Add WebDragData to blink::WebView::dragtargetDrop

content/browser/renderer_host/render_view_host_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/renderer_host/render_view_host_impl.h"
 
 #include <set>
 #include <string>
 #include <utility>
 #include <vector>
@@ skipping 62 matching lines @@
 #include "content/public/common/file_chooser_file_info.h"
 #include "content/public/common/file_chooser_params.h"
 #include "content/public/common/result_codes.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/common/url_utils.h"
 #include "net/base/filename_util.h"
 #include "net/base/url_util.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "storage/browser/fileapi/isolated_context.h"
 #include "third_party/skia/include/core/SkBitmap.h"
+#include "ui/base/clipboard/clipboard.h"
 #include "ui/base/touch/touch_device.h"
 #include "ui/base/touch/touch_enabled.h"
 #include "ui/base/ui_base_switches.h"
 #include "ui/gfx/animation/animation.h"
 #include "ui/gfx/image/image_skia.h"
 #include "ui/gfx/native_widget_types.h"
 #include "ui/native_theme/native_theme_switches.h"
 #include "url/url_constants.h"
 
 #if defined(OS_WIN)
@@ skipping 64 matching lines @@
       display::win::GetSystemMetricsInDIP(SM_CXVSCROLL);
   prefs->horizontal_scroll_bar_height_in_dips =
       display::win::GetSystemMetricsInDIP(SM_CYHSCROLL);
   prefs->arrow_bitmap_height_vertical_scroll_bar_in_dips =
       display::win::GetSystemMetricsInDIP(SM_CYVSCROLL);
   prefs->arrow_bitmap_width_horizontal_scroll_bar_in_dips =
       display::win::GetSystemMetricsInDIP(SM_CXHSCROLL);
 }
 #endif
 
+std::vector<DropData::MetaData> DropDataToMetaData(const DropData& drop_data) {
+  std::vector<DropData::MetaData> meta_data;
+  if (!drop_data.text.is_null()) {
+    meta_data.emplace_back(DropData::Kind::STRING,
+                           base::ASCIIToUTF16(ui::Clipboard::kMimeTypeText));
+  }
+
+  if (!drop_data.url.is_empty()) {
+    meta_data.emplace_back(DropData::Kind::STRING,
+                           base::ASCIIToUTF16(ui::Clipboard::kMimeTypeURIList));
+  }
+
+  if (!drop_data.html.is_null()) {
+    meta_data.emplace_back(DropData::Kind::STRING,
+                           base::ASCIIToUTF16(ui::Clipboard::kMimeTypeHTML));
+  }
+
+  // On Aura, filenames are available before drop.
+  for (const auto& file_info : drop_data.filenames) {
+    if (!file_info.path.empty()) {
+      meta_data.emplace_back(DropData::Kind::FILENAME, file_info.path);
+    }
+  }
+
+  // On Android, only files' mime types are available before drop.
+  for (const auto& mime_type : drop_data.file_mime_types) {
+    if (!mime_type.empty()) {
+      meta_data.emplace_back(DropData::Kind::FILENAME, mime_type);
+    }
+  }
+
+  for (const auto& file_system_file : drop_data.file_system_files) {
+    if (!file_system_file.url.is_empty()) {
+      meta_data.emplace_back(DropData::Kind::FILESYSTEMFILE,
+                             file_system_file.url);
+    }
+  }
+
+  for (const auto& custom_data_item : drop_data.custom_data) {
+    meta_data.emplace_back(DropData::Kind::STRING, custom_data_item.first);
+  }
+
+  return meta_data;
+}
+
 }  // namespace
 
 // static
 const int64_t RenderViewHostImpl::kUnloadTimeoutMS = 1000;
 
 ///////////////////////////////////////////////////////////////////////////////
 // RenderViewHost, public:
 
