Google Git
Sign in
android / platform / external / chromium_org / third_party / WebKit / 19cde67 / . / Source / core / loader / FrameLoader.cpp
blob: 583b9abef69debd0a64e9fbb623e14f98f329102 [file] [log] [blame]
/*
* Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
* Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
* Copyright (C) 2008 Alp Toker <alp@atoker.com>
* Copyright (C) Research In Motion Limited 2009. All rights reserved.
* Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
* Copyright (C) 2011 Google Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "core/loader/FrameLoader.h"
#include "HTMLNames.h"
#include "bindings/v8/DOMWrapperWorld.h"
#include "bindings/v8/ScriptController.h"
#include "bindings/v8/SerializedScriptValue.h"
#include "core/dom/Document.h"
#include "core/dom/Element.h"
#include "core/editing/Editor.h"
#include "core/events/Event.h"
#include "core/events/PageTransitionEvent.h"
#include "core/events/ThreadLocalEventNames.h"
#include "core/fetch/FetchContext.h"
#include "core/fetch/ResourceFetcher.h"
#include "core/fetch/ResourceLoader.h"
#include "core/frame/ContentSecurityPolicy.h"
#include "core/frame/ContentSecurityPolicyResponseHeaders.h"
#include "core/frame/DOMWindow.h"
#include "core/frame/Frame.h"
#include "core/frame/FrameView.h"
#include "core/history/HistoryItem.h"
#include "core/html/HTMLFormElement.h"
#include "core/html/HTMLFrameOwnerElement.h"
#include "core/html/parser/HTMLParserIdioms.h"
#include "core/inspector/InspectorController.h"
#include "core/inspector/InspectorInstrumentation.h"
#include "core/loader/DocumentLoadTiming.h"
#include "core/loader/DocumentLoader.h"
#include "core/loader/FormState.h"
#include "core/loader/FormSubmission.h"
#include "core/loader/FrameFetchContext.h"
#include "core/loader/FrameLoadRequest.h"
#include "core/loader/FrameLoaderClient.h"
#include "core/loader/IconController.h"
#include "core/loader/ProgressTracker.h"
#include "core/loader/UniqueIdentifier.h"
#include "core/loader/appcache/ApplicationCacheHost.h"
#include "core/page/Chrome.h"
#include "core/page/ChromeClient.h"
#include "core/page/EventHandler.h"
#include "core/page/FrameTree.h"
#include "core/page/Page.h"
#include "core/page/Settings.h"
#include "core/page/WindowFeatures.h"
#include "core/platform/ScrollAnimator.h"
#include "core/xml/parser/XMLDocumentParser.h"
#include "modules/webdatabase/DatabaseManager.h"
#include "platform/Logging.h"
#include "platform/UserGestureIndicator.h"
#include "platform/geometry/FloatRect.h"
#include "platform/network/HTTPParsers.h"
#include "platform/network/ResourceRequest.h"
#include "weborigin/SecurityOrigin.h"
#include "weborigin/SecurityPolicy.h"
#include "wtf/TemporaryChange.h"
#include "wtf/text/CString.h"
#include "wtf/text/WTFString.h"
namespace WebCore {
using namespace HTMLNames;
static const char defaultAcceptHeader[] = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8";
bool isBackForwardLoadType(FrameLoadType type)
{
return type == FrameLoadTypeBackForward;
}
class FrameLoader::FrameProgressTracker {
public:
static PassOwnPtr<FrameProgressTracker> create(Frame* frame) { return adoptPtr(new FrameProgressTracker(frame)); }
~FrameProgressTracker()
{
ASSERT(!m_inProgress || m_frame->page());
if (m_inProgress)
m_frame->page()->progress().progressCompleted(m_frame);
}
void progressStarted()
{
ASSERT(m_frame->page());
if (!m_inProgress)
m_frame->page()->progress().progressStarted(m_frame);
m_inProgress = true;
}
void progressCompleted()
{
ASSERT(m_inProgress);
ASSERT(m_frame->page());
m_inProgress = false;
m_frame->page()->progress().progressCompleted(m_frame);
}
private:
FrameProgressTracker(Frame* frame)
: m_frame(frame)
, m_inProgress(false)
{
}
Frame* m_frame;
bool m_inProgress;
};
FrameLoader::FrameLoader(Frame* frame, FrameLoaderClient* client)
: m_frame(frame)
, m_client(client)
, m_history(frame)
, m_icon(adoptPtr(new IconController(frame)))
, m_mixedContentChecker(frame)
, m_state(FrameStateProvisional)
, m_loadType(FrameLoadTypeStandard)
, m_fetchContext(FrameFetchContext::create(frame))
, m_inStopAllLoaders(false)
, m_isComplete(false)
, m_checkTimer(this, &FrameLoader::checkTimerFired)
, m_shouldCallCheckCompleted(false)
, m_opener(0)
, m_didAccessInitialDocument(false)
, m_didAccessInitialDocumentTimer(this, &FrameLoader::didAccessInitialDocumentTimerFired)
, m_suppressOpenerInNewFrame(false)
, m_forcedSandboxFlags(SandboxNone)
{
}
FrameLoader::~FrameLoader()
{
setOpener(0);
HashSet<Frame*>::iterator end = m_openedFrames.end();
for (HashSet<Frame*>::iterator it = m_openedFrames.begin(); it != end; ++it)
(*it)->loader().m_opener = 0;
m_client->frameLoaderDestroyed();
}
void FrameLoader::init()
{
// This somewhat odd set of steps gives the frame an initial empty document.
