search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disable view source for Developer Tools.
[chromium-blink-merge.git] / chrome / renderer / chrome_content_renderer_client.cc
blobe17d630e91af5c13034df0d231b16bf5add6e838
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/renderer/chrome_content_renderer_client.h"
6
7 #include "base/command_line.h"
8 #include "base/debug/crash_logging.h"
9 #include "base/logging.h"
10 #include "base/metrics/histogram.h"
11 #include "base/metrics/user_metrics_action.h"
12 #include "base/path_service.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "base/strings/string_util.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/values.h"
17 #include "chrome/common/chrome_content_client.h"
18 #include "chrome/common/chrome_paths.h"
19 #include "chrome/common/chrome_switches.h"
20 #include "chrome/common/content_settings_pattern.h"
21 #include "chrome/common/crash_keys.h"
22 #include "chrome/common/extensions/chrome_extensions_client.h"
23 #include "chrome/common/extensions/extension_constants.h"
24 #include "chrome/common/extensions/extension_process_policy.h"
25 #include "chrome/common/localized_error.h"
26 #include "chrome/common/pepper_permission_util.h"
27 #include "chrome/common/profile_management_switches.h"
28 #include "chrome/common/render_messages.h"
29 #include "chrome/common/url_constants.h"
30 #include "chrome/renderer/benchmarking_extension.h"
31 #include "chrome/renderer/chrome_render_frame_observer.h"
32 #include "chrome/renderer/chrome_render_process_observer.h"
33 #include "chrome/renderer/chrome_render_view_observer.h"
34 #include "chrome/renderer/content_settings_observer.h"
35 #include "chrome/renderer/extensions/chrome_v8_context.h"
36 #include "chrome/renderer/extensions/chrome_v8_extension.h"
37 #include "chrome/renderer/extensions/dispatcher.h"
38 #include "chrome/renderer/extensions/extension_frame_helper.h"
39 #include "chrome/renderer/extensions/extension_helper.h"
40 #include "chrome/renderer/extensions/renderer_permissions_policy_delegate.h"
41 #include "chrome/renderer/extensions/resource_request_policy.h"
42 #include "chrome/renderer/external_extension.h"
43 #include "chrome/renderer/loadtimes_extension_bindings.h"
44 #include "chrome/renderer/media/chrome_key_systems.h"
45 #include "chrome/renderer/net/net_error_helper.h"
46 #include "chrome/renderer/net/prescient_networking_dispatcher.h"
47 #include "chrome/renderer/net/renderer_net_predictor.h"
48 #include "chrome/renderer/net_benchmarking_extension.h"
49 #include "chrome/renderer/page_load_histograms.h"
50 #include "chrome/renderer/pepper/pepper_helper.h"
51 #include "chrome/renderer/pepper/ppb_pdf_impl.h"
52 #include "chrome/renderer/playback_extension.h"
53 #include "chrome/renderer/plugins/chrome_plugin_placeholder.h"
54 #include "chrome/renderer/plugins/plugin_uma.h"
55 #include "chrome/renderer/prerender/prerender_dispatcher.h"
56 #include "chrome/renderer/prerender/prerender_helper.h"
57 #include "chrome/renderer/prerender/prerender_media_load_deferrer.h"
58 #include "chrome/renderer/prerender/prerenderer_client.h"
59 #include "chrome/renderer/principals_extension_bindings.h"
60 #include "chrome/renderer/printing/print_web_view_helper.h"
61 #include "chrome/renderer/safe_browsing/malware_dom_details.h"
62 #include "chrome/renderer/safe_browsing/phishing_classifier_delegate.h"
63 #include "chrome/renderer/searchbox/search_bouncer.h"
64 #include "chrome/renderer/searchbox/searchbox.h"
65 #include "chrome/renderer/searchbox/searchbox_extension.h"
66 #include "chrome/renderer/tts_dispatcher.h"
67 #include "chrome/renderer/worker_permission_client_proxy.h"
68 #include "components/autofill/content/renderer/autofill_agent.h"
69 #include "components/autofill/content/renderer/password_autofill_agent.h"
70 #include "components/autofill/content/renderer/password_generation_agent.h"
71 #include "components/autofill/core/common/password_generation_util.h"
72 #include "components/nacl/renderer/ppb_nacl_private_impl.h"
73 #include "components/plugins/renderer/mobile_youtube_plugin.h"
74 #include "components/visitedlink/renderer/visitedlink_slave.h"
75 #include "content/public/common/content_constants.h"
76 #include "content/public/renderer/render_frame.h"
77 #include "content/public/renderer/render_thread.h"
78 #include "content/public/renderer/render_view.h"
79 #include "content/public/renderer/render_view_visitor.h"
80 #include "extensions/common/constants.h"
81 #include "extensions/common/extension.h"
82 #include "extensions/common/extension_set.h"
83 #include "extensions/common/extension_urls.h"
84 #include "extensions/common/switches.h"
85 #include "grit/generated_resources.h"
86 #include "grit/locale_settings.h"
87 #include "grit/renderer_resources.h"
88 #include "ipc/ipc_sync_channel.h"
89 #include "net/base/net_errors.h"
90 #include "ppapi/c/private/ppb_nacl_private.h"
91 #include "ppapi/c/private/ppb_pdf.h"
92 #include "ppapi/shared_impl/ppapi_switches.h"
93 #include "third_party/WebKit/public/platform/WebURL.h"
94 #include "third_party/WebKit/public/platform/WebURLError.h"
95 #include "third_party/WebKit/public/platform/WebURLRequest.h"
96 #include "third_party/WebKit/public/web/WebCache.h"
97 #include "third_party/WebKit/public/web/WebDataSource.h"
98 #include "third_party/WebKit/public/web/WebDocument.h"
99 #include "third_party/WebKit/public/web/WebElement.h"
100 #include "third_party/WebKit/public/web/WebFrame.h"
101 #include "third_party/WebKit/public/web/WebPluginContainer.h"
102 #include "third_party/WebKit/public/web/WebPluginParams.h"
103 #include "third_party/WebKit/public/web/WebSecurityOrigin.h"
104 #include "third_party/WebKit/public/web/WebSecurityPolicy.h"
105 #include "ui/base/l10n/l10n_util.h"
106 #include "ui/base/layout.h"
107 #include "ui/base/resource/resource_bundle.h"
108 #include "ui/base/webui/jstemplate_builder.h"
109 #include "widevine_cdm_version.h" // In SHARED_INTERMEDIATE_DIR.
