1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_
6 #define CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_
11 #include "base/callback.h"
12 #include "base/compiler_specific.h"
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/weak_ptr.h"
15 #include "base/strings/string16.h"
16 #include "base/time/time.h"
17 #include "content/browser/accessibility/browser_accessibility_manager.h"
18 #include "content/browser/site_instance_impl.h"
19 #include "content/common/accessibility_mode_enums.h"
20 #include "content/common/content_export.h"
21 #include "content/common/mojo/service_registry_impl.h"
22 #include "content/public/browser/render_frame_host.h"
23 #include "content/public/common/javascript_message_type.h"
24 #include "net/http/http_response_headers.h"
25 #include "third_party/WebKit/public/platform/WebNotificationPermission.h"
26 #include "third_party/WebKit/public/web/WebTextDirection.h"
27 #include "ui/accessibility/ax_node_data.h"
28 #include "ui/base/page_transition_types.h"
31 struct AccessibilityHostMsg_EventParams
;
32 struct AccessibilityHostMsg_LocationChangeParams
;
33 struct FrameHostMsg_DidFailProvisionalLoadWithError_Params
;
34 struct FrameHostMsg_OpenURL_Params
;
35 struct FrameHostMsg_BeginNavigation_Params
;
36 struct FrameMsg_Navigate_Params
;
37 #if defined(OS_MACOSX) || defined(OS_ANDROID)
38 struct FrameHostMsg_ShowPopup_Params
;
48 class CrossProcessFrameConnector
;
49 class CrossSiteTransferringRequest
;
52 class RenderFrameHostDelegate
;
53 class RenderFrameProxyHost
;
54 class RenderProcessHost
;
55 class RenderViewHostImpl
;
56 class RenderWidgetHostImpl
;
59 struct CommitNavigationParams
;
60 struct ContextMenuParams
;
61 struct CommonNavigationParams
;
62 struct GlobalRequestID
;
64 struct RequestNavigationParams
;
65 struct ResourceResponse
;
66 struct ShowDesktopNotificationHostMsgParams
;
67 struct TransitionLayerData
;
69 class CONTENT_EXPORT RenderFrameHostImpl
70 : public RenderFrameHost
,
71 public BrowserAccessibilityDelegate
{
73 // Keeps track of the state of the RenderFrameHostImpl, particularly with
74 // respect to swap out.
75 enum RenderFrameHostImplState
{
76 // The standard state for a RFH handling the communication with an active
79 // The RFH has not received the SwapOutACK yet, but the new page has
80 // committed in a different RFH. Upon reception of the SwapOutACK, the RFH
81 // will either enter STATE_SWAPPED_OUT (if it is a main frame and there are
82 // other active frames in its SiteInstance) or it will be deleted.
83 STATE_PENDING_SWAP_OUT
,
84 // The RFH is swapped out and stored inside a RenderFrameProxyHost, being
85 // used as a placeholder to allow cross-process communication. Only main
86 // frames can enter this state.
89 // Helper function to determine whether the RFH state should contribute to the
90 // number of active frames of a SiteInstance or not.
