| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/render_view_host_impl.h" | 5 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <utility> | 9 #include <utility> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 838 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 849 IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateState, OnUpdateState) | 849 IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateState, OnUpdateState) |
| 850 IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateTargetURL, OnUpdateTargetURL) | 850 IPC_MESSAGE_HANDLER(ViewHostMsg_UpdateTargetURL, OnUpdateTargetURL) |
| 851 IPC_MESSAGE_HANDLER(ViewHostMsg_Close, OnClose) | 851 IPC_MESSAGE_HANDLER(ViewHostMsg_Close, OnClose) |
| 852 IPC_MESSAGE_HANDLER(ViewHostMsg_RequestMove, OnRequestMove) | 852 IPC_MESSAGE_HANDLER(ViewHostMsg_RequestMove, OnRequestMove) |
| 853 IPC_MESSAGE_HANDLER(ViewHostMsg_DocumentAvailableInMainFrame, | 853 IPC_MESSAGE_HANDLER(ViewHostMsg_DocumentAvailableInMainFrame, |
| 854 OnDocumentAvailableInMainFrame) | 854 OnDocumentAvailableInMainFrame) |
| 855 IPC_MESSAGE_HANDLER(ViewHostMsg_DidContentsPreferredSizeChange, | 855 IPC_MESSAGE_HANDLER(ViewHostMsg_DidContentsPreferredSizeChange, |
| 856 OnDidContentsPreferredSizeChange) | 856 OnDidContentsPreferredSizeChange) |
| 857 IPC_MESSAGE_HANDLER(ViewHostMsg_RouteCloseEvent, | 857 IPC_MESSAGE_HANDLER(ViewHostMsg_RouteCloseEvent, |
| 858 OnRouteCloseEvent) | 858 OnRouteCloseEvent) |
| 859 IPC_MESSAGE_HANDLER(DragHostMsg_StartDragging, OnStartDragging) | |
| 860 IPC_MESSAGE_HANDLER(DragHostMsg_UpdateDragCursor, OnUpdateDragCursor) | 859 IPC_MESSAGE_HANDLER(DragHostMsg_UpdateDragCursor, OnUpdateDragCursor) |
| 861 IPC_MESSAGE_HANDLER(ViewHostMsg_TakeFocus, OnTakeFocus) | 860 IPC_MESSAGE_HANDLER(ViewHostMsg_TakeFocus, OnTakeFocus) |
| 862 IPC_MESSAGE_HANDLER(ViewHostMsg_FocusedNodeChanged, OnFocusedNodeChanged) | 861 IPC_MESSAGE_HANDLER(ViewHostMsg_FocusedNodeChanged, OnFocusedNodeChanged) |
| 863 IPC_MESSAGE_HANDLER(ViewHostMsg_ClosePage_ACK, OnClosePageACK) | 862 IPC_MESSAGE_HANDLER(ViewHostMsg_ClosePage_ACK, OnClosePageACK) |
| 864 IPC_MESSAGE_HANDLER(ViewHostMsg_DidZoomURL, OnDidZoomURL) | 863 IPC_MESSAGE_HANDLER(ViewHostMsg_DidZoomURL, OnDidZoomURL) |
| 865 IPC_MESSAGE_HANDLER(ViewHostMsg_Focus, OnFocus) | 864 IPC_MESSAGE_HANDLER(ViewHostMsg_Focus, OnFocus) |
| 866 IPC_MESSAGE_HANDLER(ViewHostMsg_FocusedNodeTouched, OnFocusedNodeTouched) | 865 IPC_MESSAGE_HANDLER(ViewHostMsg_FocusedNodeTouched, OnFocusedNodeTouched) |
| 867 IPC_MESSAGE_UNHANDLED(handled = false) | 866 IPC_MESSAGE_UNHANDLED(handled = false) |
| 868 IPC_END_MESSAGE_MAP() | 867 IPC_END_MESSAGE_MAP() |
| 869 | 868 |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 992 void RenderViewHostImpl::OnDidContentsPreferredSizeChange( | 991 void RenderViewHostImpl::OnDidContentsPreferredSizeChange( |
| 993 const gfx::Size& new_size) { | 992 const gfx::Size& new_size) { |
| 994 delegate_->UpdatePreferredSize(new_size); | 993 delegate_->UpdatePreferredSize(new_size); |
| 995 } | 994 } |
| 996 | 995 |
| 997 void RenderViewHostImpl::OnRouteCloseEvent() { | 996 void RenderViewHostImpl::OnRouteCloseEvent() { |
| 998 // Have the delegate route this to the active RenderViewHost. | 997 // Have the delegate route this to the active RenderViewHost. |
| 999 delegate_->RouteCloseEvent(this); | 998 delegate_->RouteCloseEvent(this); |
| 1000 } | 999 } |
| 1001 | 1000 |
| 1002 void RenderViewHostImpl::OnStartDragging( | |
| 1003 const DropData& drop_data, | |
| 1004 WebDragOperationsMask drag_operations_mask, | |
| 1005 const SkBitmap& bitmap, | |
| 1006 const gfx::Vector2d& bitmap_offset_in_dip, | |
| 1007 const DragEventSourceInfo& event_info) { | |
| 1008 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); | |
| 1009 if (!view) { | |
| 1010 // Need to clear drag and drop state in blink. | |
| 1011 DragSourceSystemDragEnded(); | |
| 1012 return; | |
| 1013 } | |
