Home | History | Annotate | Download | only in pepper 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/renderer/pepper/pepper_flash_renderer_host.h"
      6 
      7 #include <map>
      8 #include <vector>
      9 
     10 #include "base/lazy_instance.h"
     11 #include "base/metrics/histogram.h"
     12 #include "base/strings/string_util.h"
     13 #include "components/pdf/renderer/ppb_pdf_impl.h"
     14 #include "content/public/renderer/pepper_plugin_instance.h"
     15 #include "content/public/renderer/render_thread.h"
     16 #include "content/public/renderer/renderer_ppapi_host.h"
     17 #include "ipc/ipc_message_macros.h"
     18 #include "net/http/http_util.h"
     19 #include "ppapi/c/pp_errors.h"
     20 #include "ppapi/c/trusted/ppb_browser_font_trusted.h"
     21 #include "ppapi/host/dispatch_host_message.h"
     22 #include "ppapi/proxy/host_dispatcher.h"
     23 #include "ppapi/proxy/ppapi_messages.h"
     24 #include "ppapi/proxy/resource_message_params.h"
     25 #include "ppapi/proxy/serialized_structs.h"
     26 #include "ppapi/thunk/enter.h"
     27 #include "ppapi/thunk/ppb_image_data_api.h"
     28 #include "skia/ext/platform_canvas.h"
     29 #include "third_party/skia/include/core/SkCanvas.h"
     30 #include "third_party/skia/include/core/SkMatrix.h"
     31 #include "third_party/skia/include/core/SkPaint.h"
     32 #include "third_party/skia/include/core/SkPoint.h"
     33 #include "third_party/skia/include/core/SkTemplates.h"
     34 #include "third_party/skia/include/core/SkTypeface.h"
     35 #include "ui/gfx/rect.h"
     36 #include "url/gurl.h"
     37 
     38 using ppapi::thunk::EnterResourceNoLock;
     39 using ppapi::thunk::PPB_ImageData_API;
     40 
     41 namespace {
     42 
     43 // Some non-simple HTTP request headers that Flash may set.
     44 // (Please see http://www.w3.org/TR/cors/#simple-header for the definition of
     45 // simple headers.)
     46 //
     47 // The list and the enum defined below are used to collect data about request
     48 // headers used in PPB_Flash.Navigate() calls, in order to understand the impact
     49 // of rejecting PPB_Flash.Navigate() requests with non-simple headers.
     50 //
     51 // TODO(yzshen): We should be able to remove the histogram recording code once
     52 // we get the answer.
     53 const char* kRejectedHttpRequestHeaders[] = {
     54     "authorization",     //
     55     "cache-control",     //
     56     "content-encoding",  //
     57     "content-md5",       //
     58     "content-type",      // If the media type is not one of those covered by the
     59                          // simple header definition.
     60     "expires",           //
     61     "from",              //
     62     "if-match",          //
     63     "if-none-match",     //
     64     "if-range",          //
     65     "if-unmodified-since",  //
     66     "pragma",               //
     67     "referer"               //
     68 };
     69 
     70 // Please note that new entries should be added right above
     71 // FLASH_NAVIGATE_USAGE_ENUM_COUNT, and existing entries shouldn't be re-ordered
     72 // or removed, since this ordering is used in a histogram.
     73 enum FlashNavigateUsage {
     74   // This section must be in the same order as kRejectedHttpRequestHeaders.
     75   REJECT_AUTHORIZATION = 0,
     76   REJECT_CACHE_CONTROL,
     77   REJECT_CONTENT_ENCODING,
     78   REJECT_CONTENT_MD5,
     79   REJECT_CONTENT_TYPE,
     80   REJECT_EXPIRES,
     81   REJECT_FROM,
     82   REJECT_IF_MATCH,
     83   REJECT_IF_NONE_MATCH,
     84   REJECT_IF_RANGE,
     85   REJECT_IF_UNMODIFIED_SINCE,
     86   REJECT_PRAGMA,
     87   REJECT_REFERER,
     88 
     89   // The navigate request is rejected because of headers not listed above
     90   // (e.g., custom headers).
     91   REJECT_OTHER_HEADERS,
     92 
     93   // Total number of rejected navigate requests.
     94   TOTAL_REJECTED_NAVIGATE_REQUESTS,
     95 
     96   // Total number of navigate requests.