110
111 #if defined(ENABLE_WEBRTC)
112 #include "chrome/renderer/media/webrtc_logging_message_filter.h"
113 #endif
114
115 #if defined(ENABLE_SPELLCHECK)
116 #include "chrome/renderer/spellchecker/spellcheck.h"
117 #include "chrome/renderer/spellchecker/spellcheck_provider.h"
118 #endif
119
120 using autofill::AutofillAgent;
121 using autofill::PasswordAutofillAgent;
122 using autofill::PasswordGenerationAgent;
123 using base::ASCIIToUTF16;
124 using base::UserMetricsAction;
125 using content::RenderThread;
126 using content::WebPluginInfo;
127 using extensions::Extension;
128 using blink::WebCache;
129 using blink::WebConsoleMessage;
130 using blink::WebDataSource;
131 using blink::WebDocument;
132 using blink::WebFrame;
133 using blink::WebPlugin;
134 using blink::WebPluginParams;
135 using blink::WebSecurityOrigin;
136 using blink::WebSecurityPolicy;
137 using blink::WebString;
138 using blink::WebURL;
139 using blink::WebURLError;
140 using blink::WebURLRequest;
141 using blink::WebURLResponse;
142 using blink::WebVector;
143
144 namespace {
145
146 const char kWebViewTagName[] = "WEBVIEW";
147 const char kAdViewTagName[] = "ADVIEW";
148
149 ChromeContentRendererClient* g_current_client;
150
151 static void AppendParams(const std::vector<base::string16>& additional_names,
152 const std::vector<base::string16>& additional_values,
153 WebVector<WebString>* existing_names,
154 WebVector<WebString>* existing_values) {
155 DCHECK(additional_names.size() == additional_values.size());
156 DCHECK(existing_names->size() == existing_values->size());
157
158 size_t existing_size = existing_names->size();
159 size_t total_size = existing_size + additional_names.size();
160
161 WebVector<WebString> names(total_size);
162 WebVector<WebString> values(total_size);
163
164 for (size_t i = 0; i < existing_size; ++i) {
165 names[i] = (*existing_names)[i];
166 values[i] = (*existing_values)[i];
167 }
168
169 for (size_t i = 0; i < additional_names.size(); ++i) {
170 names[existing_size + i] = additional_names[i];
171 values[existing_size + i] = additional_values[i];
172 }
173
174 existing_names->swap(names);
175 existing_values->swap(values);
176 }
177
178 #if defined(ENABLE_SPELLCHECK)
179 class SpellCheckReplacer : public content::RenderViewVisitor {
180 public:
181 explicit SpellCheckReplacer(SpellCheck* spellcheck)
182 : spellcheck_(spellcheck) {}
183 virtual bool Visit(content::RenderView* render_view) OVERRIDE;
184
185 private:
186 SpellCheck* spellcheck_; // New shared spellcheck for all views. Weak Ptr.
187 DISALLOW_COPY_AND_ASSIGN(SpellCheckReplacer);
188 };
189
190 bool SpellCheckReplacer::Visit(content::RenderView* render_view) {
191 SpellCheckProvider* provider = SpellCheckProvider::Get(render_view);
192 DCHECK(provider);
193 provider->set_spellcheck(spellcheck_);
194 return true;
195 }
196 #endif
197
198 // For certain sandboxed Pepper plugins, use the JavaScript Content Settings.
199 bool ShouldUseJavaScriptSettingForPlugin(const WebPluginInfo& plugin) {
200 if (plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_IN_PROCESS &&
201 plugin.type != WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS) {
202 return false;
203 }
204
205 // Treat Native Client invocations like JavaScript.
206 if (plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName))
207 return true;
208
209 #if defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
210 // Treat CDM invocations like JavaScript.
211 if (plugin.name == ASCIIToUTF16(kWidevineCdmDisplayName)) {
212 DCHECK(plugin.type == WebPluginInfo::PLUGIN_TYPE_PEPPER_OUT_OF_PROCESS);
213 return true;
214 }
215 #endif // defined(WIDEVINE_CDM_AVAILABLE) && defined(ENABLE_PEPPER_CDMS)
216
217 return false;
218 }
219
220 } // namespace
221
222 ChromeContentRendererClient::ChromeContentRendererClient() {
223 g_current_client = this;
224 }
225
226 ChromeContentRendererClient::~ChromeContentRendererClient() {
227 g_current_client = NULL;
228 }
229
230 void ChromeContentRendererClient::RenderThreadStarted() {
231 RenderThread* thread = RenderThread::Get();
232
233 chrome_observer_.reset(new ChromeRenderProcessObserver(this));
234 // ChromeRenderViewTest::SetUp() creates its own ExtensionDispatcher and
235 // injects it using SetExtensionDispatcher(). Don't overwrite it.
236 if (!extension_dispatcher_)
237 extension_dispatcher_.reset(new extensions::Dispatcher());
238 permissions_policy_delegate_.reset(
239 new extensions::RendererPermissionsPolicyDelegate(
240 extension_dispatcher_.get()));
241 prescient_networking_dispatcher_.reset(new PrescientNetworkingDispatcher());
242 net_predictor_.reset(new RendererNetPredictor());
243 #if defined(ENABLE_SPELLCHECK)
244 // ChromeRenderViewTest::SetUp() creates a Spellcheck and injects it using
245 // SetSpellcheck(). Don't overwrite it.
246 if (!spellcheck_) {
247 spellcheck_.reset(new SpellCheck());
248 thread->AddObserver(spellcheck_.get());
249 }
250 #endif
251 visited_link_slave_.reset(new visitedlink::VisitedLinkSlave());
252 #if defined(FULL_SAFE_BROWSING)
253 phishing_classifier_.reset(safe_browsing::PhishingClassifierFilter::Create());
254 #endif
255 prerender_dispatcher_.reset(new prerender::PrerenderDispatcher());
256 #if defined(ENABLE_WEBRTC)
257 webrtc_logging_message_filter_ = new WebRtcLoggingMessageFilter(
258 content::RenderThread::Get()->GetIOMessageLoopProxy());
259 #endif
260 search_bouncer_.reset(new SearchBouncer());
261
262 thread->AddObserver(chrome_observer_.get());
263 thread->AddObserver(extension_dispatcher_.get());
264 #if defined(FULL_SAFE_BROWSING)
265 thread->AddObserver(phishing_classifier_.get());
266 #endif
267 thread->AddObserver(visited_link_slave_.get());
268 thread->AddObserver(prerender_dispatcher_.get());
269 thread->AddObserver(search_bouncer_.get());
270
271 #if defined(ENABLE_WEBRTC)
272 thread->AddFilter(webrtc_logging_message_filter_.get());
273 #endif
274
275 thread->RegisterExtension(extensions_v8::ExternalExtension::Get());
276 thread->RegisterExtension(extensions_v8::LoadTimesExtension::Get());
277
278 CommandLine* command_line = CommandLine::ForCurrentProcess();
279 if (command_line->HasSwitch(switches::kEnableBenchmarking))
280 thread->RegisterExtension(extensions_v8::BenchmarkingExtension::Get());
281 if (command_line->HasSwitch(switches::kEnableNetBenchmarking))
282 thread->RegisterExtension(extensions_v8::NetBenchmarkingExtension::Get());
283 if (command_line->HasSwitch(switches::kInstantProcess))
284 thread->RegisterExtension(extensions_v8::SearchBoxExtension::Get());
285
286 if (command_line->HasSwitch(switches::kPlaybackMode) ||
287 command_line->HasSwitch(switches::kRecordMode) ||
288 command_line->HasSwitch(switches::kNoJsRandomness)) {
289 thread->RegisterExtension(extensions_v8::PlaybackExtension::Get());
290 }
291
292 // TODO(guohui): needs to forward the new-profile-management switch to
293 // renderer processes.
294 if (switches::IsNewProfileManagement())
295 thread->RegisterExtension(extensions_v8::PrincipalsExtension::Get());
296
297 // chrome:, chrome-search:, and chrome-devtools: pages should not be
298 // accessible by normal content, and should also be unable to script anything
299 // but themselves (to help limit the damage that a corrupt page could cause).
300 WebString chrome_ui_scheme(ASCIIToUTF16(chrome::kChromeUIScheme));
301 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
302
303 WebString chrome_search_scheme(ASCIIToUTF16(chrome::kChromeSearchScheme));
304 // The Instant process can only display the content but not read it. Other
305 // processes can't display it or read it.
306 if (!command_line->HasSwitch(switches::kInstantProcess))
307 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_search_scheme);
308
309 WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme));
310 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
311
312 #if defined(OS_CHROMEOS)
313 WebString drive_scheme(ASCIIToUTF16(chrome::kDriveScheme));
314 WebSecurityPolicy::registerURLSchemeAsLocal(drive_scheme);
315 #endif
316
317 // chrome: and chrome-search: pages should not be accessible by bookmarklets
318 // or javascript: URLs typed in the omnibox.