 // static
 RenderViewHost* RenderViewHost::FromID(int render_process_id,
@@ skipping 407 matching lines @@
   GetWidget()->RendererExited(status, exit_code);
   delegate_->RenderViewTerminated(this, status, exit_code);
 }
 
 void RenderViewHostImpl::DragTargetDragEnter(
     const DropData& drop_data,
     const gfx::Point& client_pt,
     const gfx::Point& screen_pt,
     WebDragOperationsMask operations_allowed,
     int key_modifiers) {
-  const int renderer_id = GetProcess()->GetID();
-  ChildProcessSecurityPolicyImpl* policy =
-      ChildProcessSecurityPolicyImpl::GetInstance();
-
-#if defined(OS_CHROMEOS)
-  // The externalfile:// scheme is used in Chrome OS to open external files in a
-  // browser tab.
-  if (drop_data.url.SchemeIs(content::kExternalFileScheme))
-    policy->GrantRequestURL(renderer_id, drop_data.url);
-#endif
-
-  // The URL could have been cobbled together from any highlighted text string,
-  // and can't be interpreted as a capability.
-  DropData filtered_data(drop_data);
-  GetProcess()->FilterURL(true, &filtered_data.url);
-  if (drop_data.did_originate_from_renderer) {
-    filtered_data.filenames.clear();
-  }
-
-  // The filenames vector, on the other hand, does represent a capability to
-  // access the given files.
-  storage::IsolatedContext::FileInfoSet files;
-  for (std::vector<ui::FileInfo>::iterator iter(
-           filtered_data.filenames.begin());
-       iter != filtered_data.filenames.end();
-       ++iter) {
-    // A dragged file may wind up as the value of an input element, or it
-    // may be used as the target of a navigation instead.  We don't know
-    // which will happen at this point, so generously grant both access
-    // and request permissions to the specific file to cover both cases.
-    // We do not give it the permission to request all file:// URLs.
-
-    // Make sure we have the same display_name as the one we register.
-    if (iter->display_name.empty()) {
-      std::string name;
-      files.AddPath(iter->path, &name);
-      iter->display_name = base::FilePath::FromUTF8Unsafe(name);
-    } else {
-      files.AddPathWithName(iter->path, iter->display_name.AsUTF8Unsafe());
-    }
-
-    policy->GrantRequestSpecificFileURL(renderer_id,
-                                        net::FilePathToFileURL(iter->path));
-
-    // If the renderer already has permission to read these paths, we don't need
-    // to re-grant them. This prevents problems with DnD for files in the CrOS
-    // file manager--the file manager already had read/write access to those
-    // directories, but dragging a file would cause the read/write access to be
-    // overwritten with read-only access, making them impossible to delete or
-    // rename until the renderer was killed.
-    if (!policy->CanReadFile(renderer_id, iter->path))
-      policy->GrantReadFile(renderer_id, iter->path);
-  }
-
-  storage::IsolatedContext* isolated_context =
-      storage::IsolatedContext::GetInstance();
-  DCHECK(isolated_context);
-  std::string filesystem_id = isolated_context->RegisterDraggedFileSystem(
-      files);
-  if (!filesystem_id.empty()) {
-    // Grant the permission iff the ID is valid.
-    policy->GrantReadFileSystem(renderer_id, filesystem_id);
-  }
-  filtered_data.filesystem_id = base::UTF8ToUTF16(filesystem_id);
-
-  storage::FileSystemContext* file_system_context =
-      BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(),
-                                          GetSiteInstance())
-          ->GetFileSystemContext();
-  for (size_t i = 0; i < filtered_data.file_system_files.size(); ++i) {
-    storage::FileSystemURL file_system_url =
-        file_system_context->CrackURL(filtered_data.file_system_files[i].url);
-
-    std::string register_name;
-    std::string filesystem_id = isolated_context->RegisterFileSystemForPath(
-        file_system_url.type(), file_system_url.filesystem_id(),
-        file_system_url.path(), &register_name);
-    policy->GrantReadFileSystem(renderer_id, filesystem_id);
-
-    // Note: We are using the origin URL provided by the sender here. It may be
-    // different from the receiver's.
-    filtered_data.file_system_files[i].url =
-        GURL(storage::GetIsolatedFileSystemRootURIString(
-                 file_system_url.origin(), filesystem_id, std::string())
-                 .append(register_name));
-  }
-
-  Send(new DragMsg_TargetDragEnter(GetRoutingID(), filtered_data, client_pt,
-                                   screen_pt, operations_allowed,
-                                   key_modifiers));
+  Send(new DragMsg_TargetDragEnter(
+      GetRoutingID(), DropDataToMetaData(FilterDropData(drop_data)), client_pt,
+      screen_pt, operations_allowed, key_modifiers));
 }
 