     97   TOTAL_NAVIGATE_REQUESTS,
     98   FLASH_NAVIGATE_USAGE_ENUM_COUNT
     99 };
    100 
    101 static base::LazyInstance<std::map<std::string, FlashNavigateUsage> >
    102     g_rejected_headers = LAZY_INSTANCE_INITIALIZER;
    103 
    104 bool IsSimpleHeader(const std::string& lower_case_header_name,
    105                     const std::string& header_value) {
    106   if (lower_case_header_name == "accept" ||
    107       lower_case_header_name == "accept-language" ||
    108       lower_case_header_name == "content-language") {
    109     return true;
    110   }
    111 
    112   if (lower_case_header_name == "content-type") {
    113     std::string lower_case_mime_type;
    114     std::string lower_case_charset;
    115     bool had_charset = false;
    116     net::HttpUtil::ParseContentType(header_value,
    117                                     &lower_case_mime_type,
    118                                     &lower_case_charset,
    119                                     &had_charset,
    120                                     NULL);
    121     return lower_case_mime_type == "application/x-www-form-urlencoded" ||
    122            lower_case_mime_type == "multipart/form-data" ||
    123            lower_case_mime_type == "text/plain";
    124   }
    125 
    126   return false;
    127 }
    128 
    129 void RecordFlashNavigateUsage(FlashNavigateUsage usage) {
    130   DCHECK_NE(FLASH_NAVIGATE_USAGE_ENUM_COUNT, usage);
    131   UMA_HISTOGRAM_ENUMERATION(
    132       "Plugin.FlashNavigateUsage", usage, FLASH_NAVIGATE_USAGE_ENUM_COUNT);
    133 }
    134 
    135 }  // namespace
    136 
    137 PepperFlashRendererHost::PepperFlashRendererHost(
    138     content::RendererPpapiHost* host,
    139     PP_Instance instance,
    140     PP_Resource resource)
    141     : ResourceHost(host->GetPpapiHost(), instance, resource),
    142       host_(host),
    143       weak_factory_(this) {}
    144 
    145 PepperFlashRendererHost::~PepperFlashRendererHost() {
    146   // This object may be destroyed in the middle of a sync message. If that is
    147   // the case, make sure we respond to all the pending navigate calls.
    148   std::vector<ppapi::host::ReplyMessageContext>::reverse_iterator it;
    149   for (it = navigate_replies_.rbegin(); it != navigate_replies_.rend(); ++it)
    150     SendReply(*it, IPC::Message());
    151 }
    152 
    153 int32_t PepperFlashRendererHost::OnResourceMessageReceived(
    154     const IPC::Message& msg,
    155     ppapi::host::HostMessageContext* context) {
    156   PPAPI_BEGIN_MESSAGE_MAP(PepperFlashRendererHost, msg)
    157     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_GetProxyForURL,
    158                                       OnGetProxyForURL)
    159     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_SetInstanceAlwaysOnTop,
    160                                       OnSetInstanceAlwaysOnTop)
    161     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_DrawGlyphs,
    162                                       OnDrawGlyphs)
    163     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_Navigate, OnNavigate)
    164     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_Flash_IsRectTopmost,
    165                                       OnIsRectTopmost)
    166     PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_Flash_InvokePrinting,
    167                                         OnInvokePrinting)
    168   PPAPI_END_MESSAGE_MAP()
    169   return PP_ERROR_FAILED;
    170 }
    171 
    172 int32_t PepperFlashRendererHost::OnGetProxyForURL(
    173     ppapi::host::HostMessageContext* host_context,
    174     const std::string& url) {
    175   GURL gurl(url);
    176   if (!gurl.is_valid())
    177     return PP_ERROR_FAILED;
    178   std::string proxy;
    179   bool result = content::RenderThread::Get()->ResolveProxy(gurl, &proxy);
    180   if (!result)
    181     return PP_ERROR_FAILED;
    182   host_context->reply_msg = PpapiPluginMsg_Flash_GetProxyForURLReply(proxy);
    183   return PP_OK;
    184 }
    185 
    186 int32_t PepperFlashRendererHost::OnSetInstanceAlwaysOnTop(
    187     ppapi::host::HostMessageContext* host_context,
    188     bool on_top) {
    189   content::PepperPluginInstance* plugin_instance =
    190       host_->GetPluginInstance(pp_instance());
    191   if (plugin_instance)
    192     plugin_instance->SetAlwaysOnTop(on_top);
    193   // Since no reply is sent for this message, it doesn't make sense to return an
    194   // error.
    195   return PP_OK;
    196 }
    197 
    198 int32_t PepperFlashRendererHost::OnDrawGlyphs(
    199     ppapi::host::HostMessageContext* host_context,
    200     ppapi::proxy::PPBFlash_DrawGlyphs_Params params) {
    201   if (params.glyph_indices.size() != params.glyph_advances.size() ||
    202       params.glyph_indices.empty())
    203     return PP_ERROR_FAILED;
    204 
    205   // Set up the typeface.