91 static bool IsRFHStateActive(RenderFrameHostImplState rfh_state
);
93 static RenderFrameHostImpl
* FromID(int process_id
, int routing_id
);
95 virtual ~RenderFrameHostImpl();
98 virtual int GetRoutingID() override
;
99 virtual SiteInstanceImpl
* GetSiteInstance() override
;
100 virtual RenderProcessHost
* GetProcess() override
;
101 virtual RenderFrameHost
* GetParent() override
;
102 virtual const std::string
& GetFrameName() override
;
103 virtual bool IsCrossProcessSubframe() override
;
104 virtual GURL
GetLastCommittedURL() override
;
105 virtual gfx::NativeView
GetNativeView() override
;
106 virtual void ExecuteJavaScript(
107 const base::string16
& javascript
) override
;
108 virtual void ExecuteJavaScript(
109 const base::string16
& javascript
,
110 const JavaScriptResultCallback
& callback
) override
;
111 virtual void ExecuteJavaScriptForTests(
112 const base::string16
& javascript
) override
;
113 virtual RenderViewHost
* GetRenderViewHost() override
;
114 virtual ServiceRegistry
* GetServiceRegistry() override
;
117 virtual bool Send(IPC::Message
* msg
) override
;
120 virtual bool OnMessageReceived(const IPC::Message
& msg
) override
;
122 // BrowserAccessibilityDelegate
123 virtual void AccessibilitySetFocus(int acc_obj_id
) override
;
124 virtual void AccessibilityDoDefaultAction(int acc_obj_id
) override
;
125 virtual void AccessibilityShowMenu(const gfx::Point
& global_point
) override
;
126 virtual void AccessibilityScrollToMakeVisible(
127 int acc_obj_id
, const gfx::Rect
& subfocus
) override
;
128 virtual void AccessibilityScrollToPoint(
129 int acc_obj_id
, const gfx::Point
& point
) override
;
130 virtual void AccessibilitySetTextSelection(
131 int acc_obj_id
, int start_offset
, int end_offset
) override
;
132 virtual bool AccessibilityViewHasFocus() const override
;
133 virtual gfx::Rect
AccessibilityGetViewBounds() const override
;
134 virtual gfx::Point
AccessibilityOriginInScreen(const gfx::Rect
& bounds
)
136 virtual void AccessibilityHitTest(const gfx::Point
& point
) override
;
137 virtual void AccessibilityFatalError() override
;
138 virtual gfx::AcceleratedWidget
AccessibilityGetAcceleratedWidget() override
;
139 virtual gfx::NativeViewAccessible
AccessibilityGetNativeViewAccessible()
141 virtual BrowserAccessibilityManager
* AccessibilityGetChildFrame(
142 int accessibility_node_id
) override
;
143 virtual BrowserAccessibility
* AccessibilityGetParentFrame() override
;
145 // Creates a RenderFrame in the renderer process. Only called for
146 // cross-process subframe navigations in --site-per-process.
147 bool CreateRenderFrame(int parent_routing_id
);
149 // Returns whether the RenderFrame in the renderer process has been created
150 // and still has a connection. This is valid for all frames.
151 bool IsRenderFrameLive();
153 // Tracks whether the RenderFrame for this RenderFrameHost has been created in
154 // the renderer process. This is currently only used for subframes.
155 // TODO(creis): Use this for main frames as well when RVH goes away.
156 void set_render_frame_created(bool created
) {
157 render_frame_created_
= created
;
160 // Called for renderer-created windows to resume requests from this frame,
161 // after they are blocked in RenderWidgetHelper::CreateNewWindow.
164 int routing_id() const { return routing_id_
; }
165 void OnCreateChildFrame(int new_routing_id
,
166 const std::string
& frame_name
);
168 RenderViewHostImpl
* render_view_host() { return render_view_host_
; }
169 RenderFrameHostDelegate
* delegate() { return delegate_
; }
170 FrameTreeNode
* frame_tree_node() { return frame_tree_node_
; }
171 // TODO(nasko): The RenderWidgetHost will be owned by RenderFrameHost in
172 // the future, so update this accessor to return the right pointer.
173 RenderWidgetHostImpl
* GetRenderWidgetHost();
175 // This function is called when this is a swapped out RenderFrameHost that
176 // lives in the same process as the parent frame. The
177 // |cross_process_frame_connector| allows the non-swapped-out
178 // RenderFrameHost for a frame to communicate with the parent process
179 // so that it may composite drawing data.
181 // Ownership is not transfered.
182 void set_cross_process_frame_connector(
183 CrossProcessFrameConnector
* cross_process_frame_connector
) {
184 cross_process_frame_connector_
= cross_process_frame_connector
;
187 void set_render_frame_proxy_host(RenderFrameProxyHost
* proxy
) {
188 render_frame_proxy_host_
= proxy
;
191 // Returns a bitwise OR of bindings types that have been enabled for this
192 // RenderFrameHostImpl's RenderView. See BindingsPolicy for details.
193 // TODO(creis): Make bindings frame-specific, to support cases like <webview>.