319 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
320 chrome_ui_scheme);
321 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
322 chrome_search_scheme);
323
324 // chrome:, chrome-search:, and chrome-extension: resources shouldn't trigger
325 // insecure content warnings.
326 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_ui_scheme);
327 WebSecurityPolicy::registerURLSchemeAsSecure(chrome_search_scheme);
328
329 WebString extension_scheme(ASCIIToUTF16(extensions::kExtensionScheme));
330 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
331
332 // chrome-extension: resources should be allowed to receive CORS requests.
333 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_scheme);
334
335 WebString extension_resource_scheme(
336 ASCIIToUTF16(extensions::kExtensionResourceScheme));
337 WebSecurityPolicy::registerURLSchemeAsSecure(extension_resource_scheme);
338
339 // chrome-extension-resource: resources should be allowed to receive CORS
340 // requests.
341 WebSecurityPolicy::registerURLSchemeAsCORSEnabled(extension_resource_scheme);
342
343 // chrome-extension: resources should bypass Content Security Policy checks
344 // when included in protected resources.
345 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
346 extension_scheme);
347 WebSecurityPolicy::registerURLSchemeAsBypassingContentSecurityPolicy(
348 extension_resource_scheme);
349
350 extensions::ExtensionsClient::Set(
351 extensions::ChromeExtensionsClient::GetInstance());
352 }
353
354 void ChromeContentRendererClient::RenderFrameCreated(
355 content::RenderFrame* render_frame) {
356 new ChromeRenderFrameObserver(render_frame);
357
358 ContentSettingsObserver* content_settings =
359 new ContentSettingsObserver(render_frame, extension_dispatcher_.get());
360 if (chrome_observer_.get()) {
361 content_settings->SetContentSettingRules(
362 chrome_observer_->content_setting_rules());
363 }
364
365 new extensions::ExtensionFrameHelper(render_frame);
366
367 #if defined(ENABLE_PLUGINS)
368 new PepperHelper(render_frame);
369 #endif
370
371 // TODO(jam): when a RenderFrame is per WebFrame, this can be simplified by
372 // getting a RenderFrame's WebFrame and calling its parent() method.
373 if (render_frame->GetRenderView()->GetMainRenderFrame() != render_frame) {
374 // Avoid any race conditions from having the browser tell subframes that
375 // they're prerendering.
376 if (prerender::PrerenderHelper::IsPrerendering(
377 render_frame->GetRenderView()->GetMainRenderFrame())) {
378 new prerender::PrerenderHelper(render_frame);
379 }
380 }
381 }
382
383 void ChromeContentRendererClient::RenderViewCreated(
384 content::RenderView* render_view) {
385 new extensions::ExtensionHelper(render_view, extension_dispatcher_.get());
386 new PageLoadHistograms(render_view);
387 #if defined(ENABLE_PRINTING)
388 new printing::PrintWebViewHelper(render_view);
389 #endif
390 #if defined(ENABLE_SPELLCHECK)
391 new SpellCheckProvider(render_view, spellcheck_.get());
392 #endif
393 new prerender::PrerendererClient(render_view);
394 #if defined(FULL_SAFE_BROWSING)
395 safe_browsing::MalwareDOMDetails::Create(render_view);
396 #endif
397
398 PasswordAutofillAgent* password_autofill_agent =
399 new PasswordAutofillAgent(render_view);
400 new AutofillAgent(render_view, password_autofill_agent);
401
402 CommandLine* command_line = CommandLine::ForCurrentProcess();
403 if (autofill::password_generation::IsPasswordGenerationEnabled())
404 new PasswordGenerationAgent(render_view);
405 if (command_line->HasSwitch(switches::kInstantProcess))
406 new SearchBox(render_view);
407
408 new ChromeRenderViewObserver(render_view, chrome_observer_.get());
409
410 new NetErrorHelper(render_view);
411 }
412
413 void ChromeContentRendererClient::SetNumberOfViews(int number_of_views) {
414 base::debug::SetCrashKeyValue(crash_keys::kNumberOfViews,
415 base::IntToString(number_of_views));
416 }
417
418 SkBitmap* ChromeContentRendererClient::GetSadPluginBitmap() {
419 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
420 GetImageNamed(IDR_SAD_PLUGIN).ToSkBitmap());
421 }
422
423 SkBitmap* ChromeContentRendererClient::GetSadWebViewBitmap() {
424 return const_cast<SkBitmap*>(ResourceBundle::GetSharedInstance().
425 GetImageNamed(IDR_SAD_WEBVIEW).ToSkBitmap());
426 }
427
428 std::string ChromeContentRendererClient::GetDefaultEncoding() {
429 return l10n_util::GetStringUTF8(IDS_DEFAULT_ENCODING);
430 }
431
432 const Extension* ChromeContentRendererClient::GetExtensionByOrigin(
433 const WebSecurityOrigin& origin) const {
434 if (!EqualsASCII(origin.protocol(), extensions::kExtensionScheme))
435 return NULL;
436
437 const std::string extension_id = origin.host().utf8().data();
438 return extension_dispatcher_->extensions()->GetByID(extension_id);
439 }
440
441 bool ChromeContentRendererClient::OverrideCreatePlugin(
442 content::RenderFrame* render_frame,
443 WebFrame* frame,
444 const WebPluginParams& params,
445 WebPlugin** plugin) {
446 std::string orig_mime_type = params.mimeType.utf8();
447 if (orig_mime_type == content::kBrowserPluginMimeType) {
448 if (CommandLine::ForCurrentProcess()->HasSwitch(
449 switches::kEnableBrowserPluginForAllViewTypes))
450 return false;
451 WebDocument document = frame->document();
452 const Extension* extension =
453 GetExtensionByOrigin(document.securityOrigin());
454 if (extension) {
455 const extensions::APIPermission::ID perms[] = {
456 extensions::APIPermission::kWebView,
457 extensions::APIPermission::kAdView
458 };
459 for (size_t i = 0; i < arraysize(perms); ++i) {
460 if (extension->HasAPIPermission(perms[i]))
461 return false;
462 }
463 }
464 }
465
466 ChromeViewHostMsg_GetPluginInfo_Output output;
467 #if defined(ENABLE_PLUGINS)
468 render_frame->Send(new ChromeViewHostMsg_GetPluginInfo(
469 render_frame->GetRoutingID(), GURL(params.url),
470 frame->top()->document().url(), orig_mime_type, &output));
471 #else
472 output.status.value = ChromeViewHostMsg_GetPluginInfo_Status::kNotFound;
473 #endif
474 *plugin = CreatePlugin(render_frame, frame, params, output);
475 return true;
476 }
477
478 WebPlugin* ChromeContentRendererClient::CreatePluginReplacement(
479 content::RenderFrame* render_frame,
480 const base::FilePath& plugin_path) {
481 ChromePluginPlaceholder* placeholder =
482 ChromePluginPlaceholder::CreateErrorPlugin(render_frame, plugin_path);
483 return placeholder->plugin();
484 }
485
486 void ChromeContentRendererClient::DeferMediaLoad(
487 content::RenderFrame* render_frame,
488 const base::Closure& closure) {
489 #if defined(OS_ANDROID)
490 // Chromium for Android doesn't support prerender yet.
491 closure.Run();
492 return;
493 #else
494 if (!prerender::PrerenderHelper::IsPrerendering(render_frame)) {
495 closure.Run();
496 return;
497 }
498
499 // Lifetime is tied to |render_frame| via content::RenderFrameObserver.
