dispatcher());
242 permissions_policy_delegate_.reset(
243 new extensions::RendererPermissionsPolicyDelegate(
244 extension_dispatcher_.get()));
245 prescient_networking_dispatcher_.reset(new PrescientNetworkingDispatcher());
246 net_predictor_.reset(new RendererNetPredictor());
247 #if defined(ENABLE_SPELLCHECK)
248 // ChromeRenderViewTest::SetUp() creates a Spellcheck and injects it using
249 // SetSpellcheck(). Don't overwrite it.
250 if (!spellcheck_) {
251 spellcheck_.reset(new SpellCheck());
252 thread->AddObserver(spellcheck_.get());
253 }
254 #endif
255 visited_link_slave_.reset(new visitedlink::VisitedLinkSlave());
256 #if defined(FULL_SAFE_BROWSING)
257 phishing_classifier_.reset(safe_browsing::PhishingClassifierFilter::Create());
258 #endif
259 prerender_dispatcher_.reset(new prerender::PrerenderDispatcher());
260 #if defined(ENABLE_WEBRTC)
261 webrtc_logging_message_filter_ = new WebRtcLoggingMessageFilter(
262 content::RenderThread::Get()->GetIOMessageLoopProxy());
263 #endif
264 search_bouncer_.reset(new SearchBouncer());
265
266 thread->AddObserver(chrome_observer_.get());
267 thread->AddObserver(extension_dispatcher_.get());
268 #if defined(FULL_SAFE_BROWSING)
269 thread->AddObserver(phishing_classifier_.get());
270 #endif
271 thread->AddObserver(visited_link_slave_.get());
272 thread->AddObserver(prerender_dispatcher_.get());
273 thread->AddObserver(search_bouncer_.get());
274
275 #if defined(ENABLE_WEBRTC)
276 thread->AddFilter(webrtc_logging_message_filter_.get());
277 #endif
278 thread->AddFilter(new CastIPCDispatcher(
279 content::RenderThread::Get()->GetIOMessageLoopProxy()));
280
281 thread->RegisterExtension(extensions_v8::ExternalExtension::Get());
282 thread->RegisterExtension(extensions_v8::LoadTimesExtension::Get());
283
284 CommandLine* command_line = CommandLine::ForCurrentProcess();
285 if (command_line->HasSwitch(switches::kEnableBenchmarking))
286 thread->RegisterExtension(extensions_v8::BenchmarkingExtension::Get());
287 if (command_line->HasSwitch(switches::kEnableNetBenchmarking))
288 thread->RegisterExtension(extensions_v8::NetBenchmarkingExtension::Get());
289 if (command_line->HasSwitch(switches::kInstantProcess))
290 thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
291
292 if (command_line->HasSwitch(switches::kPlaybackMode) ||
293 command_line->HasSwitch(switches::kRecordMode) ||
294 command_line->HasSwitch(switches::kNoJsRandomness)) {
295 thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
296 }
297
298 // TODO(guohui): needs to forward the new-profile-management switch to
299 // renderer processes.
300 if (switches::IsNewProfileManagement())
301 thread->RegisterExtension(extensions_v8::PrincipalsExtension::Get());
302
303 // chrome:, chrome-search:, chrome-devtools:, and chrome-distiller: pages
304 // should not be accessible by normal content, and should also be unable to
305 // script anything but themselves (to help limit the damage that a corrupt
306 // page could cause).
307 WebString chrome_ui_scheme(ASCIIToUTF16(content::kChromeUIScheme));
308 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
309
310 WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
311 // The Instant process can only display the content but not read it. Other
312 // processes can't display it or read it.
313 if (!command_line->HasSwitch(switches::kInstantProcess))
314 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
315
316 WebString dev_tools_scheme(ASCIIToUTF16(content::kChromeDevToolsScheme));
317 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
318
319 WebString dom_distiller_scheme(ASCIIToUTF16(chrome::kDomDistillerScheme));
320 // TODO(nyquist): Add test to ensure this happens when the flag is set.
321 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dom_distiller_scheme);
322
323 #if defined(OS_CHROMEOS)
324 WebString drive_scheme(ASCIIToUTF16(chrome::kDriveScheme));
325 WebSecurityPolicy::registerURLSchemeAsLocal(drive_scheme);
326 #endif
327
328 // chrome: and chrome-search: pages should not be accessible by bookmarklets
329 // or javascript: URLs typed in the omnibox.
330 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
331 chrome_ui_scheme);
332 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
333 chrome_search_scheme);
334
335 // chrome:, chrome-search:, and chrome-extension: resources shouldn't trigger
336 // insecure content warnings.
337 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
338 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
339
340 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
341 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
342
343 // chrome-extension: resources should be allowed to receive CORS requests.
344 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
345
346 WebString extension_resource_scheme(
347 ASCIIToUTF16(extensions::kExtensionResourceScheme));
348 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
349
350 // chrome-extension-resource: resources should be allowed to receive CORS
351 // requests.
352 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
353
354 // chrome-extension: resources should bypass Content Security Policy checks
355 // when included in protected resources.
356 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
357 extension_scheme);
358 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
359 extension_resource_scheme);
360
361 extensions::ExtensionsClient::Set(
362 extensions::ChromeExtensionsClient::GetInstance());
363
364 #if defined(OS_WIN)
365 // Report if the renderer process has been patched by chrome_elf.
366 // TODO(csharp): Remove once the renderer is no longer getting
367 // patched this way.
368 if (blacklist::IsBlacklistInitialized())
369 UMA_HISTOGRAM_BOOLEAN("Blacklist.PatchedInRenderer", true);
370 #endif
371 }
372
373 void ChromeContentRendererClient::RenderFrameCreated(
374 content::RenderFrame* render_frame) {
375 new ChromeRenderFrameObserver(render_frame);
376
377 ContentSettingsObserver* content_settings =
378 new ContentSettingsObserver(render_frame, extension_dispatcher_.get());
379 if (chrome_observer_.get()) {
380 content_settings->SetContentSettingRules(
381 chrome_observer_->content_setting_rules());
382 }
383
384 new extensions::ExtensionFrameHelper(render_frame,
385 extension_dispatcher_.get());
386
387 #if defined(ENABLE_PLUGINS)
388 new PepperHelper(render_frame);
389 #endif
390
391 // TODO(jam): when the frame tree moves into content and parent() works at
392 // RenderFrame construction, simplify this by just checking parent().