194 int GetEnabledBindings();
196 // Called on the pending RenderFrameHost when the network response is ready to
197 // commit. We should ensure that the old RenderFrameHost runs its unload
198 // handler and determine whether a transfer to a different RenderFrameHost is
200 void OnCrossSiteResponse(
201 const GlobalRequestID
& global_request_id
,
202 scoped_ptr
<CrossSiteTransferringRequest
> cross_site_transferring_request
,
203 const std::vector
<GURL
>& transfer_url_chain
,
204 const Referrer
& referrer
,
205 ui::PageTransition page_transition
,
206 bool should_replace_current_entry
);
208 // Called on the current RenderFrameHost when the network response is first
210 void OnDeferredAfterResponseStarted(
211 const GlobalRequestID
& global_request_id
,
212 const TransitionLayerData
& transition_data
);
214 // Tells the renderer that this RenderFrame is being swapped out for one in a
215 // different renderer process. It should run its unload handler and move to
216 // a blank document. If |proxy| is not null, it should also create a
217 // RenderFrameProxy to replace the RenderFrame. The renderer should preserve
218 // the RenderFrameProxy object until it exits, in case we come back. The
219 // renderer can exit if it has no other active RenderFrames, but not until
220 // WasSwappedOut is called.
221 void SwapOut(RenderFrameProxyHost
* proxy
);
223 bool is_waiting_for_beforeunload_ack() const {
224 return is_waiting_for_beforeunload_ack_
;
227 // Whether the RFH is waiting for an unload ACK from the renderer.
228 bool IsWaitingForUnloadACK() const;
230 // Called when either the SwapOut request has been acknowledged or has timed
234 // Whether this RenderFrameHost has been swapped out, such that the frame is
235 // now rendered by a RenderFrameHost in a different process.
236 bool is_swapped_out() const { return rfh_state_
== STATE_SWAPPED_OUT
; }
238 // The current state of this RFH.
239 RenderFrameHostImplState
rfh_state() const { return rfh_state_
; }
241 // Sends the given navigation message. Use this rather than sending it
242 // yourself since this does the internal bookkeeping described below. This
243 // function takes ownership of the provided message pointer.
245 // If a cross-site request is in progress, we may be suspended while waiting
246 // for the onbeforeunload handler, so this function might buffer the message
247 // rather than sending it.
248 void Navigate(const FrameMsg_Navigate_Params
& params
);
250 // Load the specified URL; this is a shortcut for Navigate().
251 void NavigateToURL(const GURL
& url
);
253 // Treat this prospective navigation as thought it originated from the
254 // frame. Used, e.g., for a navigation request that originated from
256 void OpenURL(const FrameHostMsg_OpenURL_Params
& params
);
258 // Stop the load in progress.
261 // Returns whether navigation messages are currently suspended for this
262 // RenderFrameHost. Only true during a cross-site navigation, while waiting
263 // for the onbeforeunload handler.
264 bool are_navigations_suspended() const { return navigations_suspended_
; }
266 // Suspends (or unsuspends) any navigation messages from being sent from this
267 // RenderFrameHost. This is called when a pending RenderFrameHost is created
268 // for a cross-site navigation, because we must suspend any navigations until
269 // we hear back from the old renderer's onbeforeunload handler. Note that it
270 // is important that only one navigation event happen after calling this
271 // method with |suspend| equal to true. If |suspend| is false and there is a
272 // suspended_nav_message_, this will send the message. This function should
273 // only be called to toggle the state; callers should check
274 // are_navigations_suspended() first. If |suspend| is false, the time that the
275 // user decided the navigation should proceed should be passed as
277 void SetNavigationsSuspended(bool suspend
,
278 const base::TimeTicks
& proceed_time
);
280 // Clears any suspended navigation state after a cross-site navigation is
281 // canceled or suspended. This is important if we later return to this
283 void CancelSuspendedNavigations();
285 // Runs the beforeunload handler for this frame. |for_cross_site_transition|
286 // indicates whether this call is for the current frame during a cross-process
287 // navigation. False means we're closing the entire tab.