500 new prerender::PrerenderMediaLoadDeferrer(render_frame, closure);
501 #endif
502 }
503
504 WebPlugin* ChromeContentRendererClient::CreatePlugin(
505 content::RenderFrame* render_frame,
506 WebFrame* frame,
507 const WebPluginParams& original_params,
508 const ChromeViewHostMsg_GetPluginInfo_Output& output) {
509 const ChromeViewHostMsg_GetPluginInfo_Status& status = output.status;
510 const WebPluginInfo& plugin = output.plugin;
511 const std::string& actual_mime_type = output.actual_mime_type;
512 const base::string16& group_name = output.group_name;
513 const std::string& identifier = output.group_identifier;
514 ChromeViewHostMsg_GetPluginInfo_Status::Value status_value = status.value;
515 GURL url(original_params.url);
516 std::string orig_mime_type = original_params.mimeType.utf8();
517 ChromePluginPlaceholder* placeholder = NULL;
518
519 // If the browser plugin is to be enabled, this should be handled by the
520 // renderer, so the code won't reach here due to the early exit in
521 // OverrideCreatePlugin.
522 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kNotFound ||
523 orig_mime_type == content::kBrowserPluginMimeType) {
524 #if defined(OS_ANDROID)
525 if (plugins::MobileYouTubePlugin::IsYouTubeURL(url, orig_mime_type)) {
526 base::StringPiece template_html(
527 ResourceBundle::GetSharedInstance().GetRawDataResource(
528 IDR_MOBILE_YOUTUBE_PLUGIN_HTML));
529 return (new plugins::MobileYouTubePlugin(
530 render_frame,
531 frame,
532 original_params,
533 template_html,
534 GURL(ChromePluginPlaceholder::kPluginPlaceholderDataURL)))
535 ->plugin();
536 }
537 #endif
538 PluginUMAReporter::GetInstance()->ReportPluginMissing(orig_mime_type, url);
539 placeholder = ChromePluginPlaceholder::CreateMissingPlugin(
540 render_frame, frame, original_params);
541 } else {
542 // TODO(bauerb): This should be in content/.
543 WebPluginParams params(original_params);
544 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
545 if (plugin.mime_types[i].mime_type == actual_mime_type) {
546 AppendParams(plugin.mime_types[i].additional_param_names,
547 plugin.mime_types[i].additional_param_values,
548 &params.attributeNames,
549 &params.attributeValues);
550 break;
551 }
552 }
553 if (params.mimeType.isNull() && (actual_mime_type.size() > 0)) {
554 // Webkit might say that mime type is null while we already know the
555 // actual mime type via ChromeViewHostMsg_GetPluginInfo. In that case
556 // we should use what we know since WebpluginDelegateProxy does some
557 // specific initializations based on this information.
558 params.mimeType = WebString::fromUTF8(actual_mime_type.c_str());
559 }
560
561 ContentSettingsObserver* observer =
562 ContentSettingsObserver::Get(render_frame);
563
564 const ContentSettingsType content_type =
565 ShouldUseJavaScriptSettingForPlugin(plugin) ?
566 CONTENT_SETTINGS_TYPE_JAVASCRIPT :
567 CONTENT_SETTINGS_TYPE_PLUGINS;
568
569 if ((status_value ==
570 ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized ||
571 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay ||
572 status_value == ChromeViewHostMsg_GetPluginInfo_Status::kBlocked) &&
573 observer->IsPluginTemporarilyAllowed(identifier)) {
574 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
575 }
576
577 // Allow full-page plug-ins for click-to-play.
578 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay &&
579 !frame->parent() &&
580 !frame->opener() &&
581 frame->document().isPluginDocument()) {
582 status_value = ChromeViewHostMsg_GetPluginInfo_Status::kAllowed;
583 }
584
585 #if defined(USE_AURA) && defined(OS_WIN)
586 // In Aura for Windows we need to check if we can load NPAPI plugins.
587 // For example, if the render view is in the Ash desktop, we should not.
588 if (status_value == ChromeViewHostMsg_GetPluginInfo_Status::kAllowed &&
589 plugin.type == content::WebPluginInfo::PLUGIN_TYPE_NPAPI) {
590 if (observer->AreNPAPIPluginsBlocked())
591 status_value =
592 ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported;
593 }
594 #endif
595
596 switch (status_value) {
597 case ChromeViewHostMsg_GetPluginInfo_Status::kNotFound: {
598 NOTREACHED();
599 break;
600 }
601 case ChromeViewHostMsg_GetPluginInfo_Status::kAllowed: {
602 const bool is_nacl_plugin =
603 plugin.name == ASCIIToUTF16(ChromeContentClient::kNaClPluginName);
604 const bool is_nacl_mime_type =
605 actual_mime_type == "application/x-nacl";
606 const bool is_pnacl_mime_type =
607 actual_mime_type == "application/x-pnacl";
608 if (is_nacl_plugin || is_nacl_mime_type || is_pnacl_mime_type) {
609 bool is_nacl_unrestricted = false;
610 if (is_nacl_mime_type) {
611 is_nacl_unrestricted =
612 CommandLine::ForCurrentProcess()->HasSwitch(
613 switches::kEnableNaCl);
614 } else if (is_pnacl_mime_type) {
615 is_nacl_unrestricted =
616 !CommandLine::ForCurrentProcess()->HasSwitch(
617 switches::kDisablePnacl);
618 }
619 GURL manifest_url;
620 GURL app_url;
621 if (is_nacl_mime_type || is_pnacl_mime_type) {
622 // Normal NaCl/PNaCl embed. The app URL is the page URL.
623 manifest_url = url;
624 app_url = frame->top()->document().url();
625 } else {
626 // NaCl is being invoked as a content handler. Look up the NaCl
627 // module using the MIME type. The app URL is the manifest URL.
628 manifest_url = GetNaClContentHandlerURL(actual_mime_type, plugin);
629 app_url = manifest_url;
630 }
631 const Extension* extension =
632 g_current_client->extension_dispatcher_->extensions()->
633 GetExtensionOrAppByURL(manifest_url);
634 if (!IsNaClAllowed(manifest_url,
635 app_url,
636 is_nacl_unrestricted,
637 extension,
638 &params)) {
639 WebString error_message;
640 if (is_nacl_mime_type) {
641 error_message =
642 "Only unpacked extensions and apps installed from the Chrome "
643 "Web Store can load NaCl modules without enabling Native "
644 "Client in about:flags.";
645 } else if (is_pnacl_mime_type) {
646 error_message =
647 "Portable Native Client must not be disabled in about:flags.";
648 }
649 frame->addMessageToConsole(
650 WebConsoleMessage(WebConsoleMessage::LevelError,
651 error_message));
652 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
653 render_frame,
654 frame,
655 params,
656 plugin,
657 identifier,
658 group_name,
659 IDR_BLOCKED_PLUGIN_HTML,
660 #if defined(OS_CHROMEOS)
661 l10n_util::GetStringUTF16(IDS_NACL_PLUGIN_BLOCKED));
662 #else
663 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
664 #endif
665 break;
666 }
667 }
668
669 // Delay loading plugins if prerendering.
670 // TODO(mmenke): In the case of prerendering, feed into
671 // ChromeContentRendererClient::CreatePlugin instead, to
672 // reduce the chance of future regressions.
