Home | History | Annotate | Download | only in renderer 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_RENDERER_CONTENT_SETTINGS_OBSERVER_H_
      6 #define CHROME_RENDERER_CONTENT_SETTINGS_OBSERVER_H_
      7 
      8 #include <map>
      9 #include <set>
     10 
     11 #include "components/content_settings/core/common/content_settings.h"
     12 #include "components/content_settings/core/common/content_settings_types.h"
     13 #include "content/public/renderer/render_frame_observer.h"
     14 #include "content/public/renderer/render_frame_observer_tracker.h"
     15 #include "third_party/WebKit/public/web/WebPermissionClient.h"
     16 
     17 class GURL;
     18 
     19 namespace blink {
     20 class WebFrame;
     21 class WebSecurityOrigin;
     22 class WebURL;
     23 }
     24 
     25 namespace extensions {
     26 class Dispatcher;
     27 class Extension;
     28 }
     29 
     30 // Handles blocking content per content settings for each RenderFrame.
     31 class ContentSettingsObserver
     32     : public content::RenderFrameObserver,
     33       public content::RenderFrameObserverTracker<ContentSettingsObserver>,
     34       public blink::WebPermissionClient {
     35  public:
     36   ContentSettingsObserver(content::RenderFrame* render_frame,
     37                           extensions::Dispatcher* extension_dispatcher);
     38   virtual ~ContentSettingsObserver();
     39 
     40   // Sets the content setting rules which back |AllowImage()|, |AllowScript()|,
     41   // and |AllowScriptFromSource()|. |content_setting_rules| must outlive this
     42   // |ContentSettingsObserver|.
     43   void SetContentSettingRules(
     44       const RendererContentSettingRules* content_setting_rules);
     45 
     46   bool IsPluginTemporarilyAllowed(const std::string& identifier);
     47 
     48   // Sends an IPC notification that the specified content type was blocked.
     49   void DidBlockContentType(ContentSettingsType settings_type);
     50 
     51   // blink::WebPermissionClient implementation.
     52   virtual bool allowDatabase(const blink::WebString& name,
     53                              const blink::WebString& display_name,
     54                              unsigned long estimated_size) OVERRIDE;
     55   virtual void requestFileSystemAccessAsync(
     56       const blink::WebPermissionCallbacks& callbacks) OVERRIDE;
     57   virtual bool allowImage(bool enabled_per_settings,
     58                           const blink::WebURL& image_url) OVERRIDE;
     59   virtual bool allowIndexedDB(const blink::WebString& name,
     60                               const blink::WebSecurityOrigin& origin) OVERRIDE;
     61   virtual bool allowPlugins(bool enabled_per_settings) OVERRIDE;
     62   virtual bool allowScript(bool enabled_per_settings) OVERRIDE;
     63   virtual bool allowScriptFromSource(bool enabled_per_settings,
     64                                      const blink::WebURL& script_url) OVERRIDE;
     65   virtual bool allowStorage(bool local) OVERRIDE;
     66   virtual bool allowReadFromClipboard(bool default_value) OVERRIDE;
     67   virtual bool allowWriteToClipboard(bool default_value) OVERRIDE;
     68   virtual bool allowMutationEvents(bool default_value) OVERRIDE;
     69   virtual bool allowPushState() OVERRIDE;
     70   virtual void didNotAllowPlugins() OVERRIDE;
     71   virtual void didNotAllowScript() OVERRIDE;
     72   virtual bool allowDisplayingInsecureContent(
     73       bool allowed_per_settings,
     74       const blink::WebSecurityOrigin& context,
     75       const blink::WebURL& url) OVERRIDE;
     76   virtual bool allowRunningInsecureContent(
     77       bool allowed_per_settings,
     78       const blink::WebSecurityOrigin& context,
     79       const blink::WebURL& url) OVERRIDE;
     80 
     81   // This is used for cases when the NPAPI plugins malfunction if used.
     82   bool AreNPAPIPluginsBlocked() const;
     83 
     84  private:
     85   FRIEND_TEST_ALL_PREFIXES(ContentSettingsObserverTest, WhitelistedSchemes);
     86   FRIEND_TEST_ALL_PREFIXES(ChromeRenderViewTest,
     87                            ContentSettingsInterstitialPages);
     88   FRIEND_TEST_ALL_PREFIXES(ChromeRenderViewTest, PluginsTemporarilyAllowed);
     89 
     90   // RenderFrameObserver implementation.
     91   virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
     92   virtual void DidCommitProvisionalLoad(bool is_new_navigation) OVERRIDE;
     93 
     94   // Message handlers.
     95   void OnLoadBlockedPlugins(const std::string& identifier);
     96   void OnSetAsInterstitial();
     97   void OnNPAPINotSupported();
     98   void OnSetAllowDisplayingInsecureContent(bool allow);
     99   void OnSetAllowRunningInsecureContent(bool allow);
    100   void OnReloadFrame();
    101   void OnRequestFileSystemAccessAsyncResponse(int request_id, bool allowed);
    102 
    103   // Resets the |content_blocked_| array.
    104   void ClearBlockedContentSettings();
    105 
    106   // Whether the observed RenderFrame is for a platform app.
    107   bool IsPlatformApp();
    108 
    109 #if defined(ENABLE_EXTENSIONS)
    110   // If |origin| corresponds to an installed extension, returns that extension.
    111   // Otherwise returns NULL.
    112   const extensions::Extension* GetExtension(
    113       const blink::WebSecurityOrigin& origin) const;
    114 #endif
    115 
    116   // Helpers.
    117   // True if |frame| contains content that is white-listed for content settings.
    118   static bool IsWhitelistedForContentSettings(content::RenderFrame* frame);
    119   static bool IsWhitelistedForContentSettings(
    120       const blink::WebSecurityOrigin& origin,
    121       const GURL& document_url);
    122 
    123 #if defined(ENABLE_EXTENSIONS)
    124   // Owned by ChromeContentRendererClient and outlive us.
    125   extensions::Dispatcher* extension_dispatcher_;
    126 #endif
    127 
    128   // Insecure content may be permitted for the duration of this render view.
    129   bool allow_displaying_insecure_content_;
    130   bool allow_running_insecure_content_;
    131 
    132   // A pointer to content setting rules stored by the renderer. Normally, the
    133   // |RendererContentSettingRules| object is owned by
    134   // |ChromeRenderProcessObserver|. In the tests it is owned by the caller of
    135   // |SetContentSettingRules|.
    136   const RendererContentSettingRules* content_setting_rules_;
    137 
    138   // Stores if images, scripts, and plugins have actually been blocked.
    139   bool content_blocked_[CONTENT_SETTINGS_NUM_TYPES];
    140 
    141   // Caches the result of AllowStorage.
    142   typedef std::pair<GURL, bool> StoragePermissionsKey;
    143   std::map<StoragePermissionsKey, bool> cached_storage_permissions_;
    144 
    145   // Caches the result of |AllowScript|.
    146   std::map<blink::WebFrame*, bool> cached_script_permissions_;
    147 
    148   std::set<std::string> temporarily_allowed_plugins_;
    149   bool is_interstitial_page_;
    150   bool npapi_plugins_blocked_;
    151 
    152   int current_request_id_;
    153   typedef std::map<int, blink::WebPermissionCallbacks> PermissionRequestMap;
    154   PermissionRequestMap permission_requests_;
    155 
    156   DISALLOW_COPY_AND_ASSIGN(ContentSettingsObserver);
    157 };
    158 
    159 #endif  // CHROME_RENDERER_CONTENT_SETTINGS_OBSERVER_H_
    160