m_provisionalDocumentLoader = m_client->createDocumentLoader(ResourceRequest(KURL(ParsedURLString, emptyString())), SubstituteData());
m_provisionalDocumentLoader->setFrame(m_frame);
m_provisionalDocumentLoader->startLoadingMainResource();
m_frame->document()->cancelParsing();
m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocument);
m_progressTracker = FrameProgressTracker::create(m_frame);
}
void FrameLoader::setDefersLoading(bool defers)
{
if (m_documentLoader)
m_documentLoader->setDefersLoading(defers);
if (m_provisionalDocumentLoader)
m_provisionalDocumentLoader->setDefersLoading(defers);
if (m_policyDocumentLoader)
m_policyDocumentLoader->setDefersLoading(defers);
history()->setDefersLoading(defers);
if (!defers) {
m_frame->navigationScheduler().startTimer();
startCheckCompleteTimer();
}
}
void FrameLoader::stopLoading()
{
m_isComplete = true; // to avoid calling completed() in finishedParsing()
if (m_frame->document() && m_frame->document()->parsing()) {
finishedParsing();
m_frame->document()->setParsing(false);
}
if (Document* doc = m_frame->document()) {
// FIXME: HTML5 doesn't tell us to set the state to complete when aborting, but we do anyway to match legacy behavior.
// http://www.w3.org/Bugs/Public/show_bug.cgi?id=10537
doc->setReadyState(Document::Complete);
// FIXME: Should the DatabaseManager watch for something like ActiveDOMObject::stop() rather than being special-cased here?
DatabaseManager::manager().stopDatabases(doc, 0);
}
// FIXME: This will cancel redirection timer, which really needs to be restarted when restoring the frame from b/f cache.
m_frame->navigationScheduler().cancel();
}
bool FrameLoader::closeURL()
{
history()->saveDocumentAndScrollState();
// Should only send the pagehide event here if the current document exists.
if (m_frame->document())
m_frame->document()->dispatchUnloadEvents();
stopLoading();
m_frame->editor().clearUndoRedoOperations();
return true;
}
void FrameLoader::didExplicitOpen()
{
m_isComplete = false;
// Calling document.open counts as committing the first real document load.
if (!m_stateMachine.committedFirstRealDocumentLoad())
m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
// Prevent window.open(url) -- eg window.open("about:blank") -- from blowing away results
// from a subsequent window.document.open / window.document.write call.
// Canceling redirection here works for all cases because document.open
// implicitly precedes document.write.
m_frame->navigationScheduler().cancel();
}
void FrameLoader::clear(ClearOptions options)
{
if (m_stateMachine.creatingInitialEmptyDocument())
return;
m_frame->editor().clear();
m_frame->document()->cancelParsing();
m_frame->document()->prepareForDestruction();
m_frame->document()->removeFocusedElementOfSubtree(m_frame->document());
// Do this after detaching the document so that the unload event works.
if (options & ClearWindowProperties) {
InspectorInstrumentation::frameWindowDiscarded(m_frame, m_frame->domWindow());
m_frame->domWindow()->reset();
m_frame->script().clearWindowShell();
}
m_frame->selection().prepareForDestruction();
m_frame->eventHandler().clear();
if (m_frame->view())
m_frame->view()->clear();
if (options & ClearWindowObject) {
// Do not drop the DOMWindow (and Document) before the ScriptController and view are cleared
// as some destructors might still try to access the document.