673 if (prerender::PrerenderHelper::IsPrerendering(render_frame)) {
674 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
675 render_frame,
676 frame,
677 params,
678 plugin,
679 identifier,
680 group_name,
681 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
682 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
683 placeholder->set_blocked_for_prerendering(true);
684 placeholder->set_allow_loading(true);
685 break;
686 }
687
688 return render_frame->CreatePlugin(frame, plugin, params);
689 }
690 case ChromeViewHostMsg_GetPluginInfo_Status::kNPAPINotSupported: {
691 RenderThread::Get()->RecordAction(
692 UserMetricsAction("Plugin_NPAPINotSupported"));
693 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
694 render_frame,
695 frame,
696 params,
697 plugin,
698 identifier,
699 group_name,
700 IDR_BLOCKED_PLUGIN_HTML,
701 l10n_util::GetStringUTF16(IDS_PLUGIN_NOT_SUPPORTED_METRO));
702 render_frame->Send(new ChromeViewHostMsg_NPAPINotSupported(
703 render_frame->GetRoutingID(), identifier));
704 break;
705 }
706 case ChromeViewHostMsg_GetPluginInfo_Status::kDisabled: {
707 PluginUMAReporter::GetInstance()->ReportPluginDisabled(orig_mime_type,
708 url);
709 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
710 render_frame,
711 frame,
712 params,
713 plugin,
714 identifier,
715 group_name,
716 IDR_DISABLED_PLUGIN_HTML,
717 l10n_util::GetStringFUTF16(IDS_PLUGIN_DISABLED, group_name));
718 break;
719 }
720 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedBlocked: {
721 #if defined(ENABLE_PLUGIN_INSTALLATION)
722 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
723 render_frame,
724 frame,
725 params,
726 plugin,
727 identifier,
728 group_name,
729 IDR_BLOCKED_PLUGIN_HTML,
730 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
731 placeholder->set_allow_loading(true);
732 render_frame->Send(new ChromeViewHostMsg_BlockedOutdatedPlugin(
733 render_frame->GetRoutingID(), placeholder->CreateRoutingId(),
734 identifier));
735 #else
736 NOTREACHED();
737 #endif
738 break;
739 }
740 case ChromeViewHostMsg_GetPluginInfo_Status::kOutdatedDisallowed: {
741 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
742 render_frame,
743 frame,
744 params,
745 plugin,
746 identifier,
747 group_name,
748 IDR_BLOCKED_PLUGIN_HTML,
749 l10n_util::GetStringFUTF16(IDS_PLUGIN_OUTDATED, group_name));
750 break;
751 }
752 case ChromeViewHostMsg_GetPluginInfo_Status::kUnauthorized: {
753 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
754 render_frame,
755 frame,
756 params,
757 plugin,
758 identifier,
759 group_name,
760 IDR_BLOCKED_PLUGIN_HTML,
761 l10n_util::GetStringFUTF16(IDS_PLUGIN_NOT_AUTHORIZED, group_name));
762 placeholder->set_allow_loading(true);
763 render_frame->Send(new ChromeViewHostMsg_BlockedUnauthorizedPlugin(
764 render_frame->GetRoutingID(),
765 group_name,
766 identifier));
767 break;
768 }
769 case ChromeViewHostMsg_GetPluginInfo_Status::kClickToPlay: {
770 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
771 render_frame,
772 frame,
773 params,
774 plugin,
775 identifier,
776 group_name,
777 IDR_CLICK_TO_PLAY_PLUGIN_HTML,
778 l10n_util::GetStringFUTF16(IDS_PLUGIN_LOAD, group_name));
779 placeholder->set_allow_loading(true);
780 RenderThread::Get()->RecordAction(
781 UserMetricsAction("Plugin_ClickToPlay"));
782 observer->DidBlockContentType(content_type);
783 break;
784 }
785 case ChromeViewHostMsg_GetPluginInfo_Status::kBlocked: {
786 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
787 render_frame,
788 frame,
789 params,
790 plugin,
791 identifier,
792 group_name,
793 IDR_BLOCKED_PLUGIN_HTML,
794 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
795 placeholder->set_allow_loading(true);
796 RenderThread::Get()->RecordAction(UserMetricsAction("Plugin_Blocked"));
797 observer->DidBlockContentType(content_type);
798 break;
799 }
800 case ChromeViewHostMsg_GetPluginInfo_Status::kBlockedByPolicy: {
801 placeholder = ChromePluginPlaceholder::CreateBlockedPlugin(
802 render_frame,
803 frame,
804 params,
805 plugin,
806 identifier,
807 group_name,
808 IDR_BLOCKED_PLUGIN_HTML,
809 l10n_util::GetStringFUTF16(IDS_PLUGIN_BLOCKED, group_name));
810 placeholder->set_allow_loading(false);
811 RenderThread::Get()->RecordAction(
812 UserMetricsAction("Plugin_BlockedByPolicy"));
813 observer->DidBlockContentType(content_type);
814 break;
815 }
816 }
817 }
818 placeholder->SetStatus(status);
819 return placeholder->plugin();
820 }
821
822 // For NaCl content handling plugins, the NaCl manifest is stored in an
823 // additonal 'nacl' param associated with the MIME type.
824 // static
825 GURL ChromeContentRendererClient::GetNaClContentHandlerURL(
826 const std::string& actual_mime_type,
827 const content::WebPluginInfo& plugin) {
828 // Look for the manifest URL among the MIME type's additonal parameters.
829 const char* kNaClPluginManifestAttribute = "nacl";
830 base::string16 nacl_attr = ASCIIToUTF16(kNaClPluginManifestAttribute);
831 for (size_t i = 0; i < plugin.mime_types.size(); ++i) {
832 if (plugin.mime_types[i].mime_type == actual_mime_type) {
833 const content::WebPluginMimeType& content_type = plugin.mime_types[i];
834 for (size_t i = 0; i < content_type.additional_param_names.size(); ++i) {
835 if (content_type.additional_param_names[i] == nacl_attr)
836 return GURL(content_type.additional_param_values[i]);
837 }
838 break;
839 }
840 }
841 return GURL();
842 }
843
844 // static
845 bool ChromeContentRendererClient::IsNaClAllowed(
846 const GURL& manifest_url,
847 const GURL& app_url,
848 bool is_nacl_unrestricted,
849 const Extension* extension,
850 WebPluginParams* params) {
851 // Temporarily allow these whitelisted apps and WebUIs to use NaCl.
852 std::string app_url_host = app_url.host();
853 std::string manifest_url_path = manifest_url.path();
854
855 bool is_whitelisted_web_ui =
856 app_url.spec() == chrome::kChromeUIAppListStartPageURL;
857
858 bool is_photo_app =
859 // Whitelisted apps must be served over https.
860 app_url.SchemeIs("https") &&
861 manifest_url.SchemeIs("https") &&
862 (EndsWith(app_url_host, "plus.google.com", false) ||
863 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
864 manifest_url.DomainIs("ssl.gstatic.com") &&
865 (manifest_url_path.find("s2/oz/nacl/") == 1 ||
866 manifest_url_path.find("photos/nacl/") == 1);
867
868 std::string manifest_fs_host;
869 if (manifest_url.SchemeIsFileSystem() && manifest_url.inner_url()) {
870 manifest_fs_host = manifest_url.inner_url()->host();
871 }
872 bool is_hangouts_app =
873 // Whitelisted apps must be served over secure scheme.
874 app_url.SchemeIs("https") &&
875 manifest_url.SchemeIsSecure() &&
876 manifest_url.SchemeIsFileSystem() &&
877 (EndsWith(app_url_host, "talkgadget.google.com", false) ||
878 EndsWith(app_url_host, "plus.google.com", false) ||
879 EndsWith(app_url_host, "plus.sandbox.google.com", false)) &&
880 // The manifest must be loaded from the host's FileSystem.