288 void DispatchBeforeUnload(bool for_cross_site_transition
);
290 // Set the frame's opener to null in the renderer process in response to an
291 // action in another renderer process.
294 // Deletes the current selection plus the specified number of characters
295 // before and after the selection or caret.
296 void ExtendSelectionAndDelete(size_t before
, size_t after
);
298 // Notifies the RenderFrame that the JavaScript message that was shown was
299 // closed by the user.
300 void JavaScriptDialogClosed(IPC::Message
* reply_msg
,
302 const base::string16
& user_input
,
303 bool dialog_was_suppressed
);
305 // Called when an HTML5 notification is closed.
306 void NotificationClosed(int notification_id
);
308 // Clears any outstanding transition request. This is called when we hear the
309 // response or commit.
310 void ClearPendingTransitionRequestData();
312 // Send a message to the renderer process to change the accessibility mode.
313 void SetAccessibilityMode(AccessibilityMode AccessibilityMode
);
315 // Turn on accessibility testing. The given callback will be run
316 // every time an accessibility notification is received from the
317 // renderer process, and the accessibility tree it sent can be
318 // retrieved using GetAXTreeForTesting().
319 void SetAccessibilityCallbackForTesting(
320 const base::Callback
<void(ui::AXEvent
, int)>& callback
);
322 // Returns a snapshot of the accessibility tree received from the
323 // renderer as of the last time an accessibility notification was
325 const ui::AXTree
* GetAXTreeForTesting();
327 // Access the BrowserAccessibilityManager if it already exists.
328 BrowserAccessibilityManager
* browser_accessibility_manager() const {
329 return browser_accessibility_manager_
.get();
332 // If accessibility is enabled, get the BrowserAccessibilityManager for
333 // this frame, or create one if it doesn't exist yet, otherwise return
335 BrowserAccessibilityManager
* GetOrCreateBrowserAccessibilityManager();
338 void SetParentNativeViewAccessible(
339 gfx::NativeViewAccessible accessible_parent
);
340 gfx::NativeViewAccessible
GetParentNativeViewAccessible() const;
341 #elif defined(OS_MACOSX)
342 // Select popup menu related methods (for external popup menus).
343 void DidSelectPopupMenuItem(int selected_index
);
344 void DidCancelPopupMenu();
345 #elif defined(OS_ANDROID)
346 void DidSelectPopupMenuItems(const std::vector
<int>& selected_indices
);
347 void DidCancelPopupMenu();
350 // PlzNavigate: Indicates that a navigation is ready to commit and can be
351 // handled by this RenderFrame.
352 void CommitNavigation(ResourceResponse
* response
,
353 scoped_ptr
<StreamHandle
> body
,
354 const CommonNavigationParams
& common_params
,
355 const CommitNavigationParams
& commit_params
);
358 friend class RenderFrameHostFactory
;
360 // TODO(nasko): Remove dependency on RenderViewHost here. RenderProcessHost
361 // should be the abstraction needed here, but we need RenderViewHost to pass
362 // into WebContentsObserver::FrameDetached for now.
363 RenderFrameHostImpl(RenderViewHostImpl
* render_view_host
,
364 RenderFrameHostDelegate
* delegate
,
365 FrameTree
* frame_tree
,
366 FrameTreeNode
* frame_tree_node
,
368 bool is_swapped_out
);
371 friend class TestRenderFrameHost
;
372 friend class TestRenderViewHost
;
374 FRIEND_TEST_ALL_PREFIXES(SitePerProcessBrowserTest
, CrashSubframe
);
376 // IPC Message handlers.