    206   int style = SkTypeface::kNormal;
    207   if (static_cast<PP_BrowserFont_Trusted_Weight>(params.font_desc.weight) >=
    208       PP_BROWSERFONT_TRUSTED_WEIGHT_BOLD)
    209     style |= SkTypeface::kBold;
    210   if (params.font_desc.italic)
    211     style |= SkTypeface::kItalic;
    212   skia::RefPtr<SkTypeface> typeface = skia::AdoptRef(SkTypeface::CreateFromName(
    213       params.font_desc.face.c_str(), static_cast<SkTypeface::Style>(style)));
    214   if (!typeface)
    215     return PP_ERROR_FAILED;
    216 
    217   EnterResourceNoLock<PPB_ImageData_API> enter(
    218       params.image_data.host_resource(), true);
    219   if (enter.failed())
    220     return PP_ERROR_FAILED;
    221 
    222   // Set up the canvas.
    223   PPB_ImageData_API* image = static_cast<PPB_ImageData_API*>(enter.object());
    224   SkCanvas* canvas = image->GetPlatformCanvas();
    225   bool needs_unmapping = false;
    226   if (!canvas) {
    227     needs_unmapping = true;
    228     image->Map();
    229     canvas = image->GetPlatformCanvas();
    230     if (!canvas)
    231       return PP_ERROR_FAILED;  // Failure mapping.
    232   }
    233 
    234   SkAutoCanvasRestore acr(canvas, true);
    235 
    236   // Clip is applied in pixels before the transform.
    237   SkRect clip_rect = {
    238       SkIntToScalar(params.clip.point.x), SkIntToScalar(params.clip.point.y),
    239       SkIntToScalar(params.clip.point.x + params.clip.size.width),
    240       SkIntToScalar(params.clip.point.y + params.clip.size.height)};
    241   canvas->clipRect(clip_rect);
    242 
    243   // Convert & set the matrix.
    244   SkMatrix matrix;
    245   matrix.set(SkMatrix::kMScaleX, SkFloatToScalar(params.transformation[0][0]));
    246   matrix.set(SkMatrix::kMSkewX, SkFloatToScalar(params.transformation[0][1]));
    247   matrix.set(SkMatrix::kMTransX, SkFloatToScalar(params.transformation[0][2]));
    248   matrix.set(SkMatrix::kMSkewY, SkFloatToScalar(params.transformation[1][0]));
    249   matrix.set(SkMatrix::kMScaleY, SkFloatToScalar(params.transformation[1][1]));
    250   matrix.set(SkMatrix::kMTransY, SkFloatToScalar(params.transformation[1][2]));
    251   matrix.set(SkMatrix::kMPersp0, SkFloatToScalar(params.transformation[2][0]));
    252   matrix.set(SkMatrix::kMPersp1, SkFloatToScalar(params.transformation[2][1]));
    253   matrix.set(SkMatrix::kMPersp2, SkFloatToScalar(params.transformation[2][2]));
    254   canvas->concat(matrix);
    255 
    256   SkPaint paint;
    257   paint.setColor(params.color);
    258   paint.setTextEncoding(SkPaint::kGlyphID_TextEncoding);
    259   paint.setAntiAlias(true);
    260   paint.setHinting(SkPaint::kFull_Hinting);
    261   paint.setTextSize(SkIntToScalar(params.font_desc.size));
    262   paint.setTypeface(typeface.get());  // Takes a ref and manages lifetime.
    263   if (params.allow_subpixel_aa) {
    264     paint.setSubpixelText(true);
    265     paint.setLCDRenderText(true);
    266   }
    267 
    268   SkScalar x = SkIntToScalar(params.position.x);
    269   SkScalar y = SkIntToScalar(params.position.y);
    270 
    271   // Build up the skia advances.
    272   size_t glyph_count = params.glyph_indices.size();
    273   if (glyph_count) {
    274     std::vector<SkPoint> storage;
    275     storage.resize(glyph_count);
    276     SkPoint* sk_positions = &storage[0];
    277     for (uint32_t i = 0; i < glyph_count; i++) {
    278       sk_positions[i].set(x, y);
    279       x += SkFloatToScalar(params.glyph_advances[i].x);
    280       y += SkFloatToScalar(params.glyph_advances[i].y);
    281     }
    282 
    283     canvas->drawPosText(
    284         &params.glyph_indices[0], glyph_count * 2, sk_positions, paint);
    285   }
    286 
    287   if (needs_unmapping)
    288     image->Unmap();
    289 
    290   return PP_OK;
    291 }
    292 
    293 // CAUTION: This code is subtle because Navigate is a sync call which may
    294 // cause re-entrancy or cause the instance to be destroyed. If the instance
    295 // is destroyed we need to ensure that we respond to all outstanding sync
    296 // messages so that the plugin process does not remain blocked.