 void RenderViewHostImpl::DragTargetDragOver(
     const gfx::Point& client_pt,
     const gfx::Point& screen_pt,
     WebDragOperationsMask operations_allowed,
     int key_modifiers) {
   Send(new DragMsg_TargetDragOver(GetRoutingID(), client_pt, screen_pt,
                                   operations_allowed, key_modifiers));
 }
 
 void RenderViewHostImpl::DragTargetDragLeave() {
   Send(new DragMsg_TargetDragLeave(GetRoutingID()));
 }
 
-void RenderViewHostImpl::DragTargetDrop(
-    const gfx::Point& client_pt,
-    const gfx::Point& screen_pt,
-    int key_modifiers) {
-  Send(new DragMsg_TargetDrop(GetRoutingID(), client_pt, screen_pt,
+void RenderViewHostImpl::DragTargetDrop(const DropData& drop_data,
+                                        const gfx::Point& client_pt,
+                                        const gfx::Point& screen_pt,
+                                        int key_modifiers) {
+  GrantPermissionsToDraggedFiles(drop_data);

[dcheng, 2016/05/11 01:19:15]

We probably still want to filter here, to avoid data being inconsistent.

I'm still not super happy that we have to pass DropData twice now, but that
seems unavoidable. Would it make sense to move the filtering into
WebContentsAura / WebContentsAndroid, to avoid the double filtering here?

[hush (inactive), 2016/05/12 05:34:47]

What happens if the drop data at Drop time is indeed inconsistent with DragEnter
time? This situation does not make sense and (I think) it is the operating
system's fault if this happens. If the data at Drop time can be inconsistent
with DragEnter time, then we cannot reliably trust the mime types from the drop
data at DragEnter time. The Javascript looking at dragged mime types can be
tricked.

I think we should just DCHECK that the drop data is consistent. At the moment,
both Aura and Android satisfy the consistency. Also, the implementation before
my CL has assumed consistency, by ignoring drop data at Drop time. 
This will be too complicated and too much duplicate code, because there aren't
just WebContentsAura / WebContentsAndroid that would call
RVHI::DragTargetDrop/DragTargetDragEnter. There are also WebDragDestMac (seems
that Mac has specific drag and drop code, instead of using WebContentsAura),
BrowserPluginGuest (this seems related to drag and drop in Chrome
apps/extensions)

[dcheng, 2016/05/13 23:50:38]

That seems OK to me, that's not a lot of callsites. We can even add a
is_filtered field to help enforce this programatically.

+  Send(new DragMsg_TargetDrop(GetRoutingID(), drop_data, client_pt, screen_pt,
                               key_modifiers));
 }
 
 void RenderViewHostImpl::DragSourceEndedAt(
     int client_x, int client_y, int screen_x, int screen_y,
     WebDragOperation operation) {
   Send(new DragMsg_SourceEnded(GetRoutingID(),
                                gfx::Point(client_x, client_y),
                                gfx::Point(screen_x, screen_y),
                                operation));
@@ skipping 634 matching lines @@
                    weak_factory_.GetWeakPtr()));
   } else {
     render_view_ready_on_process_launch_ = true;
   }
 }
 
 void RenderViewHostImpl::RenderViewReady() {
   delegate_->RenderViewReady(this);
 }
 