393 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) {
394 // Avoid any race conditions from having the browser tell subframes that
395 // they're prerendering.
396 if (prerender::PrerenderHelper::IsPrerendering(
397 render_frame->GetRenderView()->GetMainRenderFrame())) {
398 new prerender::PrerenderHelper(render_frame);
399 }
400 }
401
402 if (render_frame->GetRenderView()->GetMainRenderFrame() == render_frame) {
403 // Only attach NetErrorHelper to the main frame, since only the main frame
404 // should get error pages.
405 new NetErrorHelper(render_frame);
406 }
407 }
408
409 void ChromeContentRendererClient::RenderViewCreated(
410 content::RenderView* render_view) {
411 new extensions::ExtensionHelper(render_view, extension_dispatcher_.get());
412 new PageLoadHistograms(render_view);
413 #if defined(ENABLE_PRINTING)
414 new printing::PrintWebViewHelper(render_view);
415 #endif
416 #if defined(ENABLE_SPELLCHECK)
417 new SpellCheckProvider(render_view, spellcheck_.get());
418 #endif
419 new prerender::PrerendererClient(render_view);
420 #if defined(FULL_SAFE_BROWSING)
421 safe_browsing::MalwareDOMDetails::Create(render_view);
422 #endif
423
424 PasswordGenerationAgent* password_generation_agent =
425 new PasswordGenerationAgent(render_view);
426 PasswordAutofillAgent* password_autofill_agent =
427 new PasswordAutofillAgent(render_view);
428 new AutofillAgent(render_view,
429 password_autofill_agent,
430 password_generation_agent);
431
432 CommandLine* command_line = CommandLine::ForCurrentProcess();
433 if (command_line->HasSwitch(switches::kInstantProcess))
434 new SearchBox(render_view);
435
436 new ChromeRenderViewObserver(render_view, chrome_observer_.get());
437 }
438
439 void ChromeContentRendererClient::SetNumberOfViews(int number_of_views) {
440 base::debug::SetCrashKeyValue(crash_keys::kNumberOfViews,
441 base::IntToString(number_of_views));
442 }
443
444 SkBitmap* ChromeContentRendererClient::GetSadPluginBitmap() {
445 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
446 GetImageNamed(IDR_SAD_PLUGIN).ToSkBitmap());
447 }
448
449 SkBitmap* ChromeContentRendererClient::GetSadWebViewBitmap() {
450 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
451 GetImageNamed(IDR_SAD_WEBVIEW).ToSkBitmap());
452 }
453
454 std::string ChromeContentRendererClient::GetDefaultEncoding() {
455 return l10n_util::GetStringUTF8(IDS_DEFAULT_ENCODING);
456 }
457
458 const Extension* ChromeContentRendererClient::GetExtensionByOrigin(
459 const WebSecurityOrigin& origin) const {
460 if (!EqualsASCII(origin.protocol(), extensions::kExtensionScheme))
461 return NULL;
462
463 const std::string extension_id = origin.host().utf8().data();
464 return extension_dispatcher_->extensions()->GetByID(extension_id);
465 }
466
467 bool ChromeContentRendererClient::OverrideCreatePlugin(
468 content::RenderFrame* render_frame,
469 WebFrame* frame,
470 const WebPluginParams& params,
471 WebPlugin** plugin) {
472 std::string orig_mime_type = params.mimeType.utf8();
473 if (orig_mime_type == content::kBrowserPluginMimeType) {
474 if (CommandLine::ForCurrentProcess()->HasSwitch(
475 switches::kEnableBrowserPluginForAllViewTypes))
476 return false;
477 WebDocument document = frame->document();
478 const Extension* extension =
479 GetExtensionByOrigin(document.securityOrigin());
480 if (extension) {
481 const extensions::APIPermission::ID perms[] = {
482 extensions::APIPermission::kWebView,
483 extensions::APIPermission::kAdView
484 };
485 for (size_t i = 0; i < arraysize(perms); ++i) {
486 if (extension->HasAPIPermission(perms[i]))
487 return false;
488 }
489 }
490 }
491
492 ChromeViewHostMsg_GetPluginInfo_Output output;
493 #if defined(ENABLE_PLUGINS)
494 render_frame->Send(new ChromeViewHostMsg_GetPluginInfo(
495 render_frame->GetRoutingID(), GURL(params.url),
496 frame->top()->document().url(), orig_mime_type, &output));
497 #else
498 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
499 #endif
500 *plugin = CreatePlugin(render_frame, frame, params, output);
501 return true;
502 }
503
504 WebPlugin* ChromeContentRendererClient::CreatePluginReplacement(
505 content::RenderFrame* render_frame,
506 const base::FilePath& plugin_path) {
507 ChromePluginPlaceholder* placeholder =
508 ChromePluginPlaceholder::CreateErrorPlugin(render_frame, plugin_path);
509 return placeholder->plugin();
510 }
511
512 void ChromeContentRendererClient::DeferMediaLoad(
513 content::RenderFrame* render_frame,
514 const base::Closure& closure) {
515 #if defined(OS_ANDROID)
516 // Chromium for Android doesn't support prerender yet.
517 closure.Run();
518 return;
519 #else
520 if (!prerender::PrerenderHelper::IsPrerendering(render_frame)) {
521 closure.Run();
522 return;
523 }
524
525 // Lifetime is tied to |render_frame| via content::RenderFrameObserver.