    297 int32_t PepperFlashRendererHost::OnNavigate(
    298     ppapi::host::HostMessageContext* host_context,
    299     const ppapi::URLRequestInfoData& data,
    300     const std::string& target,
    301     bool from_user_action) {
    302   // If our PepperPluginInstance is already destroyed, just return a failure.
    303   content::PepperPluginInstance* plugin_instance =
    304       host_->GetPluginInstance(pp_instance());
    305   if (!plugin_instance)
    306     return PP_ERROR_FAILED;
    307 
    308   std::map<std::string, FlashNavigateUsage>& rejected_headers =
    309       g_rejected_headers.Get();
    310   if (rejected_headers.empty()) {
    311     for (size_t i = 0; i < arraysize(kRejectedHttpRequestHeaders); ++i)
    312       rejected_headers[kRejectedHttpRequestHeaders[i]] =
    313           static_cast<FlashNavigateUsage>(i);
    314   }
    315 
    316   net::HttpUtil::HeadersIterator header_iter(
    317       data.headers.begin(), data.headers.end(), "\n\r");
    318   bool rejected = false;
    319   while (header_iter.GetNext()) {
    320     std::string lower_case_header_name =
    321         base::StringToLowerASCII(header_iter.name());
    322     if (!IsSimpleHeader(lower_case_header_name, header_iter.values())) {
    323       rejected = true;
    324 
    325       std::map<std::string, FlashNavigateUsage>::const_iterator iter =
    326           rejected_headers.find(lower_case_header_name);
    327       FlashNavigateUsage usage =
    328           iter != rejected_headers.end() ? iter->second : REJECT_OTHER_HEADERS;
    329       RecordFlashNavigateUsage(usage);
    330     }
    331   }
    332 
    333   RecordFlashNavigateUsage(TOTAL_NAVIGATE_REQUESTS);
    334   if (rejected) {
    335     RecordFlashNavigateUsage(TOTAL_REJECTED_NAVIGATE_REQUESTS);
    336     return PP_ERROR_NOACCESS;
    337   }
    338 
    339   // Navigate may call into Javascript (e.g. with a "javascript:" URL),
    340   // or do things like navigate away from the page, either one of which will
    341   // need to re-enter into the plugin. It is safe, because it is essentially
    342   // equivalent to NPN_GetURL, where Flash would expect re-entrancy.
    343   ppapi::proxy::HostDispatcher* host_dispatcher =
    344       ppapi::proxy::HostDispatcher::GetForInstance(pp_instance());
    345   host_dispatcher->set_allow_plugin_reentrancy();
    346 
    347   // Grab a weak pointer to ourselves on the stack so we can check if we are
    348   // still alive.
    349   base::WeakPtr<PepperFlashRendererHost> weak_ptr = weak_factory_.GetWeakPtr();
    350   // Keep track of reply contexts in case we are destroyed during a Navigate
    351   // call. Even if we are destroyed, we still need to send these replies to
    352   // unblock the plugin process.
    353   navigate_replies_.push_back(host_context->MakeReplyMessageContext());
    354   plugin_instance->Navigate(data, target.c_str(), from_user_action);
    355   // This object might have been destroyed by this point. If it is destroyed
    356   // the reply will be sent in the destructor. Otherwise send the reply here.
    357   if (weak_ptr.get()) {
    358     SendReply(navigate_replies_.back(), IPC::Message());
    359     navigate_replies_.pop_back();
    360   }
    361 
    362   // Return PP_OK_COMPLETIONPENDING so that no reply is automatically sent.
    363   return PP_OK_COMPLETIONPENDING;
    364 }
    365 
    366 int32_t PepperFlashRendererHost::OnIsRectTopmost(
    367     ppapi::host::HostMessageContext* host_context,
    368     const PP_Rect& rect) {
    369   content::PepperPluginInstance* plugin_instance =
    370       host_->GetPluginInstance(pp_instance());
    371   if (plugin_instance &&
    372       plugin_instance->IsRectTopmost(gfx::Rect(
    373           rect.point.x, rect.point.y, rect.size.width, rect.size.height)))
    374     return PP_OK;
    375   return PP_ERROR_FAILED;
    376 }
    377 
    378 int32_t PepperFlashRendererHost::OnInvokePrinting(
    379     ppapi::host::HostMessageContext* host_context) {
    380   pdf::PPB_PDF_Impl::InvokePrintingForInstance(pp_instance());
    381   return PP_OK;
    382 }
    383