diff options
Diffstat (limited to '')
-rw-r--r-- | dom/base/nsFrameLoader.h | 579 |
1 files changed, 579 insertions, 0 deletions
diff --git a/dom/base/nsFrameLoader.h b/dom/base/nsFrameLoader.h new file mode 100644 index 0000000000..159e3865a6 --- /dev/null +++ b/dom/base/nsFrameLoader.h @@ -0,0 +1,579 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Class for managing loading of a subframe (creation of the docshell, + * handling of loads in it, recursion-checking). + */ + +#ifndef nsFrameLoader_h_ +#define nsFrameLoader_h_ + +#include <cstdint> +#include "ErrorList.h" +#include "Units.h" +#include "js/RootingAPI.h" +#include "mozilla/AlreadyAddRefed.h" +#include "mozilla/Assertions.h" +#include "mozilla/Attributes.h" +#include "mozilla/LinkedList.h" +#include "mozilla/RefPtr.h" +#include "mozilla/dom/BrowsingContext.h" +#include "mozilla/dom/Nullable.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/dom/ReferrerPolicyBinding.h" +#include "mozilla/dom/WindowProxyHolder.h" +#include "mozilla/dom/ipc/IdType.h" +#include "mozilla/layers/LayersTypes.h" +#include "nsCOMPtr.h" +#include "nsCycleCollectionParticipant.h" +#include "nsDocShell.h" +#include "mozilla/dom/MessageManagerCallback.h" +#include "nsID.h" +#include "nsIFrame.h" +#include "nsIMutationObserver.h" +#include "nsISupports.h" +#include "nsRect.h" +#include "nsStringFwd.h" +#include "nsStubMutationObserver.h" +#include "nsWrapperCache.h" + +class nsIURI; +class nsSubDocumentFrame; +class AutoResetInShow; +class AutoResetInFrameSwap; +class nsFrameLoaderOwner; +class nsIRemoteTab; +class nsIDocShellTreeItem; +class nsIDocShellTreeOwner; +class nsILoadContext; +class nsIPrintSettings; +class nsIWebBrowserPersistDocumentReceiver; +class nsIWebProgressListener; +class nsIOpenWindowInfo; + +namespace mozilla { + +class OriginAttributes; + +namespace dom { +class ChromeMessageSender; +class ContentParent; +class Document; +class Element; +class InProcessBrowserChildMessageManager; +class MessageSender; +class ProcessMessageManager; +class BrowserParent; +class MutableTabContext; +class BrowserBridgeChild; +class RemoteBrowser; +struct RemotenessOptions; +struct NavigationIsolationOptions; +class SessionStoreChild; +class SessionStoreParent; + +struct LazyLoadFrameResumptionState { + RefPtr<nsIURI> mBaseURI; + ReferrerPolicy mReferrerPolicy = ReferrerPolicy::_empty; + + void Clear() { + mBaseURI = nullptr; + mReferrerPolicy = ReferrerPolicy::_empty; + } +}; + +namespace ipc { +class StructuredCloneData; +} // namespace ipc + +} // namespace dom + +namespace ipc { +class MessageChannel; +} // namespace ipc +} // namespace mozilla + +#if defined(MOZ_WIDGET_GTK) +typedef struct _GtkWidget GtkWidget; +#endif + +// IID for nsFrameLoader, because some places want to QI to it. +#define NS_FRAMELOADER_IID \ + { \ + 0x297fd0ea, 0x1b4a, 0x4c9a, { \ + 0xa4, 0x04, 0xe5, 0x8b, 0xe8, 0x95, 0x10, 0x50 \ + } \ + } + +class nsFrameLoader final : public nsStubMutationObserver, + public mozilla::dom::ipc::MessageManagerCallback, + public nsWrapperCache, + public mozilla::LinkedListElement<nsFrameLoader> { + friend class AutoResetInShow; + friend class AutoResetInFrameSwap; + friend class nsFrameLoaderOwner; + using Document = mozilla::dom::Document; + using Element = mozilla::dom::Element; + using BrowserParent = mozilla::dom::BrowserParent; + using BrowserBridgeChild = mozilla::dom::BrowserBridgeChild; + using BrowsingContext = mozilla::dom::BrowsingContext; + using BrowsingContextGroup = mozilla::dom::BrowsingContextGroup; + using Promise = mozilla::dom::Promise; + + public: + // Called by Frame Elements to create a new FrameLoader. + static already_AddRefed<nsFrameLoader> Create( + Element* aOwner, bool aNetworkCreated, + nsIOpenWindowInfo* aOpenWindowInfo = nullptr); + + // Called by nsFrameLoaderOwner::ChangeRemoteness when switching out + // FrameLoaders. + static already_AddRefed<nsFrameLoader> Recreate( + Element* aOwner, BrowsingContext* aContext, BrowsingContextGroup* aGroup, + const mozilla::dom::NavigationIsolationOptions& aRemotenessOptions, + bool aIsRemote, bool aNetworkCreated, bool aPreserveContext); + + NS_DECLARE_STATIC_IID_ACCESSOR(NS_FRAMELOADER_IID) + + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS(nsFrameLoader) + + NS_DECL_NSIMUTATIONOBSERVER_ATTRIBUTECHANGED + nsresult CheckForRecursiveLoad(nsIURI* aURI); + nsresult ReallyStartLoading(); + void StartDestroy(bool aForProcessSwitch); + void DestroyDocShell(); + void DestroyComplete(); + nsDocShell* GetExistingDocShell() const { return mDocShell; } + mozilla::dom::InProcessBrowserChildMessageManager* + GetBrowserChildMessageManager() const { + return mChildMessageManager; + } + nsresult UpdatePositionAndSize(nsSubDocumentFrame* aIFrame); + void PropagateIsUnderHiddenEmbedderElement( + bool aIsUnderHiddenEmbedderElement); + + void UpdateRemoteStyle(mozilla::StyleImageRendering aImageRendering); + + // When creating a nsFrameLoaderOwner which is a static clone, a + // `nsFrameLoader` is not immediately attached to it. Instead, it is added to + // the static clone document's `PendingFrameStaticClones` list. + // + // After the parent document has been fully cloned, a new frameloader will be + // created for the cloned iframe, and `FinishStaticClone` will be called on + // it, which will clone the inner document of the source nsFrameLoader. + nsresult FinishStaticClone(nsFrameLoader* aStaticCloneOf, + nsIPrintSettings* aPrintSettings, + bool* aOutHasInProcessPrintCallbacks); + + nsresult DoRemoteStaticClone(nsFrameLoader* aStaticCloneOf, + nsIPrintSettings* aPrintSettings); + + // WebIDL methods + + nsDocShell* GetDocShell(mozilla::ErrorResult& aRv); + + already_AddRefed<nsIRemoteTab> GetRemoteTab(); + + already_AddRefed<nsILoadContext> GetLoadContext(); + + mozilla::dom::BrowsingContext* GetBrowsingContext(); + mozilla::dom::BrowsingContext* GetExtantBrowsingContext(); + mozilla::dom::BrowsingContext* GetMaybePendingBrowsingContext() { + return mPendingBrowsingContext; + } + + /** + * Start loading the frame. This method figures out what to load + * from the owner content in the frame loader. + */ + void LoadFrame(bool aOriginalSrc); + + /** + * Loads the specified URI in this frame. Behaves identically to loadFrame, + * except that this method allows specifying the URI to load. + * + * @param aURI The URI to load. + * @param aTriggeringPrincipal The triggering principal for the load. May be + * null, in which case the node principal of the owner content will be + * used. + * @param aCsp The CSP to be used for the load. That is not the CSP to be + * applied to subresources within the frame, but to the iframe load + * itself. E.g. if the CSP holds upgrade-insecure-requests the the + * frame load is upgraded from http to https. + */ + nsresult LoadURI(nsIURI* aURI, nsIPrincipal* aTriggeringPrincipal, + nsIContentSecurityPolicy* aCsp, bool aOriginalSrc); + + /** + * Resume a redirected load within this frame. + * + * @param aPendingSwitchID ID of a process-switching load to be reusmed + * within this frame. + */ + void ResumeLoad(uint64_t aPendingSwitchID); + + /** + * Destroy the frame loader and everything inside it. This will + * clear the weak owner content reference. + */ + void Destroy(bool aForProcessSwitch = false); + + void AsyncDestroy() { + mNeedsAsyncDestroy = true; + Destroy(); + } + + void RequestUpdatePosition(mozilla::ErrorResult& aRv); + + already_AddRefed<Promise> RequestTabStateFlush(mozilla::ErrorResult& aRv); + + void RequestEpochUpdate(uint32_t aEpoch); + + void