| 1014 | |
| 1015 DropData filtered_data(drop_data); | |
| 1016 RenderProcessHost* process = GetProcess(); | |
| 1017 ChildProcessSecurityPolicyImpl* policy = | |
| 1018 ChildProcessSecurityPolicyImpl::GetInstance(); | |
| 1019 | |
| 1020 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. | |
| 1021 if (!filtered_data.url.SchemeIs(url::kJavaScriptScheme)) | |
| 1022 process->FilterURL(true, &filtered_data.url); | |
| 1023 process->FilterURL(false, &filtered_data.html_base_url); | |
| 1024 // Filter out any paths that the renderer didn't have access to. This prevents | |
| 1025 // the following attack on a malicious renderer: | |
| 1026 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it | |
| 1027 // doesn't have read permissions for. | |
| 1028 // 2. We initiate a native DnD operation. | |
| 1029 // 3. DnD operation immediately ends since mouse is not held down. DnD events | |
| 1030 // still fire though, which causes read permissions to be granted to the | |
| 1031 // renderer for any file paths in the drop. | |
| 1032 filtered_data.filenames.clear(); | |
| 1033 for (std::vector<ui::FileInfo>::const_iterator it = | |
| 1034 drop_data.filenames.begin(); | |
| 1035 it != drop_data.filenames.end(); | |
| 1036 ++it) { | |
| 1037 if (policy->CanReadFile(GetProcess()->GetID(), it->path)) | |
| 1038 filtered_data.filenames.push_back(*it); | |
| 1039 } | |
| 1040 | |
| 1041 storage::FileSystemContext* file_system_context = | |
| 1042 BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(), | |
| 1043 GetSiteInstance()) | |
| 1044 ->GetFileSystemContext(); | |
| 1045 filtered_data.file_system_files.clear(); | |
| 1046 for (size_t i = 0; i < drop_data.file_system_files.size(); ++i) { | |
| 1047 storage::FileSystemURL file_system_url = | |
| 1048 file_system_context->CrackURL(drop_data.file_system_files[i].url); | |
| 1049 if (policy->CanReadFileSystemFile(GetProcess()->GetID(), file_system_url)) | |
| 1050 filtered_data.file_system_files.push_back(drop_data.file_system_files[i]); | |
| 1051 } | |
| 1052 | |
| 1053 float scale = GetScaleFactorForView(GetWidget()->GetView()); | |
| 1054 gfx::ImageSkia image(gfx::ImageSkiaRep(bitmap, scale)); | |
| 1055 view->StartDragging(filtered_data, drag_operations_mask, image, | |
| 1056 bitmap_offset_in_dip, event_info); | |
| 1057 } | |
| 1058 | |
| 1059 void RenderViewHostImpl::OnUpdateDragCursor(WebDragOperation current_op) { | 1001 void RenderViewHostImpl::OnUpdateDragCursor(WebDragOperation current_op) { |
| 1060 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); | 1002 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); |
| 1061 if (view) | 1003 if (view) |
| 1062 view->UpdateDragCursor(current_op); | 1004 view->UpdateDragCursor(current_op); |
| 1063 } | 1005 } |
| 1064 | 1006 |
| 1065 void RenderViewHostImpl::OnTakeFocus(bool reverse) { | 1007 void RenderViewHostImpl::OnTakeFocus(bool reverse) { |
| 1066 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); | 1008 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); |
| 1067 if (view) | 1009 if (view) |
| 1068 view->TakeFocus(reverse); | 1010 view->TakeFocus(reverse); |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1322 // Note: We are using the origin URL provided by the sender here. It may be | 1264 // Note: We are using the origin URL provided by the sender here. It may be |
| 1323 // different from the receiver's. | 1265 // different from the receiver's. |
| 1324 file_system_file.url = | 1266 file_system_file.url = |
| 1325 GURL(storage::GetIsolatedFileSystemRootURIString( | 1267 GURL(storage::GetIsolatedFileSystemRootURIString( |
| 1326 file_system_url.origin(), filesystem_id, std::string()) | 1268 file_system_url.origin(), filesystem_id, std::string()) |
| 1327 .append(register_name)); | 1269 .append(register_name)); |
| 1328 } | 1270 } |
| 1329 } | 1271 } |
| 1330 | 1272 |
| 1331 } // namespace content | 1273 } // namespace content |
| OLD | NEW |