377 void OnAddMessageToConsole(int32 level
,
378 const base::string16
& message
,
380 const base::string16
& source_id
);
382 void OnFrameFocused();
383 void OnOpenURL(const FrameHostMsg_OpenURL_Params
& params
);
384 void OnDocumentOnLoadCompleted();
385 void OnDidStartProvisionalLoadForFrame(const GURL
& url
,
386 bool is_transition_navigation
);
387 void OnDidFailProvisionalLoadWithError(
388 const FrameHostMsg_DidFailProvisionalLoadWithError_Params
& params
);
389 void OnDidFailLoadWithError(
392 const base::string16
& error_description
);
393 void OnDidCommitProvisionalLoad(const IPC::Message
& msg
);
394 void OnBeforeUnloadACK(
396 const base::TimeTicks
& renderer_before_unload_start_time
,
397 const base::TimeTicks
& renderer_before_unload_end_time
);
399 void OnContextMenu(const ContextMenuParams
& params
);
400 void OnJavaScriptExecuteResponse(int id
, const base::ListValue
& result
);
401 void OnRunJavaScriptMessage(const base::string16
& message
,
402 const base::string16
& default_prompt
,
403 const GURL
& frame_url
,
404 JavaScriptMessageType type
,
405 IPC::Message
* reply_msg
);
406 void OnRunBeforeUnloadConfirm(const GURL
& frame_url
,
407 const base::string16
& message
,
409 IPC::Message
* reply_msg
);
410 void OnRequestPlatformNotificationPermission(const GURL
& origin
,
412 void OnShowDesktopNotification(
414 const ShowDesktopNotificationHostMsgParams
& params
);
415 void OnCancelDesktopNotification(int notification_id
);
416 void OnTextSurroundingSelectionResponse(const base::string16
& content
,
419 void OnDidAccessInitialDocument();
420 void OnDidDisownOpener();
421 void OnDidAssignPageId(int32 page_id
);
422 void OnUpdateTitle(int32 page_id
,
423 const base::string16
& title
,
424 blink::WebTextDirection title_direction
);
425 void OnUpdateEncoding(const std::string
& encoding
);
426 void OnBeginNavigation(const FrameHostMsg_BeginNavigation_Params
& params
,
427 const CommonNavigationParams
& common_params
);
428 void OnAccessibilityEvents(
429 const std::vector
<AccessibilityHostMsg_EventParams
>& params
);
430 void OnAccessibilityLocationChanges(
431 const std::vector
<AccessibilityHostMsg_LocationChangeParams
>& params
);
433 #if defined(OS_MACOSX) || defined(OS_ANDROID)
434 void OnShowPopup(const FrameHostMsg_ShowPopup_Params
& params
);
438 // Updates the state of this RenderFrameHost and clears any waiting state
439 // that is no longer relevant.
440 void SetState(RenderFrameHostImplState rfh_state
);
442 // Returns whether the given URL is allowed to commit in the current process.
443 // This is a more conservative check than RenderProcessHost::FilterURL, since
444 // it will be used to kill processes that commit unauthorized URLs.
445 bool CanCommitURL(const GURL
& url
);
447 void PlatformNotificationPermissionRequestDone(
448 int request_id
, blink::WebNotificationPermission permission
);
450 // Update the the singleton FrameAccessibility instance with a map
451 // from accessibility node id to the frame routing id of a cross-process
453 void UpdateCrossProcessIframeAccessibility(
454 const std::map
<int32
, int> node_to_frame_routing_id_map
);
456 // Update the the singleton FrameAccessibility instance with a map
457 // from accessibility node id to the browser plugin instance id of a
458 // guest WebContents.
459 void UpdateGuestFrameAccessibility(
460 const std::map
<int32
, int> node_to_browser_plugin_instance_id_map
);
462 // For now, RenderFrameHosts indirectly keep RenderViewHosts alive via a
463 // refcount that calls Shutdown when it reaches zero. This allows each
464 // RenderFrameHostManager to just care about RenderFrameHosts, while ensuring
465 // we have a RenderViewHost for each RenderFrameHost.
466 // TODO(creis): RenderViewHost will eventually go away and be replaced with
467 // some form of page context.
468 RenderViewHostImpl
* render_view_host_
;
470 RenderFrameHostDelegate
* delegate_
;
472 // |cross_process_frame_connector_| passes messages from an out-of-process
473 // child frame to the parent process for compositing.
475 // This is only non-NULL when this is the swapped out RenderFrameHost in
476 // the same site instance as this frame's parent.