RequestSHistoryUpdate(); + + MOZ_CAN_RUN_SCRIPT already_AddRefed<Promise> PrintPreview( + nsIPrintSettings* aPrintSettings, BrowsingContext* aSourceBC, + mozilla::ErrorResult& aRv); + + void ExitPrintPreview(); + + void StartPersistence(BrowsingContext* aContext, + nsIWebBrowserPersistDocumentReceiver* aRecv, + mozilla::ErrorResult& aRv); + + // WebIDL getters + + already_AddRefed<mozilla::dom::MessageSender> GetMessageManager(); + + already_AddRefed<Element> GetOwnerElement(); + + uint32_t LazyWidth() const; + + uint32_t LazyHeight() const; + + uint64_t ChildID() const { return mChildID; } + + bool DepthTooGreat() const { return mDepthTooGreat; } + + bool IsDead() const { return mDestroyCalled; } + + bool IsNetworkCreated() const { return mNetworkCreated; } + + /** + * Is this a frame loader for a bona fide <iframe mozbrowser>? + * <xul:browser> is not a mozbrowser, so this is false for that case. + */ + bool OwnerIsMozBrowserFrame(); + + nsIContent* GetParentObject() const; + + /** + * MessageManagerCallback methods that we override. + */ + virtual bool DoLoadMessageManagerScript(const nsAString& aURL, + bool aRunInGlobalScope) override; + virtual nsresult DoSendAsyncMessage( + const nsAString& aMessage, + mozilla::dom::ipc::StructuredCloneData& aData) override; + + /** + * Called from the layout frame associated with this frame loader; + * this notifies us to hook up with the widget and view. + */ + MOZ_CAN_RUN_SCRIPT_BOUNDARY bool Show(nsSubDocumentFrame*); + + void MaybeShowFrame(); + + /** + * Called when the margin properties of the containing frame are changed. + */ + void MarginsChanged(); + + /** + * Called from the layout frame associated with this frame loader, when + * the frame is being torn down; this notifies us that out widget and view + * are going away and we should unhook from them. + */ + void Hide(); + + // Used when content is causing a FrameLoader to be created, and + // needs to try forcing layout to flush in order to get accurate + // dimensions for the content area. + MOZ_CAN_RUN_SCRIPT_BOUNDARY void ForceLayoutIfNecessary(); + + // The guts of an nsFrameLoaderOwner::SwapFrameLoader implementation. A + // frame loader owner needs to call this, and pass in the two references to + // nsRefPtrs for frame loaders that need to be swapped. + nsresult SwapWithOtherLoader(nsFrameLoader* aOther, + nsFrameLoaderOwner* aThisOwner, + nsFrameLoaderOwner* aOtherOwner); + + nsresult SwapWithOtherRemoteLoader(nsFrameLoader* aOther, + nsFrameLoaderOwner* aThisOwner, + nsFrameLoaderOwner* aOtherOwner); + + /** + * Return the primary frame for our owning content, or null if it + * can't be found. + */ + nsIFrame* GetPrimaryFrameOfOwningContent() const; + + /** + * Return the document that owns this, or null if we don't have + * an owner. + */ + Document* GetOwnerDoc() const; + + /** + * Returns whether this frame is a remote frame. + * + * This is true for either a top-level remote browser in the parent process, + * or a remote subframe in the child process. + */ + bool IsRemoteFrame(); + + mozilla::dom::RemoteBrowser* GetRemoteBrowser() const; + + /** + * Returns the IPDL actor used if this is a top-level remote browser, or null + * otherwise. + */ + BrowserParent* GetBrowserParent() const; + + /** + * Returns the IPDL actor used if this is an out-of-process iframe, or null + * otherwise. + */ + BrowserBridgeChild* GetBrowserBridgeChild() const; + + /** + * Returns the layers ID that this remote frame is using to render. + * + * This must only be called if this is a remote frame. + */ + mozilla::layers::LayersId GetLayersId() const; + + mozilla::dom::ChromeMessageSender* GetFrameMessageManager() { + return mMessageManager; + } + + mozilla::dom::Element* GetOwnerContent() { return mOwnerContent; } + + /** + * Stashes a