526 new prerender::PrerenderMediaLoadDeferrer(render_frame, closure);
527 #endif
528 }
529
530 WebPlugin* ChromeContentRendererClient::CreatePlugin(
531 content::RenderFrame* render_frame,
532 WebFrame* frame,
533 const WebPluginParams& original_params,
534 const ChromeViewHostMsg_GetPluginInfo_Output& output) {
535 const ChromeViewHostMsg_GetPluginInfo_Status& status = output.status;
536 const WebPluginInfo& plugin = output.plugin;
537 const std::string& actual_mime_type = output.actual_mime_type;
538 const base::string16& group_name = output.group_name;
539 const std::string& identifier = output.group_identifier;
540 ChromeViewHostMsg_GetPluginInfo_Status::Value status_value = status.value;
541 GURL url(original_params.url);
542 std::string orig_mime_type = original_params.mimeType.utf8();
543 ChromePluginPlaceholder* placeholder = NULL;
544
545 // If the browser plugin is to be enabled, this should be handled by the
546 // renderer, so the code won't reach here due to the early exit in
547 // OverrideCreatePlugin.
548 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound ||
549 orig_mime_type == content::kBrowserPluginMimeType) {
550 #if defined(OS_ANDROID)
551 if (plugins::MobileYouTubePlugin::IsYouTubeURL(url, orig_mime_type)) {
552 base::StringPiece template_html(
553 ResourceBundle::GetSharedInstance().GetRawDataResource(
554 IDR_MOBILE_YOUTUBE_PLUGIN_HTML));
555 return (new plugins::MobileYouTubePlugin(
556 render_frame,
557 frame,
558 original_params,
559 template_html,
560 GURL(ChromePluginPlaceholder::kPluginPlaceholderDataURL)))
561 ->plugin();
562 }
563 #endif
564 PluginUMAReporter::GetInstance()->ReportPluginMissing(orig_mime_type, url);
565 placeholder = ChromePluginPlaceholder::CreateMissingPlugin(
566 render_frame, frame, original_params);
567 } else {
568 // TODO(bauerb): This should be in content/.
569 WebPluginParams params(original_params);
570 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
571 if (plugin.mime_types[i].mime_type == actual_mime_type) {
572 AppendParams(plugin.mime_types[i].additional_param_names,
573 plugin.mime_types[i].additional_param_values,
574 &params.attributeNames,
575 &params.attributeValues);
576 break;
577 }
578 }
579 if (params.mimeType.isNull() && (actual_mime_type.size() > 0)) {
580 // Webkit might say that mime type is null while we already know the
581 // actual mime type via ChromeViewHostMsg_GetPluginInfo. In that case
582 // we should use what we know since WebpluginDelegateProxy does some
583 // specific initializations based on this information.
584 params.mimeType = WebString::fromUTF8(actual_mime_type.c_str());
585 }
586
587 ContentSettingsObserver* observer =
588 ContentSettingsObserver::Get(render_frame);
589
590 const ContentSettingsType content_type =
591 ShouldUseJavaScriptSettingForPlugin(plugin) ?
592 CONTENT_SETTINGS_TYPE_JAVASCRIPT :
593 CONTENT_SETTINGS_TYPE_PLUGINS;
594
595 if ((status_value ==
596 ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized ||
597 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay ||
598 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kBlocked) &&
599 observer->IsPluginTemporarilyAllowed(identifier)) {
600 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
601 }
602
603 // Allow full-page plug-ins for click-to-play.
604 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay &&
605 !frame->parent() &&
606 !frame->opener() &&
607 frame->document().isPluginDocument()) {
608 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
609 }
610
611 #if defined(OS_WIN)
612 // In Windows we need to check if we can load NPAPI plugins.
613 // For example, if the render view is in the Ash desktop, we should not.
614 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
615 plugin.type == content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
616 if (observer->AreNPAPIPluginsBlocked())
617 status_value =
618 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
619 }
620 #endif
621
622 switch (status_value) {
623 case ChromeViewHostMsg_GetPluginInfo_Status::kNotFound: {
624 NOTREACHED();
625 break;
626 }
627 case ChromeViewHostMsg_GetPluginInfo_Status::kAllowed: {
628 const bool is_nacl_plugin =
629 plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName);
630 const bool is_nacl_mime_type =
631 actual_mime_type == "application/x-nacl";
632 const bool is_pnacl_mime_type =
633 actual_mime_type == "application/x-pnacl";
634 if (is_nacl_plugin || is_nacl_mime_type || is_pnacl_mime_type) {
635 bool is_nacl_unrestricted = false;
636 if (is_nacl_mime_type) {
637 is_nacl_unrestricted =
638 CommandLine::ForCurrentProcess()->HasSwitch(
639 switches::kEnableNaCl);
640 } else if (is_pnacl_mime_type) {
641 is_nacl_unrestricted =
642 !CommandLine::ForCurrentProcess()->HasSwitch(
643 switches::kDisablePnacl);
644 }
645 GURL manifest_url;
646 GURL app_url;
647 if (is_nacl_mime_type || is_pnacl_mime_type) {
648 // Normal NaCl/PNaCl embed. The app URL is the page URL.
649 manifest_url = url;
650 app_url = frame->top()->document().url();
651 } else {
652 // NaCl is being invoked as a content handler. Look up the NaCl
653 // module using the MIME type. The app URL is the manifest URL.
654 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin);
655 app_url = manifest_url;
656 }
657 const Extension* extension =
658 g_current_client->extension_dispatcher_->extensions()->
659 GetExtensionOrAppByURL(manifest_url);
660 if (!IsNaClAllowed(manifest_url,
661 app_url,
662 is_nacl_unrestricted,
663 extension,
664 &params)) {
665 WebString error_message;
666 if (is_nacl_mime_type) {
667 error_message =
668 "Only unpacked extensions and apps installed from the Chrome "
669 "Web Store can load NaCl modules without enabling Native "
670 "Client in about:flags.";
671 } else if (is_pnacl_mime_type) {
672 error_message =
673 "Portable Native Client must not be disabled in about:flags.";
674 }
675 frame->addMessageToConsole(
676 WebConsoleMessage(WebConsoleMessage::LevelError,
677 error_message));
678 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
679 render_frame,
680 frame,
681 params,
682 plugin,
683 identifier,
684 group_name,
685 IDR_BLOCKED_PLUGIN_HTML,
686 #if defined(OS_CHROMEOS)
687 l10n_util::GetStringUTF16(IDS_NACL_PLUGIN_BLOCKED));
688 #else
689 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
690 #endif
691 break;
692 }
693 }
694
695 // Delay loading plugins if prerendering.