881 (manifest_fs_host == app_url_host);
882
883 bool is_whitelisted_app = is_photo_app || is_hangouts_app;
884
885 bool is_extension_from_webstore = extension &&
886 extension->from_webstore();
887
888 bool is_invoked_by_hosted_app = extension &&
889 extension->is_hosted_app() &&
890 extension->web_extent().MatchesURL(app_url);
891
892 // Allow built-in extensions and extensions under development.
893 bool is_extension_unrestricted = extension &&
894 (extension->location() == extensions::Manifest::COMPONENT ||
895 extensions::Manifest::IsUnpackedLocation(extension->location()));
896
897 bool is_invoked_by_extension = app_url.SchemeIs("chrome-extension");
898
899 // The NaCl PDF viewer is always allowed and can use 'Dev' interfaces.
900 bool is_nacl_pdf_viewer =
901 (is_extension_from_webstore &&
902 manifest_url.SchemeIs("chrome-extension") &&
903 manifest_url.host() == "acadkphlmlegjaadjagenfimbpphcgnh");
904
905 // Allow Chrome Web Store extensions, built-in extensions and extensions
906 // under development if the invocation comes from a URL with an extension
907 // scheme. Also allow invocations if they are from whitelisted URLs or
908 // if --enable-nacl is set.
909 bool is_nacl_allowed = is_nacl_unrestricted ||
910 is_whitelisted_web_ui ||
911 is_whitelisted_app ||
912 is_nacl_pdf_viewer ||
913 is_invoked_by_hosted_app ||
914 (is_invoked_by_extension &&
915 (is_extension_from_webstore ||
916 is_extension_unrestricted));
917 if (is_nacl_allowed) {
918 bool app_can_use_dev_interfaces = is_nacl_pdf_viewer;
919 // Make sure that PPAPI 'dev' interfaces aren't available for production
920 // apps unless they're whitelisted.
921 WebString dev_attribute = WebString::fromUTF8("@dev");
922 if ((!is_whitelisted_app && !is_extension_from_webstore) ||
923 app_can_use_dev_interfaces) {
924 // Add the special '@dev' attribute.
925 std::vector<base::string16> param_names;
926 std::vector<base::string16> param_values;
927 param_names.push_back(dev_attribute);
928 param_values.push_back(WebString());
929 AppendParams(
930 param_names,
931 param_values,
932 &params->attributeNames,
933 &params->attributeValues);
934 } else {
935 // If the params somehow contain '@dev', remove it.
936 size_t attribute_count = params->attributeNames.size();
937 for (size_t i = 0; i < attribute_count; ++i) {
938 if (params->attributeNames[i].equals(dev_attribute))
939 params->attributeNames[i] = WebString();
940 }
941 }
942 }
943 return is_nacl_allowed;
944 }
945
946 bool ChromeContentRendererClient::HasErrorPage(int http_status_code,
947 std::string* error_domain) {
948 // Use an internal error page, if we have one for the status code.
949 if (!LocalizedError::HasStrings(LocalizedError::kHttpErrorDomain,
950 http_status_code)) {
951 return false;
952 }
953
954 *error_domain = LocalizedError::kHttpErrorDomain;
955 return true;
956 }
957
958 bool ChromeContentRendererClient::ShouldSuppressErrorPage(
959 content::RenderFrame* render_frame,
960 const GURL& url) {
961 // Do not flash an error page if the Instant new tab page fails to load.
962 return search_bouncer_.get() && search_bouncer_->IsNewTabPage(url);
963 }
964
965 void ChromeContentRendererClient::GetNavigationErrorStrings(
966 content::RenderView* render_view,
967 blink::WebFrame* frame,
968 const blink::WebURLRequest& failed_request,
969 const blink::WebURLError& error,
970 std::string* error_html,
971 base::string16* error_description) {
972 const GURL failed_url = error.unreachableURL;
973 const Extension* extension = NULL;
974
975 if (failed_url.is_valid() &&
976 !failed_url.SchemeIs(extensions::kExtensionScheme)) {
977 extension = extension_dispatcher_->extensions()->GetExtensionOrAppByURL(
978 failed_url);
979 }
980
981 bool is_post = EqualsASCII(failed_request.httpMethod(), "POST");
982
983 if (error_html) {
984 // Use a local error page.
985 if (extension && !extension->from_bookmark()) {
986 // TODO(erikkay): Should we use a different template for different
987 // error messages?
988 int resource_id = IDR_ERROR_APP_HTML;
989 const base::StringPiece template_html(
990 ResourceBundle::GetSharedInstance().GetRawDataResource(
991 resource_id));
992 if (template_html.empty()) {
993 NOTREACHED() << "unable to load template. ID: " << resource_id;
994 } else {
995 base::DictionaryValue error_strings;
996 LocalizedError::GetAppErrorStrings(failed_url, extension,
997 &error_strings);
998 // "t" is the id of the template's root node.
999 *error_html = webui::GetTemplatesHtml(template_html, &error_strings,
1000 "t");
1001 }
1002 } else {
1003 NetErrorHelper* helper = NetErrorHelper::Get(render_view);
1004 helper->GetErrorHTML(frame, error, is_post, error_html);
1005 }
1006 }
1007
1008 if (error_description) {
1009 if (!extension)
1010 *error_description = LocalizedError::GetErrorDetails(error, is_post);
1011 }
1012 }
1013
1014 bool ChromeContentRendererClient::RunIdleHandlerWhenWidgetsHidden() {
1015 return !extension_dispatcher_->is_extension_process();
1016 }
1017
1018 bool ChromeContentRendererClient::AllowPopup() {
1019 extensions::ChromeV8Context* current_context =
1020 extension_dispatcher_->v8_context_set().GetCurrent();
1021 if (!current_context || !current_context->extension())
1022 return false;
1023 // See http://crbug.com/117446 for the subtlety of this check.
1024 switch (current_context->context_type()) {
1025 case extensions::Feature::UNSPECIFIED_CONTEXT:
1026 case extensions::Feature::WEB_PAGE_CONTEXT:
1027 case extensions::Feature::UNBLESSED_EXTENSION_CONTEXT:
1028 return false;
1029 case extensions::Feature::BLESSED_EXTENSION_CONTEXT:
1030 case extensions::Feature::CONTENT_SCRIPT_CONTEXT:
1031 return true;
1032 case extensions::Feature::BLESSED_WEB_PAGE_CONTEXT:
1033 return !current_context->web_frame()->parent();
1034 }
1035 NOTREACHED();
1036 return false;
1037 }
1038
1039 bool ChromeContentRendererClient::ShouldFork(WebFrame* frame,
1040 const GURL& url,
1041 const std::string& http_method,
1042 bool is_initial_navigation,
1043 bool is_server_redirect,
1044 bool* send_referrer) {
1045 DCHECK(!frame->parent());
1046
1047 // If this is the Instant process, fork all navigations originating from the
1048 // renderer. The destination page will then be bucketed back to this Instant
1049 // process if it is an Instant url, or to another process if not. Conversely,
1050 // fork if this is a non-Instant process navigating to an Instant url, so that
1051 // such navigations can also be bucketed into an Instant renderer.
1052 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kInstantProcess) ||
1053 (search_bouncer_.get() && search_bouncer_->ShouldFork(url))) {
1054 *send_referrer = true;
1055 return true;
1056 }
1057
1058 // For now, we skip the rest for POST submissions. This is because
1059 // http://crbug.com/101395 is more likely to cause compatibility issues
1060 // with hosted apps and extensions than WebUI pages. We will remove this
1061 // check when cross-process POST submissions are supported.