detached nsIFrame on the frame loader. We do this when we're + * destroying the nsSubDocumentFrame. If the nsSubdocumentFrame is + * being reframed we'll restore the detached nsIFrame when it's recreated, + * otherwise we'll discard the old presentation and set the detached + * subdoc nsIFrame to null. + */ + void SetDetachedSubdocFrame(nsIFrame* aDetachedFrame); + + /** + * Retrieves the detached nsIFrame as set by SetDetachedSubdocFrame(). + */ + nsIFrame* GetDetachedSubdocFrame(bool* aOutIsSet = nullptr) const; + + /** + * Applies a new set of sandbox flags. These are merged with the sandbox + * flags from our owning content's owning document with a logical OR, this + * ensures that we can only add restrictions and never remove them. + */ + void ApplySandboxFlags(uint32_t sandboxFlags); + + void GetURL(nsString& aURL, nsIPrincipal** aTriggeringPrincipal, + nsIContentSecurityPolicy** aCsp); + + // Properly retrieves documentSize of any subdocument type. + nsresult GetWindowDimensions(nsIntRect& aRect); + + virtual mozilla::dom::ProcessMessageManager* GetProcessMessageManager() + const override; + + // public because a callback needs these. + RefPtr<mozilla::dom::ChromeMessageSender> mMessageManager; + RefPtr<mozilla::dom::InProcessBrowserChildMessageManager> + mChildMessageManager; + + virtual JSObject* WrapObject(JSContext* cx, + JS::Handle<JSObject*> aGivenProto) override; + + void SetWillChangeProcess(); + + // Configure which remote process should be used to host the remote browser + // created in `TryRemoteBrowser`. This method _must_ be called before + // `TryRemoteBrowser`, and a script blocker must be on the stack. + // + // |aContentParent|, if set, must have the remote type |aRemoteType|. + void ConfigRemoteProcess(const nsACString& aRemoteType, + mozilla::dom::ContentParent* aContentParent); + + // TODO: Convert this to MOZ_CAN_RUN_SCRIPT (bug 1415230) + MOZ_CAN_RUN_SCRIPT_BOUNDARY void MaybeNotifyCrashed( + mozilla::dom::BrowsingContext* aBrowsingContext, + mozilla::dom::ContentParentId aChildID, + mozilla::ipc::MessageChannel* aChannel); + + void FireErrorEvent(); + + mozilla::dom::SessionStoreChild* GetSessionStoreChild() { + return mSessionStoreChild; + } + + mozilla::dom::SessionStoreParent* GetSessionStoreParent(); + + private: + nsFrameLoader(mozilla::dom::Element* aOwner, + mozilla::dom::BrowsingContext* aBrowsingContext, bool aIsRemote, + bool aNetworkCreated); + ~nsFrameLoader(); + + void SetOwnerContent(mozilla::dom::Element* aContent); + + /** + * Get our owning element's app manifest URL, or return the empty string if + * our owning element doesn't have an app manifest URL. + */ + void GetOwnerAppManifestURL(nsAString& aOut); + + /** + * If we are an IPC frame, set mRemoteFrame. Otherwise, create and + * initialize mDocShell. + */ + nsresult MaybeCreateDocShell(); + nsresult EnsureMessageManager(); + nsresult ReallyLoadFrameScripts(); + nsDocShell* GetDocShell() const { return mDocShell; } + + void AssertSafeToInit(); + + // Updates the subdocument position and size. This gets called only + // when we have our own in-process DocShell. + void UpdateBaseWindowPositionAndSize(nsSubDocumentFrame* aIFrame); + + /** + * Checks whether a load of the given URI should be allowed, and returns an + * error result if it should not. + * + * @param aURI The URI to check. + * @param aTriggeringPrincipal The triggering principal for the load. May be + * null, in which case the node principal of the owner content is used. + */ + nsresult CheckURILoad(nsIURI* aURI, nsIPrincipal* aTriggeringPrincipal); + nsresult ReallyStartLoadingInternal(); + + // Returns true if we have a remote browser or else attempts to create a + // remote browser and returns true if successful. + bool EnsureRemoteBrowser(); + + // Return