696 // TODO(mmenke): In the case of prerendering, feed into
697 // ChromeContentRendererClient::CreatePlugin instead, to
698 // reduce the chance of future regressions.
699 if (prerender::PrerenderHelper::IsPrerendering(render_frame)) {
700 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
701 render_frame,
702 frame,
703 params,
704 plugin,
705 identifier,
706 group_name,
707 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
708 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
709 placeholder->set_blocked_for_prerendering(true);
710 placeholder->set_allow_loading(true);
711 break;
712 }
713
714 return render_frame->CreatePlugin(frame, plugin, params);
715 }
716 case ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported: {
717 RenderThread::Get()->RecordAction(
718 UserMetricsAction("Plugin_NPAPINotSupported"));
719 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
720 render_frame,
721 frame,
722 params,
723 plugin,
724 identifier,
725 group_name,
726 IDR_BLOCKED_PLUGIN_HTML,
727 l10n_util::GetStringUTF16(IDS_PLUGIN_NOT_SUPPORTED_METRO));
728 render_frame->Send(new ChromeViewHostMsg_NPAPINotSupported(
729 render_frame->GetRoutingID(), identifier));
730 break;
731 }
732 case ChromeViewHostMsg_GetPluginInfo_Status::kDisabled: {
733 PluginUMAReporter::GetInstance()->ReportPluginDisabled(orig_mime_type,
734 url);
735 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
736 render_frame,
737 frame,
738 params,
739 plugin,
740 identifier,
741 group_name,
742 IDR_DISABLED_PLUGIN_HTML,
743 l10n_util::GetStringFUTF16(IDS_PLUGIN_DISABLED, group_name));
744 break;
745 }
746 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked: {
747 #if defined(ENABLE_PLUGIN_INSTALLATION)
748 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
749 render_frame,
750 frame,
751 params,
752 plugin,
753 identifier,
754 group_name,
755 IDR_BLOCKED_PLUGIN_HTML,
756 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
757 placeholder->set_allow_loading(true);
758 render_frame->Send(new ChromeViewHostMsg_BlockedOutdatedPlugin(
759 render_frame->GetRoutingID(), placeholder->CreateRoutingId(),
760 identifier));
761 #else
762 NOTREACHED();
763 #endif
764 break;
765 }
766 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed: {
767 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
768 render_frame,
769 frame,
770 params,
771 plugin,
772 identifier,
773 group_name,
774 IDR_BLOCKED_PLUGIN_HTML,
775 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
776 break;
777 }
778 case ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized: {
779 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
780 render_frame,
781 frame,
782 params,
783 plugin,
784 identifier,
785 group_name,
786 IDR_BLOCKED_PLUGIN_HTML,
787 l10n_util::GetStringFUTF16(IDS_PLUGIN_NOT_AUTHORIZED, group_name));
788 placeholder->set_allow_loading(true);
789 render_frame->Send(new ChromeViewHostMsg_BlockedUnauthorizedPlugin(
790 render_frame->GetRoutingID(),
791 group_name,
792 identifier));
793 break;
794 }
795 case ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay: {
796 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
797 render_frame,
798 frame,
799 params,
800 plugin,
801 identifier,
802 group_name,
803 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
804 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
805 placeholder->set_allow_loading(true);
806 RenderThread::Get()->RecordAction(
807 UserMetricsAction("Plugin_ClickToPlay"));
808 observer->DidBlockContentType(content_type);
809 break;
810 }
811 case ChromeViewHostMsg_GetPluginInfo_Status::kBlocked: {
812 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
813 render_frame,
814 frame,
815 params,
816 plugin,
817 identifier,
818 group_name,
819 IDR_BLOCKED_PLUGIN_HTML,
820 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
821 placeholder->set_allow_loading(true);
822 RenderThread::Get()->RecordAction(UserMetricsAction("Plugin_Blocked"));
823 observer->DidBlockContentType(content_type);
824 break;
825 }
826 case ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy: {
827 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
828 render_frame,
829 frame,
830 params,
831 plugin,
832 identifier,
833 group_name,
834 IDR_BLOCKED_PLUGIN_HTML,
835 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
836 placeholder->set_allow_loading(false);
837 RenderThread::Get()->RecordAction(
838 UserMetricsAction("Plugin_BlockedByPolicy"));
839 observer->DidBlockContentType(content_type);
840 break;
841 }
842 }
843 }
844 placeholder->SetStatus(status);
845 return placeholder->plugin();
846 }
847
848 // For NaCl content handling plugins, the NaCl manifest is stored in an
849 // additonal 'nacl' param associated with the MIME type.
850 // static
851 GURL ChromeContentRendererClient::GetNaClContentHandlerURL(
852 const std::string& actual_mime_type,
853 const content::WebPluginInfo& plugin) {
854 // Look for the manifest URL among the MIME type's additonal parameters.
855 const char* kNaClPluginManifestAttribute = "nacl";
856 base::string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
857 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
858 if (plugin.mime_types[i].mime_type == actual_mime_type) {
859 const content::WebPluginMimeType& content_type = plugin.mime_types[i];
860 for (size_t i = 0; i < content_type.additional_param_names.size(); ++i) {
861 if (content_type.additional_param_names[i] == nacl_attr)
862 return GURL(content_type.additional_param_values[i]);
863 }
864 break;
865 }
866 }
867 return GURL();
868 }
869
870 // static
871 bool ChromeContentRendererClient::IsNaClAllowed(
872 const GURL& manifest_url,
873 const GURL& app_url,
874 bool is_nacl_unrestricted,
875 const Extension* extension,
876 WebPluginParams* params) {
877 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.