m_frame->setDOMWindow(0);
}
if (options & ClearScriptObjects)
m_frame->script().clearScriptObjects();
m_frame->script().enableEval();
m_frame->navigationScheduler().clear();
m_checkTimer.stop();
m_shouldCallCheckCompleted = false;
if (m_stateMachine.isDisplayingInitialEmptyDocument())
m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
}
void FrameLoader::receivedFirstData()
{
if (m_stateMachine.creatingInitialEmptyDocument())
return;
NavigationHistoryPolicy navigationHistoryPolicy = NavigationReusedHistoryEntry;
if (m_loadType == FrameLoadTypeStandard && m_documentLoader->isURLValidForNewHistoryEntry())
navigationHistoryPolicy = NavigationCreatedHistoryEntry;
m_client->dispatchDidCommitLoad(navigationHistoryPolicy);
InspectorInstrumentation::didCommitLoad(m_frame, m_documentLoader.get());
m_frame->page()->didCommitLoad(m_frame);
dispatchDidClearWindowObjectsInAllWorlds();
}
void FrameLoader::setOutgoingReferrer(const KURL& url)
{
m_outgoingReferrer = url.strippedForUseAsReferrer();
}
void FrameLoader::didBeginDocument(bool dispatch)
{
m_isComplete = false;
m_frame->document()->setReadyState(Document::Loading);
if (history()->currentItem() && m_loadType == FrameLoadTypeBackForward)
m_frame->domWindow()->statePopped(history()->currentItem()->stateObject());
if (dispatch)
dispatchDidClearWindowObjectsInAllWorlds();
m_frame->document()->initContentSecurityPolicy(m_documentLoader ? ContentSecurityPolicyResponseHeaders(m_documentLoader->response()) : ContentSecurityPolicyResponseHeaders());
Settings* settings = m_frame->document()->settings();
if (settings) {
m_frame->document()->fetcher()->setImagesEnabled(settings->areImagesEnabled());
m_frame->document()->fetcher()->setAutoLoadImages(settings->loadsImagesAutomatically());
}
if (m_documentLoader) {
String dnsPrefetchControl = m_documentLoader->response().httpHeaderField("X-DNS-Prefetch-Control");
if (!dnsPrefetchControl.isEmpty())
m_frame->document()->parseDNSPrefetchControlHeader(dnsPrefetchControl);
String headerContentLanguage = m_documentLoader->response().httpHeaderField("Content-Language");
if (!headerContentLanguage.isEmpty()) {
size_t commaIndex = headerContentLanguage.find(',');
headerContentLanguage.truncate(commaIndex); // kNotFound == -1 == don't truncate
headerContentLanguage = headerContentLanguage.stripWhiteSpace(isHTMLSpace<UChar>);
if (!headerContentLanguage.isEmpty())
m_frame->document()->setContentLanguage(headerContentLanguage);
}
}
history()->restoreDocumentState();
}
void FrameLoader::finishedParsing()
{
if (m_stateMachine.creatingInitialEmptyDocument())
return;
// This can be called from the Frame's destructor, in which case we shouldn't protect ourselves
// because doing so will cause us to re-enter the destructor when protector goes out of scope.
// Null-checking the FrameView indicates whether or not we're in the destructor.
RefPtr<Frame> protector = m_frame->view() ? m_frame : 0;
m_client->dispatchDidFinishDocumentLoad();
checkCompleted();
if (!m_frame->view())
return; // We are being destroyed by something checkCompleted called.
// Check if the scrollbars are really needed for the content.
// If not, remove them, relayout, and repaint.
m_frame->view()->restoreScrollbar();
scrollToFragmentWithParentBoundary(m_frame->document()->url());
}
void FrameLoader::loadDone()
{
checkCompleted();
}
bool FrameLoader::allChildrenAreComplete() const
{
for (Frame* child = m_frame->tree().firstChild(); child; child = child->tree().nextSibling()) {
if (!child->loader().m_isComplete)
return false;
}
return true;
}
bool FrameLoader::allAncestorsAreComplete() const
{
for (Frame* ancestor = m_frame; ancestor; ancestor = ancestor->tree().parent()) {
if (!ancestor->document()->loadEventFinished())
return false;
}
return true;
}
void FrameLoader::checkCompleted()
{
RefPtr<Frame> protect(m_frame);
m_shouldCallCheckCompleted = false;
if (m_frame->view())
m_frame->view()->handleLoadCompleted();
// Have we completed before?
if (m_isComplete)
return;
// Are we still parsing?
if (m_frame->document()->parsing())
return;
// Still waiting for images/scripts?