true if remote browser created; nothing else to do + bool TryRemoteBrowser(); + bool TryRemoteBrowserInternal(); + + // Tell the remote browser that it's now "virtually visible" + bool ShowRemoteFrame(const mozilla::ScreenIntSize& size, + nsSubDocumentFrame* aFrame = nullptr); + + void AddTreeItemToTreeOwner(nsIDocShellTreeItem* aItem, + nsIDocShellTreeOwner* aOwner); + + void InitializeBrowserAPI(); + void DestroyBrowserFrameScripts(); + + nsresult GetNewTabContext(mozilla::dom::MutableTabContext* aTabContext, + nsIURI* aURI = nullptr); + + enum BrowserParentChange { eBrowserParentRemoved, eBrowserParentChanged }; + void MaybeUpdatePrimaryBrowserParent(BrowserParentChange aChange); + + nsresult PopulateOriginContextIdsFromAttributes( + mozilla::OriginAttributes& aAttr); + + bool EnsureBrowsingContextAttached(); + + // Invoke the callback from nsOpenWindowInfo to indicate that a + // browsing context for a newly opened tab/window is ready. + void InvokeBrowsingContextReadyCallback(); + + void RequestFinalTabStateFlush(); + + const mozilla::dom::LazyLoadFrameResumptionState& + GetLazyLoadFrameResumptionState(); + + RefPtr<mozilla::dom::BrowsingContext> mPendingBrowsingContext; + nsCOMPtr<nsIURI> mURIToLoad; + nsCOMPtr<nsIPrincipal> mTriggeringPrincipal; + nsCOMPtr<nsIContentSecurityPolicy> mCsp; + nsCOMPtr<nsIOpenWindowInfo> mOpenWindowInfo; + mozilla::dom::Element* mOwnerContent; // WEAK + + // After the frameloader has been removed from the DOM but before all of the + // messages from the frame have been received, we keep a strong reference to + // our <browser> element. + RefPtr<mozilla::dom::Element> mOwnerContentStrong; + + // Stores the root frame of the subdocument while the subdocument is being + // reframed. Used to restore the presentation after reframing. + WeakFrame mDetachedSubdocFrame; + + // When performing a process switch, this value is used rather than mURIToLoad + // to identify the process-switching load which should be resumed in the + // target process. + uint64_t mPendingSwitchID; + + uint64_t mChildID; + RefPtr<mozilla::dom::RemoteBrowser> mRemoteBrowser; + RefPtr<nsDocShell> mDocShell; + + // Holds the last known size of the frame. + mozilla::ScreenIntSize mLazySize; + + // Actor for collecting session store data from content children. This will be + // cleared and set to null eagerly when taking down the frameloader to break + // refcounted cycles early. + RefPtr<mozilla::dom::SessionStoreChild> mSessionStoreChild; + + nsCString mRemoteType; + + bool mInitialized : 1; + bool mDepthTooGreat : 1; + bool mIsTopLevelContent : 1; + bool mDestroyCalled : 1; + bool mNeedsAsyncDestroy : 1; + bool mInSwap : 1; + bool mInShow : 1; + bool mHideCalled : 1; + // True when the object is created for an element which the parser has + // created using NS_FROM_PARSER_NETWORK flag. If the element is modified, + // it may lose the flag. + bool mNetworkCreated : 1; + + // True if a pending load corresponds to the original src (or srcdoc) + // attribute of the frame element. + bool mLoadingOriginalSrc : 1; + + bool mRemoteBrowserShown : 1; + bool mIsRemoteFrame : 1; + // If true, the FrameLoader will be re-created with the same BrowsingContext, + // but for a different process, after it is destroyed. + bool mWillChangeProcess : 1; + bool mObservingOwnerContent : 1; + // Whether we had a (possibly dead now) mDetachedSubdocFrame. + bool mHadDetachedFrame : 1; + + // When an out-of-process nsFrameLoader crashes, an event is fired on the + // frame. To ensure this is only fired once, this bit is checked. + bool mTabProcessCrashFired : 1; +}; + +NS_DEFINE_STATIC_IID_ACCESSOR(nsFrameLoader, NS_FRAMELOADER_IID) + +inline nsISupports* ToSupports(nsFrameLoader* aFrameLoader) { + return aFrameLoader; +} + +#endif |