878 std::string app_url_host = app_url.host();
879 std::string manifest_url_path = manifest_url.path();
880
881 bool is_whitelisted_web_ui =
882 app_url.spec() == chrome::kChromeUIAppListStartPageURL;
883
884 bool is_photo_app =
885 // Whitelisted apps must be served over https.
886 app_url.SchemeIs("https") &&
887 manifest_url.SchemeIs("https") &&
888 (EndsWith(app_url_host, "plus.google.com", false) ||
889 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
890 manifest_url.DomainIs("ssl.gstatic.com") &&
891 (manifest_url_path.find("s2/oz/nacl/") == 1 ||
892 manifest_url_path.find("photos/nacl/") == 1);
893
894 std::string manifest_fs_host;
895 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {
896 manifest_fs_host = manifest_url.inner_url()->host();
897 }
898 bool is_hangouts_app =
899 // Whitelisted apps must be served over secure scheme.
900 app_url.SchemeIs("https") &&
901 manifest_url.SchemeIsSecure() &&
902 manifest_url.SchemeIsFileSystem() &&
903 (EndsWith(app_url_host, "talkgadget.google.com", false) ||
904 EndsWith(app_url_host, "plus.google.com", false) ||
905 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
906 // The manifest must be loaded from the host's FileSystem.
907 (manifest_fs_host == app_url_host);
908
909 bool is_whitelisted_app = is_photo_app || is_hangouts_app;
910
911 bool is_extension_from_webstore = extension &&
912 extension->from_webstore();
913
914 bool is_invoked_by_hosted_app = extension &&
915 extension->is_hosted_app() &&
916 extension->web_extent().MatchesURL(app_url);
917
918 // Allow built-in extensions and extensions under development.
919 bool is_extension_unrestricted = extension &&
920 (extension->location() == extensions::Manifest::COMPONENT ||
921 extensions::Manifest::IsUnpackedLocation(extension->location()));
922
923 bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
924
925 // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
926 bool is_nacl_pdf_viewer =
927 (is_extension_from_webstore &&
928 manifest_url.SchemeIs("chrome-extension") &&
929 manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
930
931 // Allow Chrome Web Store extensions, built-in extensions and extensions
932 // under development if the invocation comes from a URL with an extension
933 // scheme. Also allow invocations if they are from whitelisted URLs or
934 // if --enable-nacl is set.
935 bool is_nacl_allowed = is_nacl_unrestricted ||
936 is_whitelisted_web_ui ||
937 is_whitelisted_app ||
938 is_nacl_pdf_viewer ||
939 is_invoked_by_hosted_app ||
940 (is_invoked_by_extension &&
941 (is_extension_from_webstore ||
942 is_extension_unrestricted));
943 if (is_nacl_allowed) {
944 bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
945 // Make sure that PPAPI 'dev' interfaces aren't available for production
946 // apps unless they're whitelisted.
947 WebString dev_attribute = WebString::fromUTF8("@dev");
948 if ((!is_whitelisted_app && !is_extension_from_webstore) ||
949 app_can_use_dev_interfaces) {
950 // Add the special '@dev' attribute.
951 std::vector<base::string16> param_names;
952 std::vector<base::string16> param_values;
953 param_names.push_back(dev_attribute);
954 param_values.push_back(WebString());
955 AppendParams(
956 param_names,
957 param_values,
958 &params->attributeNames,
959 &params->attributeValues);
960 } else {
961 // If the params somehow contain '@dev', remove it.
962 size_t attribute_count = params->attributeNames.size();
963 for (size_t i = 0; i < attribute_count; ++i) {
964 if (params->attributeNames[i].equals(dev_attribute))
965 params->attributeNames[i] = WebString();
966 }
967 }
968 }
969 return is_nacl_allowed;
970 }
971
972 bool ChromeContentRendererClient::HasErrorPage(int http_status_code,
973 std::string* error_domain) {
974 // Use an internal error page, if we have one for the status code.
975 if (!LocalizedError::HasStrings(LocalizedError::kHttpErrorDomain,
976 http_status_code)) {
977 return false;
978 }
979
980 *error_domain = LocalizedError::kHttpErrorDomain;
981 return true;
982 }
983
984 bool ChromeContentRendererClient::ShouldSuppressErrorPage(
985 content::RenderFrame* render_frame,
986 const GURL& url) {
987 // Unit tests for ChromeContentRendererClient pass a NULL RenderFrame here.
988 // Unfortunately it's very difficult to construct a mock RenderView, so skip
989 // this functionality in this case.
990 if (render_frame) {
991 content::RenderView* render_view = render_frame->GetRenderView();
992 content::RenderFrame* main_render_frame = render_view->GetMainRenderFrame();
993 blink::WebFrame* web_frame = render_frame->GetWebFrame();
994 NetErrorHelper* net_error_helper = NetErrorHelper::Get(main_render_frame);
995 if (net_error_helper->ShouldSuppressErrorPage(web_frame, url))
996 return true;
997 }
998 // Do not flash an error page if the Instant new tab page fails to load.
999 return search_bouncer_.get() && search_bouncer_->IsNewTabPage(url);
1000 }
1001
1002 void ChromeContentRendererClient::GetNavigationErrorStrings(
1003 content::RenderView* render_view,
1004 blink::WebFrame* frame,
1005 const blink::WebURLRequest& failed_request,
1006 const blink::WebURLError& error,
1007 std::string* error_html,
1008 base::string16* error_description) {
1009 const GURL failed_url = error.unreachableURL;
1010 const Extension* extension = NULL;
1011
1012 if (failed_url.is_valid() &&
1013 !failed_url.SchemeIs(extensions::kExtensionScheme)) {
1014 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
1015 failed_url);
1016 }
1017
1018 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST");
1019
1020 if (error_html) {
1021 // Use a local error page.
1022 if (extension && !extension->from_bookmark()) {
1023 // TODO(erikkay): Should we use a different template for different
1024 // error messages?