if (m_frame->document()->fetcher()->requestCount())
return;
// Still waiting for elements that don't go through a FrameLoader?
if (m_frame->document()->isDelayingLoadEvent())
return;
// Any frame that hasn't completed yet?
if (!allChildrenAreComplete())
return;
// OK, completed.
m_isComplete = true;
m_frame->document()->setReadyState(Document::Complete);
if (m_frame->document()->loadEventStillNeeded())
m_frame->document()->implicitClose();
m_frame->navigationScheduler().startTimer();
completed();
if (m_frame->page())
checkLoadComplete();
if (m_frame->view())
m_frame->view()->handleLoadCompleted();
}
void FrameLoader::checkTimerFired(Timer<FrameLoader>*)
{
RefPtr<Frame> protect(m_frame);
if (Page* page = m_frame->page()) {
if (page->defersLoading())
return;
}
if (m_shouldCallCheckCompleted)
checkCompleted();
}
void FrameLoader::startCheckCompleteTimer()
{
if (!m_shouldCallCheckCompleted)
return;
if (m_checkTimer.isActive())
return;
m_checkTimer.startOneShot(0);
}
void FrameLoader::scheduleCheckCompleted()
{
m_shouldCallCheckCompleted = true;
startCheckCompleteTimer();
}
String FrameLoader::outgoingReferrer() const
{
// See http://www.whatwg.org/specs/web-apps/current-work/#fetching-resources
// for why we walk the parent chain for srcdoc documents.
Frame* frame = m_frame;
while (frame->document()->isSrcdocDocument()) {
frame = frame->tree().parent();
// Srcdoc documents cannot be top-level documents, by definition,
// because they need to be contained in iframes with the srcdoc.
ASSERT(frame);
}
return frame->loader().m_outgoingReferrer;
}
String FrameLoader::outgoingOrigin() const
{
return m_frame->document()->securityOrigin()->toString();
}
Frame* FrameLoader::opener()
{
return m_opener;
}
void FrameLoader::setOpener(Frame* opener)
{
if (m_opener && !opener)
m_client->didDisownOpener();
if (m_opener)
m_opener->loader().m_openedFrames.remove(m_frame);
if (opener)
opener->loader().m_openedFrames.add(m_frame);
m_opener = opener;
if (m_frame->document())
m_frame->document()->initSecurityContext();
}
bool FrameLoader::allowPlugins(ReasonForCallingAllowPlugins reason)
{
Settings* settings = m_frame->settings();
bool allowed = m_client->allowPlugins(settings && settings->arePluginsEnabled());
if (!allowed && reason == AboutToInstantiatePlugin)
m_client->didNotAllowPlugins();
return allowed;
}
void FrameLoader::updateForSameDocumentNavigation(const KURL& newURL, SameDocumentNavigationSource sameDocumentNavigationSource, PassRefPtr<SerializedScriptValue> data, UpdateBackForwardListPolicy updateBackForwardList)
{
// Update the data source's request with the new URL to fake the URL change
KURL oldURL = m_frame->document()->url();
m_frame->document()->setURL(newURL);
setOutgoingReferrer(newURL);
documentLoader()->replaceRequestURLForSameDocumentNavigation(newURL);
// updateBackForwardListForFragmentScroll() must happen after
// replaceRequestURLForSameDocumentNavigation(), since we add based on
// the current request.
if (updateBackForwardList == UpdateBackForwardList)
history()->updateBackForwardListForFragmentScroll();
if (sameDocumentNavigationSource == SameDocumentNavigationDefault)
history()->updateForSameDocumentNavigation();
else if (sameDocumentNavigationSource == SameDocumentNavigationPushState)
history()->pushState(data, newURL.string());
else if (sameDocumentNavigationSource == SameDocumentNavigationReplaceState)
history()->replaceState(data, newURL.string());
else
ASSERT_NOT_REACHED();
// Generate start and stop notifications only when loader is completed so that we
// don't fire them for fragment redirection that happens in window.onload handler.