478 // See the class comment above CrossProcessFrameConnector for more
481 // This will move to RenderFrameProxyHost when that class is created.
482 CrossProcessFrameConnector
* cross_process_frame_connector_
;
484 // The proxy created for this RenderFrameHost. It is used to send and receive
485 // IPC messages while in swapped out state.
486 // TODO(nasko): This can be removed once we don't have a swapped out state on
487 // RenderFrameHosts. See https://crbug.com/357747.
488 RenderFrameProxyHost
* render_frame_proxy_host_
;
490 // Reference to the whole frame tree that this RenderFrameHost belongs to.
491 // Allows this RenderFrameHost to add and remove nodes in response to
492 // messages from the renderer requesting DOM manipulation.
493 FrameTree
* frame_tree_
;
495 // The FrameTreeNode which this RenderFrameHostImpl is hosted in.
496 FrameTreeNode
* frame_tree_node_
;
498 // The mapping of pending JavaScript calls created by
499 // ExecuteJavaScript and their corresponding callbacks.
500 std::map
<int, JavaScriptResultCallback
> javascript_callbacks_
;
502 // Map from notification_id to a callback to cancel them.
503 std::map
<int, base::Closure
> cancel_notification_callbacks_
;
507 // The current state of this RenderFrameHost.
508 RenderFrameHostImplState rfh_state_
;
510 // Tracks whether the RenderFrame for this RenderFrameHost has been created in
511 // the renderer process. Currently only used for subframes.
512 // TODO(creis): Use this for main frames as well when RVH goes away.
513 bool render_frame_created_
;
515 // Whether we should buffer outgoing Navigate messages rather than sending
516 // them. This will be true when a RenderFrameHost is created for a cross-site
517 // request, until we hear back from the onbeforeunload handler of the old
519 bool navigations_suspended_
;
521 // We only buffer the params for a suspended navigation while this RFH is the
522 // pending RenderFrameHost of a RenderFrameHostManager. There will only ever
523 // be one suspended navigation, because RenderFrameHostManager will destroy
524 // the pending RenderFrameHost and create a new one if a second navigation
526 scoped_ptr
<FrameMsg_Navigate_Params
> suspended_nav_params_
;
528 // When the last BeforeUnload message was sent.
529 base::TimeTicks send_before_unload_start_time_
;
531 // Set to true when there is a pending FrameMsg_ShouldClose message. This
532 // ensures we don't spam the renderer with multiple beforeunload requests.
533 // When either this value or IsWaitingForUnloadACK is true, the value of
534 // unload_ack_is_for_cross_site_transition_ indicates whether this is for a
535 // cross-site transition or a tab close attempt.
536 // TODO(clamy): Remove this boolean and add one more state to the state
538 bool is_waiting_for_beforeunload_ack_
;
540 // Valid only when is_waiting_for_beforeunload_ack_ or
541 // IsWaitingForUnloadACK is true. This tells us if the unload request
542 // is for closing the entire tab ( = false), or only this RenderFrameHost in
543 // the case of a cross-site transition ( = true).
544 bool unload_ack_is_for_cross_site_transition_
;
546 // Used to swap out or shut down this RFH when the unload event is taking too
547 // long to execute, depending on the number of active frames in the
549 scoped_ptr
<TimeoutMonitor
> swapout_event_monitor_timeout_
;
551 ServiceRegistryImpl service_registry_
;
553 scoped_ptr
<BrowserAccessibilityManager
> browser_accessibility_manager_
;
555 // Callback when an event is received, for testing.
556 base::Callback
<void(ui::AXEvent
, int)> accessibility_testing_callback_
;
557 // The most recently received accessibility tree - for testing only.
558 scoped_ptr
<ui::AXTree
> ax_tree_for_testing_
;
560 // NOTE: This must be the last member.
561 base::WeakPtrFactory
<RenderFrameHostImpl
> weak_ptr_factory_
;
563 DISALLOW_COPY_AND_ASSIGN(RenderFrameHostImpl
);
566 } // namespace content
568 #endif // CONTENT_BROWSER_FRAME_HOST_RENDER_FRAME_HOST_IMPL_H_