1025 int resource_id = IDR_ERROR_APP_HTML;
1026 const base::StringPiece template_html(
1027 ResourceBundle::GetSharedInstance().GetRawDataResource(
1028 resource_id));
1029 if (template_html.empty()) {
1030 NOTREACHED() << "unable to load template. ID: " << resource_id;
1031 } else {
1032 base::DictionaryValue error_strings;
1033 LocalizedError::GetAppErrorStrings(failed_url, extension,
1034 &error_strings);
1035 // "t" is the id of the template's root node.
1036 *error_html = webui::GetTemplatesHtml(template_html, &error_strings,
1037 "t");
1038 }
1039 } else {
1040 // TODO(ellyjones): change GetNavigationErrorStrings to take a RenderFrame
1041 // instead of a RenderView, then pass that in.
1042 // This is safe for now because we only install the NetErrorHelper on the
1043 // main render frame anyway; see the TODO(ellyjones) in
1044 // RenderFrameCreated.
1045 content::RenderFrame* main_render_frame =
1046 render_view->GetMainRenderFrame();
1047 NetErrorHelper* helper = NetErrorHelper::Get(main_render_frame);
1048 helper->GetErrorHTML(frame, error, is_post, error_html);
1049 }
1050 }
1051
1052 if (error_description) {
1053 if (!extension)
1054 *error_description = LocalizedError::GetErrorDetails(error, is_post);
1055 }
1056 }
1057
1058 bool ChromeContentRendererClient::RunIdleHandlerWhenWidgetsHidden() {
1059 return !extension_dispatcher_->is_extension_process();
1060 }
1061
1062 bool ChromeContentRendererClient::AllowPopup() {
1063 extensions::ChromeV8Context* current_context =
1064 extension_dispatcher_->v8_context_set().GetCurrent();
1065 if (!current_context || !current_context->extension())
1066 return false;
1067 // See http://crbug.com/117446 for the subtlety of this check.
1068 switch (current_context->context_type()) {
1069 case extensions::Feature::UNSPECIFIED_CONTEXT:
1070 case extensions::Feature::WEB_PAGE_CONTEXT:
1071 case extensions::Feature::UNBLESSED_EXTENSION_CONTEXT:
1072 return false;
1073 case extensions::Feature::BLESSED_EXTENSION_CONTEXT:
1074 case extensions::Feature::CONTENT_SCRIPT_CONTEXT:
1075 return true;
1076 case extensions::Feature::BLESSED_WEB_PAGE_CONTEXT:
1077 return !current_context->web_frame()->parent();
1078 }
1079 NOTREACHED();
1080 return false;
1081 }
1082
1083 bool ChromeContentRendererClient::ShouldFork(WebFrame* frame,
1084 const GURL& url,
1085 const std::string& http_method,
1086 bool is_initial_navigation,
1087 bool is_server_redirect,
1088 bool* send_referrer) {
1089 DCHECK(!frame->parent());
1090
1091 // If this is the Instant process, fork all navigations originating from the
1092 // renderer. The destination page will then be bucketed back to this Instant
1093 // process if it is an Instant url, or to another process if not. Conversely,
1094 // fork if this is a non-Instant process navigating to an Instant url, so that
1095 // such navigations can also be bucketed into an Instant renderer.
1096 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kInstantProcess) ||
1097 (search_bouncer_.get() && search_bouncer_->ShouldFork(url))) {
1098 *send_referrer = true;
1099 return true;
1100 }
1101
1102 // For now, we skip the rest for POST submissions. This is because
1103 // http://crbug.com/101395 is more likely to cause compatibility issues
1104 // with hosted apps and extensions than WebUI pages. We will remove this
1105 // check when cross-process POST submissions are supported.
1106 if (http_method != "GET")
1107 return false;
1108
1109 // If this is the Signin process, fork all navigations originating from the
1110 // renderer. The destination page will then be bucketed back to this Signin
1111 // process if it is a Signin url, or to another process if not.
1112 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSigninProcess)) {
1113 // We never want to allow non-signin pages to fork-on-POST to a
1114 // signin-related action URL. We'll need to handle this carefully once
1115 // http://crbug.com/101395 is fixed. The CHECK ensures we don't forget.
1116 CHECK_NE(http_method, "POST");
1117 return true;
1118 }
1119
1120 // If |url| matches one of the prerendered URLs, stop this navigation and try
1121 // to swap in the prerendered page on the browser process. If the prerendered
1122 // page no longer exists by the time the OpenURL IPC is handled, a normal
1123 // navigation is attempted.
1124 if (prerender_dispatcher_.get() &&
1125 prerender_dispatcher_->IsPrerenderURL(url)) {
1126 *send_referrer = true;
1127 return true;
1128 }
1129
1130 const extensions::ExtensionSet* extensions =
1131 extension_dispatcher_->extensions();
1132
1133 // Determine if the new URL is an extension (excluding bookmark apps).
1134 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
1135 *extensions, url);
1136 bool is_extension_url = !!new_url_extension;
1137
1138 // If the navigation would cross an app extent boundary, we also need
1139 // to defer to the browser to ensure process isolation. This is not necessary
1140 // for server redirects, which will be transferred to a new process by the
1141 // browser process when they are ready to commit. It is necessary for client
1142 // redirects, which won't be transferred in the same way.
1143 if (!is_server_redirect &&
1144 CrossesExtensionExtents(frame, url, *extensions, is_extension_url,
1145 is_initial_navigation)) {
1146 // Include the referrer in this case since we're going from a hosted web
1147 // page. (the packaged case is handled previously by the extension
1148 // navigation test)
1149 *send_referrer = true;
1150
1151 const Extension* extension =
1152 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url);
1153 if (extension && extension->is_app()) {
1154 UMA_HISTOGRAM_ENUMERATION(
1155 extension->is_platform_app() ?
1156 extension_misc::kPlatformAppLaunchHistogram :
1157 extension_misc::kAppLaunchHistogram,
1158 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION,
1159 extension_misc::APP_LAUNCH_BUCKET_BOUNDARY);
1160 }
1161 return true;
1162 }
1163
1164 // If this is a reload, check whether it has the wrong process type. We
1165 // should send it to the browser if it's an extension URL (e.g., hosted app)
1166 // in a normal process, or if it's a process for an extension that has been
1167 // uninstalled.