+DropData RenderViewHostImpl::FilterDropData(const DropData& drop_data) {
+  DropData filtered_data(drop_data);
+  // The URL could have been cobbled together from any highlighted text string,
+  // and can't be interpreted as a capability.
+  GetProcess()->FilterURL(true, &filtered_data.url);
+  if (filtered_data.did_originate_from_renderer) {
+    filtered_data.filenames.clear();
+  }
+
+  // The filenames vector, on the other hand, does represent a capability to
+  // access the given files.
+  storage::IsolatedContext::FileInfoSet files;
+  for (auto& filename : filtered_data.filenames) {
+    // Make sure we have the same display_name as the one we register.
+    if (filename.display_name.empty()) {
+      std::string name;
+      files.AddPath(filename.path, &name);
+      filename.display_name = base::FilePath::FromUTF8Unsafe(name);
+    } else {
+      files.AddPathWithName(filename.path,
+                            filename.display_name.AsUTF8Unsafe());
+    }
+  }
+
+  storage::IsolatedContext* isolated_context =
+      storage::IsolatedContext::GetInstance();
+  DCHECK(isolated_context);
+  std::string filesystem_id =
+      isolated_context->RegisterDraggedFileSystem(files);
+  if (!filesystem_id.empty()) {
+    // Grant the permission iff the ID is valid.
+    filesystem_ids_to_grant_permissions_.push_back(filesystem_id);
+  }
+  filtered_data.filesystem_id = base::UTF8ToUTF16(filesystem_id);
+
+  storage::FileSystemContext* file_system_context =
+      BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(),
+                                          GetSiteInstance())
+          ->GetFileSystemContext();
+  for (auto& file_system_file : filtered_data.file_system_files) {
+    storage::FileSystemURL file_system_url =
+        file_system_context->CrackURL(file_system_file.url);
+
+    std::string register_name;
+    std::string filesystem_id = isolated_context->RegisterFileSystemForPath(
+        file_system_url.type(), file_system_url.filesystem_id(),
+        file_system_url.path(), &register_name);
+
+    if (!filesystem_id.empty()) {
+      // Grant the permission iff the ID is valid.
+      filesystem_ids_to_grant_permissions_.push_back(filesystem_id);
+    }
+
+    // Note: We are using the origin URL provided by the sender here. It may be
+    // different from the receiver's.
+    file_system_file.url =
+        GURL(storage::GetIsolatedFileSystemRootURIString(
+                 file_system_url.origin(), filesystem_id, std::string())
+                 .append(register_name));
+  }
+
+  return filtered_data;
+}
+
+void RenderViewHostImpl::GrantPermissionsToDraggedFiles(
+    const DropData& drop_data) {
+  const int renderer_id = GetProcess()->GetID();
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
+
+#if defined(OS_CHROMEOS)
+  // The externalfile:// scheme is used in Chrome OS to open external files in a
+  // browser tab.
+  if (drop_data.url.SchemeIs(content::kExternalFileScheme))
+    policy->GrantRequestURL(renderer_id, drop_data.url);
+#endif
+
+  for (const auto& filename : drop_data.filenames) {
+    // A dragged file may wind up as the value of an input element, or it
+    // may be used as the target of a navigation instead.  We don't know
+    // which will happen at this point, so generously grant both access
+    // and request permissions to the specific file to cover both cases.
+    // We do not give it the permission to request all file:// URLs.
+    policy->GrantRequestSpecificFileURL(renderer_id,
+                                        net::FilePathToFileURL(filename.path));
+
+    // If the renderer already has permission to read these paths, we don't need
+    // to re-grant them. This prevents problems with DnD for files in the CrOS
+    // file manager--the file manager already had read/write access to those
+    // directories, but dragging a file would cause the read/write access to be
+    // overwritten with read-only access, making them impossible to delete or
+    // rename until the renderer was killed.
+    if (!policy->CanReadFile(renderer_id, filename.path))
+      policy->GrantReadFile(renderer_id, filename.path);
+  }
+
+  for (const auto& filesystem_id : filesystem_ids_to_grant_permissions_) {
+    policy->GrantReadFileSystem(renderer_id, filesystem_id);
+  }
+
+  filesystem_ids_to_grant_permissions_.clear();
+}
+
 }  // namespace content