1062 if (http_method != "GET")
1063 return false;
1064
1065 // If this is the Signin process, fork all navigations originating from the
1066 // renderer. The destination page will then be bucketed back to this Signin
1067 // process if it is a Signin url, or to another process if not.
1068 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSigninProcess)) {
1069 // We never want to allow non-signin pages to fork-on-POST to a
1070 // signin-related action URL. We'll need to handle this carefully once
1071 // http://crbug.com/101395 is fixed. The CHECK ensures we don't forget.
1072 CHECK_NE(http_method, "POST");
1073 return true;
1074 }
1075
1076 // If |url| matches one of the prerendered URLs, stop this navigation and try
1077 // to swap in the prerendered page on the browser process. If the prerendered
1078 // page no longer exists by the time the OpenURL IPC is handled, a normal
1079 // navigation is attempted.
1080 if (prerender_dispatcher_.get() &&
1081 prerender_dispatcher_->IsPrerenderURL(url)) {
1082 *send_referrer = true;
1083 return true;
1084 }
1085
1086 const extensions::ExtensionSet* extensions =
1087 extension_dispatcher_->extensions();
1088
1089 // Determine if the new URL is an extension (excluding bookmark apps).
1090 const Extension* new_url_extension = extensions::GetNonBookmarkAppExtension(
1091 *extensions, url);
1092 bool is_extension_url = !!new_url_extension;
1093
1094 // If the navigation would cross an app extent boundary, we also need
1095 // to defer to the browser to ensure process isolation. This is not necessary
1096 // for server redirects, which will be transferred to a new process by the
1097 // browser process when they are ready to commit. It is necessary for client
1098 // redirects, which won't be transferred in the same way.
1099 if (!is_server_redirect &&
1100 CrossesExtensionExtents(frame, url, *extensions, is_extension_url,
1101 is_initial_navigation)) {
1102 // Include the referrer in this case since we're going from a hosted web
1103 // page. (the packaged case is handled previously by the extension
1104 // navigation test)
1105 *send_referrer = true;
1106
1107 const Extension* extension =
1108 extension_dispatcher_->extensions()->GetExtensionOrAppByURL(url);
1109 if (extension && extension->is_app()) {
1110 UMA_HISTOGRAM_ENUMERATION(
1111 extension->is_platform_app() ?
1112 extension_misc::kPlatformAppLaunchHistogram :
1113 extension_misc::kAppLaunchHistogram,
1114 extension_misc::APP_LAUNCH_CONTENT_NAVIGATION,
1115 extension_misc::APP_LAUNCH_BUCKET_BOUNDARY);
1116 }
1117 return true;
1118 }
1119
1120 // If this is a reload, check whether it has the wrong process type. We
1121 // should send it to the browser if it's an extension URL (e.g., hosted app)
1122 // in a normal process, or if it's a process for an extension that has been
1123 // uninstalled.
1124 if (frame->top()->document().url() == url) {
1125 if (is_extension_url != extension_dispatcher_->is_extension_process())
1126 return true;
1127 }
1128
1129 return false;
1130 }
1131
1132 bool ChromeContentRendererClient::WillSendRequest(
1133 blink::WebFrame* frame,
1134 content::PageTransition transition_type,
1135 const GURL& url,
1136 const GURL& first_party_for_cookies,
1137 GURL* new_url) {
1138 // Check whether the request should be allowed. If not allowed, we reset the
1139 // URL to something invalid to prevent the request and cause an error.
1140 if (url.SchemeIs(extensions::kExtensionScheme) &&
1141 !extensions::ResourceRequestPolicy::CanRequestResource(
1142 url,
1143 frame,
1144 transition_type,
1145 extension_dispatcher_->extensions())) {
1146 *new_url = GURL(chrome::kExtensionInvalidRequestURL);
1147 return true;
1148 }
1149
1150 if (url.SchemeIs(extensions::kExtensionResourceScheme) &&
1151 !extensions::ResourceRequestPolicy::CanRequestExtensionResourceScheme(
1152 url,
1153 frame)) {
1154 *new_url = GURL(chrome::kExtensionResourceInvalidRequestURL);
1155 return true;
1156 }
1157
1158 const content::RenderView* render_view =
1159 content::RenderView::FromWebView(frame->view());
1160 SearchBox* search_box = SearchBox::Get(render_view);
1161 if (search_box && url.SchemeIs(chrome::kChromeSearchScheme)) {
1162 if (url.host() == chrome::kChromeUIThumbnailHost)
1163 return search_box->GenerateThumbnailURLFromTransientURL(url, new_url);
1164 else if (url.host() == chrome::kChromeUIFaviconHost)
1165 return search_box->GenerateFaviconURLFromTransientURL(url, new_url);
1166 }
1167
1168 return false;
1169 }
1170
1171 void ChromeContentRendererClient::DidCreateScriptContext(
1172 WebFrame* frame, v8::Handle<v8::Context> context, int extension_group,
1173 int world_id) {
1174 extension_dispatcher_->DidCreateScriptContext(
1175 frame, context, extension_group, world_id);
1176 }
1177
1178 void ChromeContentRendererClient::WillReleaseScriptContext(
1179 WebFrame* frame, v8::Handle<v8::Context> context, int world_id) {
1180 extension_dispatcher_->WillReleaseScriptContext(frame, context, world_id);
1181 }
1182
1183 unsigned long long ChromeContentRendererClient::VisitedLinkHash(
1184 const char* canonical_url, size_t length) {
1185 return visited_link_slave_->ComputeURLFingerprint(canonical_url, length);
1186 }
1187
1188 bool ChromeContentRendererClient::IsLinkVisited(unsigned long long link_hash) {
1189 return visited_link_slave_->IsVisited(link_hash);
1190 }
1191
1192 blink::WebPrescientNetworking*
1193 ChromeContentRendererClient::GetPrescientNetworking() {
1194 return prescient_networking_dispatcher_.get();
1195 }
1196
1197 bool ChromeContentRendererClient::ShouldOverridePageVisibilityState(
1198 const content::RenderFrame* render_frame,
1199 blink::WebPageVisibilityState* override_state) {
1200 if (!prerender::PrerenderHelper::IsPrerendering(render_frame))
1201 return false;
1202
1203 *override_state = blink::WebPageVisibilityStatePrerender;
1204 return true;
1205 }
1206
1207 void ChromeContentRendererClient::SetExtensionDispatcher(
1208 extensions::Dispatcher* extension_dispatcher) {
1209 extension_dispatcher_.reset(extension_dispatcher);
1210 permissions_policy_delegate_.reset(
1211 new extensions::RendererPermissionsPolicyDelegate(
1212 extension_dispatcher_.get()));
1213 }
1214
1215 bool ChromeContentRendererClient::CrossesExtensionExtents(
1216 WebFrame* frame,
1217 const GURL& new_url,
1218 const extensions::ExtensionSet& extensions,
1219 bool is_extension_url,
1220 bool is_initial_navigation) {
1221 GURL old_url(frame->top()->document().url());
1222
1223 // If old_url is still empty and this is an initial navigation, then this is
1224 // a window.open operation. We should look at the opener URL.
1225 if (is_initial_navigation && old_url.is_empty() && frame->opener()) {
1226 // If we're about to open a normal web page from a same-origin opener stuck
1227 // in an extension process, we want to keep it in process to allow the
1228 // opener to script it.