1168 if (frame->top()->document().url() == url) {
1169 if (is_extension_url != extension_dispatcher_->is_extension_process())
1170 return true;
1171 }
1172
1173 return false;
1174 }
1175
1176 bool ChromeContentRendererClient::WillSendRequest(
1177 blink::WebFrame* frame,
1178 content::PageTransition transition_type,
1179 const GURL& url,
1180 const GURL& first_party_for_cookies,
1181 GURL* new_url) {
1182 // Check whether the request should be allowed. If not allowed, we reset the
1183 // URL to something invalid to prevent the request and cause an error.
1184 if (url.SchemeIs(extensions::kExtensionScheme) &&
1185 !extensions::ResourceRequestPolicy::CanRequestResource(
1186 url,
1187 frame,
1188 transition_type,
1189 extension_dispatcher_->extensions())) {
1190 *new_url = GURL(chrome::kExtensionInvalidRequestURL);
1191 return true;
1192 }
1193
1194 if (url.SchemeIs(extensions::kExtensionResourceScheme) &&
1195 !extensions::ResourceRequestPolicy::CanRequestExtensionResourceScheme(
1196 url,
1197 frame)) {
1198 *new_url = GURL(chrome::kExtensionResourceInvalidRequestURL);
1199 return true;
1200 }
1201
1202 const content::RenderView* render_view =
1203 content::RenderView::FromWebView(frame->view());
1204 SearchBox* search_box = SearchBox::Get(render_view);
1205 if (search_box && url.SchemeIs(chrome::kChromeSearchScheme)) {
1206 if (url.host() == chrome::kChromeUIThumbnailHost)
1207 return search_box->GenerateThumbnailURLFromTransientURL(url, new_url);
1208 else if (url.host() == chrome::kChromeUIFaviconHost)
1209 return search_box->GenerateFaviconURLFromTransientURL(url, new_url);
1210 }
1211
1212 return false;
1213 }
1214
1215 void ChromeContentRendererClient::DidCreateScriptContext(
1216 WebFrame* frame, v8::Handle<v8::Context> context, int extension_group,
1217 int world_id) {
1218 extension_dispatcher_->DidCreateScriptContext(
1219 frame, context, extension_group, world_id);
1220 }
1221
1222 unsigned long long ChromeContentRendererClient::VisitedLinkHash(
1223 const char* canonical_url, size_t length) {
1224 return visited_link_slave_->ComputeURLFingerprint(canonical_url, length);
1225 }
1226
1227 bool ChromeContentRendererClient::IsLinkVisited(unsigned long long link_hash) {
1228 return visited_link_slave_->IsVisited(link_hash);
1229 }
1230
1231 blink::WebPrescientNetworking*
1232 ChromeContentRendererClient::GetPrescientNetworking() {
1233 return prescient_networking_dispatcher_.get();
1234 }
1235
1236 bool ChromeContentRendererClient::ShouldOverridePageVisibilityState(
1237 const content::RenderFrame* render_frame,
1238 blink::WebPageVisibilityState* override_state) {
1239 if (!prerender::PrerenderHelper::IsPrerendering(render_frame))
1240 return false;
1241
1242 *override_state = blink::WebPageVisibilityStatePrerender;
1243 return true;
1244 }
1245
1246 void ChromeContentRendererClient::SetExtensionDispatcher(
1247 extensions::Dispatcher* extension_dispatcher) {
1248 extension_dispatcher_.reset(extension_dispatcher);
1249 permissions_policy_delegate_.reset(
1250 new extensions::RendererPermissionsPolicyDelegate(
1251 extension_dispatcher_.get()));
1252 }
1253
1254 bool ChromeContentRendererClient::CrossesExtensionExtents(
1255 WebFrame* frame,
1256 const GURL& new_url,
1257 const extensions::ExtensionSet& extensions,
1258 bool is_extension_url,
1259 bool is_initial_navigation) {
1260 GURL old_url(frame->top()->document().url());
1261
1262 // If old_url is still empty and this is an initial navigation, then this is
1263 // a window.open operation. We should look at the opener URL.
1264 if (is_initial_navigation && old_url.is_empty() && frame->opener()) {
1265 // If we're about to open a normal web page from a same-origin opener stuck
1266 // in an extension process, we want to keep it in process to allow the
1267 // opener to script it.
1268 WebDocument opener_document = frame->opener()->document();
1269 WebSecurityOrigin opener = frame->opener()->document().securityOrigin();
1270 bool opener_is_extension_url =
1271 !opener.isUnique() && extensions.GetExtensionOrAppByURL(
1272 opener_document.url()) != NULL;
1273 if (!is_extension_url &&
1274 !opener_is_extension_url &&
1275 extension_dispatcher_->is_extension_process() &&
1276 opener.canRequest(WebURL(new_url)))
1277 return false;
1278
1279 // In all other cases, we want to compare against the top frame's URL (as
1280 // opposed to the opener frame's), since that's what determines the type of
1281 // process. This allows iframes outside an app to open a popup in the app.
1282 old_url = frame->top()->opener()->top()->document().url();
1283 }
1284
1285 // Only consider keeping non-app URLs in an app process if this window
1286 // has an opener (in which case it might be an OAuth popup that tries to
1287 // script an iframe within the app).
