Fixing iframe jank in the local omnibox popup.

chrome/browser/search/suggestion_source.cc

Index: chrome/browser/search/suggestion_source.cc
diff --git a/chrome/browser/search/suggestion_source.cc b/chrome/browser/search/suggestion_source.cc
new file mode 100644
index 0000000000000000000000000000000000000000..744bea66ac769de1fd7f4b19445896f63d9123ed
--- /dev/null
+++ b/chrome/browser/search/suggestion_source.cc
@@ -0,0 +1,118 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/search/suggestion_source.h"
+
+#include "base/json/string_escape.h"
+#include "base/logging.h"
+#include "base/memory/ref_counted_memory.h"
+#include "base/string_util.h"
+#include "base/stringprintf.h"
+#include "base/strings/string_piece.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/search/search.h"
+#include "chrome/common/url_constants.h"
+#include "googleurl/src/gurl.h"
+#include "grit/browser_resources.h"
+#include "net/base/url_util.h"
+#include "net/url_request/url_request.h"
+#include "ui/base/layout.h"
+#include "ui/base/resource/resource_bundle.h"
+
+namespace {
+
+const char kLoaderHtmlPath[] = "/loader.html";
+const char kLoaderJSPath[] = "/loader.js";
+const char kResultHtmlPath[] = "/result.html";
+const char kResultJSPath[] = "/result.js";
+const char kOriginParam[] = "origin";
+
+}  // namespace
+
+SuggestionSource::SuggestionSource() {
+}
+
+SuggestionSource::~SuggestionSource() {
+}
+
+std::string SuggestionSource::GetSource() {
+  return chrome::kChromeSearchSuggestionHost;
+}
+
+void SuggestionSource::StartDataRequest(
+    const std::string& path_and_query,
+    bool is_incognito,
+    const content::URLDataSource::GotDataCallback& callback) {
+  std::string path(GURL(chrome::kChromeSearchSuggestionURL +
+                        path_and_query).path());
+  if (path == kLoaderHtmlPath)
+    SendResource(IDR_OMNIBOX_RESULT_LOADER_HTML, callback);
+  else if (path == kLoaderJSPath)
+    SendJSWithOrigin(IDR_OMNIBOX_RESULT_LOADER_JS, path_and_query, callback);
+  else if (path == kResultHtmlPath)
+    SendResource(IDR_OMNIBOX_RESULT_HTML, callback);
+  else if (path == kResultJSPath)
+    SendJSWithOrigin(IDR_OMNIBOX_RESULT_JS, path_and_query, callback);
+  else
+    callback.Run(NULL);
+}
+
+void SuggestionSource::SendResource(
+    int resource_id,
+    const content::URLDataSource::GotDataCallback& callback) {
+  scoped_refptr<base::RefCountedStaticMemory> response(
+      ResourceBundle::GetSharedInstance().LoadDataResourceBytes(resource_id));
+  callback.Run(response);
+}
+
+void SuggestionSource::SendJSWithOrigin(
+    int resource_id,
+    const std::string& path_and_query,
+    const content::URLDataSource::GotDataCallback& callback) {
+  // &origin is used to check the source of postMessage() requests to suggestion
+  // iframes. It is set by ChromeContentRendererClient::WillSendRequest() but
+  // validate and escape it anyway.
+  std::string origin;
+  if (!net::GetValueForKeyInQuery(
+          GURL(chrome::kChromeSearchSuggestionURL + path_and_query),
+          kOriginParam, &origin) ||
+      !GURL(origin).GetOrigin().is_valid()) {
+    callback.Run(NULL);
+    return;
+  }
+  origin = GURL(origin).GetOrigin().spec();
+  TrimString(origin, "/", &origin);
+
+  std::string js_escaped_origin;
+  base::JsonDoubleQuote(origin, false, &js_escaped_origin);
+  base::StringPiece template_js =
+      ResourceBundle::GetSharedInstance().GetRawDataResource(resource_id);
+  std::string response(base::StringPrintf(template_js.as_string().c_str(),

[palmer, 2013/04/09 19:09:55]

This mechanism seems a bit over-powered. Given that |EMBEDDER_ORIGIN| is just
"%s", this is really just a string assignment. Is there a simpler, more
constrained way to achieve this?

[Jered, 2013/04/09 21:59:38]

How about this?

+                                          js_escaped_origin.c_str()));
+  callback.Run(base::RefCountedString::TakeString(&response));
+}
+
+std::string SuggestionSource::GetMimeType(
+    const std::string& path_and_query) const {
+  std::string path(GURL(chrome::kChromeSearchSuggestionURL +
+                        path_and_query).path());
+  if (path == kLoaderHtmlPath || path == kResultHtmlPath)
+    return "text/html";
+  if (path == kLoaderJSPath || path == kResultJSPath)
+    return "application/javascript";
+  return "";
+}
+
+bool SuggestionSource::ShouldServiceRequest(
+    const net::URLRequest* request) const {
+  const std::string& path = request->url().path();
+  return request->url().SchemeIs(chrome::kChromeSearchScheme) &&
+      request->url().host() == chrome::kChromeSearchSuggestionHost &&
+      (path == kLoaderHtmlPath || path == kLoaderJSPath ||
+       path == kResultHtmlPath || path == kResultJSPath);
+}
+
+bool SuggestionSource::ShouldDenyXFrameOptions() const {
+  return false;
+}