1229 WebDocument opener_document = frame->opener()->document();
1230 WebSecurityOrigin opener = frame->opener()->document().securityOrigin();
1231 bool opener_is_extension_url =
1232 !opener.isUnique() && extensions.GetExtensionOrAppByURL(
1233 opener_document.url()) != NULL;
1234 if (!is_extension_url &&
1235 !opener_is_extension_url &&
1236 extension_dispatcher_->is_extension_process() &&
1237 opener.canRequest(WebURL(new_url)))
1238 return false;
1239
1240 // In all other cases, we want to compare against the top frame's URL (as
1241 // opposed to the opener frame's), since that's what determines the type of
1242 // process. This allows iframes outside an app to open a popup in the app.
1243 old_url = frame->top()->opener()->top()->document().url();
1244 }
1245
1246 // Only consider keeping non-app URLs in an app process if this window
1247 // has an opener (in which case it might be an OAuth popup that tries to
1248 // script an iframe within the app).
1249 bool should_consider_workaround = !!frame->opener();
1250
1251 return extensions::CrossesExtensionProcessBoundary(
1252 extensions, old_url, new_url, should_consider_workaround);
1253 }
1254
1255 #if defined(ENABLE_SPELLCHECK)
1256 void ChromeContentRendererClient::SetSpellcheck(SpellCheck* spellcheck) {
1257 RenderThread* thread = RenderThread::Get();
1258 if (spellcheck_.get() && thread)
1259 thread->RemoveObserver(spellcheck_.get());
1260 spellcheck_.reset(spellcheck);
1261 SpellCheckReplacer replacer(spellcheck_.get());
1262 content::RenderView::ForEach(&replacer);
1263 if (thread)
1264 thread->AddObserver(spellcheck_.get());
1265 }
1266 #endif
1267
1268 void ChromeContentRendererClient::OnPurgeMemory() {
1269 #if defined(ENABLE_SPELLCHECK)
1270 DVLOG(1) << "Resetting spellcheck in renderer client";
1271 SetSpellcheck(new SpellCheck());
1272 #endif
1273 }
1274
1275 bool ChromeContentRendererClient::IsAdblockInstalled() {
1276 return g_current_client->extension_dispatcher_->extensions()->Contains(
1277 "gighmmpiobklfepjocnamgkkbiglidom");
1278 }
1279
1280 bool ChromeContentRendererClient::IsAdblockPlusInstalled() {
1281 return g_current_client->extension_dispatcher_->extensions()->Contains(
1282 "cfhdojbkjhnklbpkdaibdccddilifddb");
1283 }
1284
1285 bool ChromeContentRendererClient::IsAdblockWithWebRequestInstalled() {
1286 return g_current_client->extension_dispatcher_->
1287 IsAdblockWithWebRequestInstalled();
1288 }
1289
1290 bool ChromeContentRendererClient::IsAdblockPlusWithWebRequestInstalled() {
1291 return g_current_client->extension_dispatcher_->
1292 IsAdblockPlusWithWebRequestInstalled();
1293 }
1294
1295 bool ChromeContentRendererClient::IsOtherExtensionWithWebRequestInstalled() {
1296 return g_current_client->extension_dispatcher_->
1297 IsOtherExtensionWithWebRequestInstalled();
1298 }
1299
1300 const void* ChromeContentRendererClient::CreatePPAPIInterface(
1301 const std::string& interface_name) {
1302 #if defined(ENABLE_PLUGINS)
1303 #if !defined(DISABLE_NACL)
1304 if (interface_name == PPB_NACL_PRIVATE_INTERFACE)
1305 return nacl::GetNaClPrivateInterface();
1306 #endif // DISABLE_NACL
1307 if (interface_name == PPB_PDF_INTERFACE)
1308 return PPB_PDF_Impl::GetInterface();
1309 #endif
1310 return NULL;
1311 }
1312
1313 bool ChromeContentRendererClient::IsExternalPepperPlugin(
1314 const std::string& module_name) {
1315 // TODO(bbudge) remove this when the trusted NaCl plugin has been removed.
1316 // We must defer certain plugin events for NaCl instances since we switch
1317 // from the in-process to the out-of-process proxy after instantiating them.
1318 return module_name == "Native Client";
1319 }
1320
1321 blink::WebSpeechSynthesizer*
1322 ChromeContentRendererClient::OverrideSpeechSynthesizer(
1323 blink::WebSpeechSynthesizerClient* client) {
1324 return new TtsDispatcher(client);
1325 }
1326
1327 bool ChromeContentRendererClient::AllowBrowserPlugin(
1328 blink::WebPluginContainer* container) {
1329 if (CommandLine::ForCurrentProcess()->HasSwitch(
1330 switches::kEnableBrowserPluginForAllViewTypes))
1331 return true;
1332
1333 // If this |BrowserPlugin| <object> in the |container| is not inside a
1334 // <webview>/<adview> shadowHost, we disable instantiating this plugin. This
1335 // is to discourage and prevent developers from accidentally attaching
1336 // <object> directly in apps.
1337 //
1338 // Note that this check below does *not* ensure any security, it is still
1339 // possible to bypass this check.
1340 // TODO(lazyboy): http://crbug.com/178663, Ensure we properly disallow
1341 // instantiating BrowserPlugin outside of the <webview>/<adview> shim.
1342 if (container->element().isNull())
1343 return false;
1344
1345 if (container->element().shadowHost().isNull())
1346 return false;
1347
1348 WebString tag_name = container->element().shadowHost().tagName();
1349 return tag_name.equals(WebString::fromUTF8(kWebViewTagName)) ||
1350 tag_name.equals(WebString::fromUTF8(kAdViewTagName));
1351 }
1352
1353 bool ChromeContentRendererClient::AllowPepperMediaStreamAPI(
1354 const GURL& url) {
1355 #if !defined(OS_ANDROID)
1356 // Allow only the Hangouts app to use the MediaStream APIs. It's OK to check
1357 // the whitelist in the renderer, since we're only preventing access until
1358 // these APIs are public and stable.
1359 std::string url_host = url.host();
1360 if (url.SchemeIs("https") &&
1361 (EndsWith(url_host, "talkgadget.google.com", false) ||
1362 EndsWith(url_host, "plus.google.com", false) ||
1363 EndsWith(url_host, "plus.sandbox.google.com", false)) &&
1364 StartsWithASCII(url.path(), "/hangouts/", false)) {
1365 return true;
1366 }
1367 // Allow access for tests.
1368 if (CommandLine::ForCurrentProcess()->HasSwitch(
1369 switches::kEnablePepperTesting)) {
1370 return true;
1371 }
1372 #endif // !defined(OS_ANDROID)
1373 return false;
1374 }
1375
1376 void ChromeContentRendererClient::AddKeySystems(
1377 std::vector<content::KeySystemInfo>* key_systems) {
1378 AddChromeKeySystems(key_systems);
1379 }
1380
1381 bool ChromeContentRendererClient::ShouldReportDetailedMessageForSource(
1382 const base::string16& source) const {
1383 return extensions::IsSourceFromAnExtension(source);
1384 }
1385
1386 bool ChromeContentRendererClient::ShouldEnableSiteIsolationPolicy() const {
1387 // SiteIsolationPolicy is off by default. We would like to activate cross-site
1388 // document blocking (for UMA data collection) for normal renderer processes
1389 // running a normal web page from the Internet. We only turn on
1390 // SiteIsolationPolicy for a renderer process that does not have the extension
1391 // flag on.
1392 CommandLine* command_line = CommandLine::ForCurrentProcess();
1393 return !command_line->HasSwitch(extensions::switches::kExtensionProcess);
1394 }
1395
1396 blink::WebWorkerPermissionClientProxy*
1397 ChromeContentRendererClient::CreateWorkerPermissionClientProxy(
1398 content::RenderFrame* render_frame,
1399 blink::WebFrame* frame) {
1400 return new WorkerPermissionClientProxy(render_frame, frame);
1401 }