1288 bool should_consider_workaround = !!frame->opener();
1289
1290 return extensions::CrossesExtensionProcessBoundary(
1291 extensions, old_url, new_url, should_consider_workaround);
1292 }
1293
1294 #if defined(ENABLE_SPELLCHECK)
1295 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) {
1296 RenderThread* thread = RenderThread::Get();
1297 if (spellcheck_.get() && thread)
1298 thread->RemoveObserver(spellcheck_.get());
1299 spellcheck_.reset(spellcheck);
1300 SpellCheckReplacer replacer(spellcheck_.get());
1301 content::RenderView::ForEach(&replacer);
1302 if (thread)
1303 thread->AddObserver(spellcheck_.get());
1304 }
1305 #endif
1306
1307 bool ChromeContentRendererClient::IsAdblockInstalled() {
1308 return g_current_client->extension_dispatcher_->extensions()->Contains(
1309 "gighmmpiobklfepjocnamgkkbiglidom");
1310 }
1311
1312 bool ChromeContentRendererClient::IsAdblockPlusInstalled() {
1313 return g_current_client->extension_dispatcher_->extensions()->Contains(
1314 "cfhdojbkjhnklbpkdaibdccddilifddb");
1315 }
1316
1317 bool ChromeContentRendererClient::IsAdblockWithWebRequestInstalled() {
1318 return g_current_client->extension_dispatcher_->
1319 IsAdblockWithWebRequestInstalled();
1320 }
1321
1322 bool ChromeContentRendererClient::IsAdblockPlusWithWebRequestInstalled() {
1323 return g_current_client->extension_dispatcher_->
1324 IsAdblockPlusWithWebRequestInstalled();
1325 }
1326
1327 bool ChromeContentRendererClient::IsOtherExtensionWithWebRequestInstalled() {
1328 return g_current_client->extension_dispatcher_->
1329 IsOtherExtensionWithWebRequestInstalled();
1330 }
1331
1332 const void* ChromeContentRendererClient::CreatePPAPIInterface(
1333 const std::string& interface_name) {
1334 #if defined(ENABLE_PLUGINS)
1335 #if !defined(DISABLE_NACL)
1336 if (interface_name == PPB_NACL_PRIVATE_INTERFACE)
1337 return nacl::GetNaClPrivateInterface();
1338 #endif // DISABLE_NACL
1339 if (interface_name == PPB_PDF_INTERFACE)
1340 return PPB_PDF_Impl::GetInterface();
1341 #endif
1342 return NULL;
1343 }
1344
1345 bool ChromeContentRendererClient::IsExternalPepperPlugin(
1346 const std::string& module_name) {
1347 // TODO(bbudge) remove this when the trusted NaCl plugin has been removed.
1348 // We must defer certain plugin events for NaCl instances since we switch
1349 // from the in-process to the out-of-process proxy after instantiating them.
1350 return module_name == "Native Client";
1351 }
1352
1353 bool ChromeContentRendererClient::IsExtensionOrSharedModuleWhitelisted(
1354 const GURL& url, const std::set<std::string>& whitelist) {
1355 const extensions::ExtensionSet* extension_set =
1356 g_current_client->extension_dispatcher_->extensions();
1357 return chrome::IsExtensionOrSharedModuleWhitelisted(url, extension_set,
1358 whitelist);
1359 }
1360
1361 blink::WebSpeechSynthesizer*
1362 ChromeContentRendererClient::OverrideSpeechSynthesizer(
1363 blink::WebSpeechSynthesizerClient* client) {
1364 return new TtsDispatcher(client);
1365 }
1366
1367 bool ChromeContentRendererClient::AllowBrowserPlugin(
1368 blink::WebPluginContainer* container) {
1369 if (CommandLine::ForCurrentProcess()->HasSwitch(
1370 switches::kEnableBrowserPluginForAllViewTypes))
1371 return true;
1372
1373 // If this |BrowserPlugin| <object> in the |container| is not inside a
1374 // <webview>/<adview> shadowHost, we disable instantiating this plugin. This
1375 // is to discourage and prevent developers from accidentally attaching
1376 // <object> directly in apps.
1377 //
1378 // Note that this check below does *not* ensure any security, it is still
1379 // possible to bypass this check.
1380 // TODO(lazyboy): http://crbug.com/178663, Ensure we properly disallow
1381 // instantiating BrowserPlugin outside of the <webview>/<adview> shim.
1382 if (container->element().isNull())
1383 return false;
1384
1385 if (container->element().shadowHost().isNull())
1386 return false;
1387
1388 WebString tag_name = container->element().shadowHost().tagName();
1389 return tag_name.equals(WebString::fromUTF8(kWebViewTagName)) ||
1390 tag_name.equals(WebString::fromUTF8(kAdViewTagName));
1391 }
1392
1393 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
1394 const GURL& url) {
1395 #if !defined(OS_ANDROID)
1396 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
1397 // the whitelist in the renderer, since we're only preventing access until
1398 // these APIs are public and stable.
1399 std::string url_host = url.host();
1400 if (url.SchemeIs("https") &&
1401 (EndsWith(url_host, "talkgadget.google.com", false) ||
1402 EndsWith(url_host, "plus.google.com", false) ||
1403 EndsWith(url_host, "plus.sandbox.google.com", false)) &&
1404 StartsWithASCII(url.path(), "/hangouts/", false)) {
1405 return true;
1406 }
1407 // Allow access for tests.
1408 if (CommandLine::ForCurrentProcess()->HasSwitch(
1409 switches::kEnablePepperTesting)) {
1410 return true;
1411 }
1412 #endif // !defined(OS_ANDROID)
1413 return false;
1414 }
1415
1416 void ChromeContentRendererClient::AddKeySystems(
1417 std::vector<content::KeySystemInfo>* key_systems) {
1418 AddChromeKeySystems(key_systems);
1419 }
1420
1421 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(
1422 const base::string16& source) const {
1423 return extensions::IsSourceFromAnExtension(source);
1424 }
1425
1426 bool ChromeContentRendererClient::ShouldEnableSiteIsolationPolicy() const {
1427 // SiteIsolationPolicy is off by default. We would like to activate cross-site
1428 // document blocking (for UMA data collection) for normal renderer processes
1429 // running a normal web page from the Internet. We only turn on
1430 // SiteIsolationPolicy for a renderer process that does not have the extension
1431 // flag on.
1432 CommandLine* command_line = CommandLine::ForCurrentProcess();
1433 return !command_line->HasSwitch(extensions::switches::kExtensionProcess);
1434 }
1435
1436 blink::WebWorkerPermissionClientProxy*
1437 ChromeContentRendererClient::CreateWorkerPermissionClientProxy(
1438 content::RenderFrame* render_frame,
1439 blink::WebFrame* frame) {
1440 return new WorkerPermissionClientProxy(render_frame, frame);
1441 }