// See https://bugs.webkit.org/show_bug.cgi?id=31838
if (m_frame->document()->loadEventFinished())
m_client->postProgressStartedNotification();
m_documentLoader->clearRedirectChain();
if (m_documentLoader->isClientRedirect())
m_documentLoader->appendRedirect(oldURL);
m_documentLoader->appendRedirect(newURL);
NavigationHistoryPolicy navigationHistoryPolicy = NavigationReusedHistoryEntry;
if (updateBackForwardList == UpdateBackForwardList || sameDocumentNavigationSource == SameDocumentNavigationPushState)
navigationHistoryPolicy = NavigationCreatedHistoryEntry;
m_client->dispatchDidNavigateWithinPage(navigationHistoryPolicy);
m_client->dispatchDidReceiveTitle(m_frame->document()->title());
if (m_frame->document()->loadEventFinished())
m_client->postProgressFinishedNotification();
}
void FrameLoader::loadInSameDocument(const KURL& url, PassRefPtr<SerializedScriptValue> stateObject, bool isNewNavigation, ClientRedirectPolicy clientRedirect)
{
// If we have a state object, we cannot also be a new navigation.
ASSERT(!stateObject || (stateObject && !isNewNavigation));
KURL oldURL = m_frame->document()->url();
// If we were in the autoscroll/panScroll mode we want to stop it before following the link to the anchor
bool hashChange = equalIgnoringFragmentIdentifier(url, oldURL) && url.fragmentIdentifier() != oldURL.fragmentIdentifier();
if (hashChange) {
m_frame->eventHandler().stopAutoscroll();
m_frame->domWindow()->enqueueHashchangeEvent(oldURL, url);
}
m_documentLoader->setIsClientRedirect((clientRedirect == ClientRedirect && !isNewNavigation) || !UserGestureIndicator::processingUserGesture());
m_documentLoader->setReplacesCurrentHistoryItem(!isNewNavigation);
UpdateBackForwardListPolicy updateBackForwardList = isNewNavigation && !shouldTreatURLAsSameAsCurrent(url) && !stateObject ? UpdateBackForwardList : DoNotUpdateBackForwardList;
updateForSameDocumentNavigation(url, SameDocumentNavigationDefault, 0, updateBackForwardList);
// It's important to model this as a load that starts and immediately finishes.
// Otherwise, the parent frame may think we never finished loading.
started();
// We need to scroll to the fragment whether or not a hash change occurred, since
// the user might have scrolled since the previous navigation.
scrollToFragmentWithParentBoundary(url);
m_isComplete = false;
checkCompleted();
m_frame->domWindow()->statePopped(stateObject ? stateObject : SerializedScriptValue::nullValue());
}
void FrameLoader::completed()
{
RefPtr<Frame> protect(m_frame);
for (Frame* descendant = m_frame->tree().traverseNext(m_frame); descendant; descendant = descendant->tree().traverseNext(m_frame))
descendant->navigationScheduler().startTimer();
if (Frame* parent = m_frame->tree().parent())
parent->loader().checkCompleted();
if (m_frame->view())
m_frame->view()->maintainScrollPositionAtAnchor(0);
}
void FrameLoader::started()
{
for (Frame* frame = m_frame; frame; frame = frame->tree().parent())
frame->loader().m_isComplete = false;
}
void FrameLoader::prepareForHistoryNavigation()
{
// If there is no currentItem, but we still want to engage in
// history navigation we need to manufacture one, and update
// the state machine of this frame to impersonate having
// loaded it.
RefPtr<HistoryItem> currentItem = history()->currentItem();
if (!currentItem) {
insertDummyHistoryItem();
ASSERT(stateMachine()->isDisplayingInitialEmptyDocument());
stateMachine()->advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad);
}
}
void FrameLoader::setReferrerForFrameRequest(ResourceRequest& request, ShouldSendReferrer shouldSendReferrer)
{
if (shouldSendReferrer == NeverSendReferrer) {
request.clearHTTPReferrer();
return;
}
String argsReferrer(request.httpReferrer());
if (argsReferrer.isEmpty())
argsReferrer = outgoingReferrer();
String referrer = SecurityPolicy::generateReferrerHeader(m_frame->document()->referrerPolicy(), request.url(), argsReferrer);
request.setHTTPReferrer(referrer);
RefPtr<SecurityOrigin> referrerOrigin = SecurityOrigin::createFromString(referrer);
addHTTPOriginIfNeeded(request, referrerOrigin->toString());
}
bool FrameLoader::isScriptTriggeredFormSubmissionInChildFrame(const FrameLoadRequest& request) const
{
// If this is a child frame and the form submission was triggered by a script, lock the back/forward list
// to match IE and Opera.
// See https://bugs.webkit.org/show_bug.cgi?id=32383 for the original motivation for this.
if (!m_frame->tree().parent() || UserGestureIndicator::processingUserGesture())
return false;
return request.formState() && request.formState()->formSubmissionTrigger() == SubmittedByJavaScript;
}
FrameLoadType FrameLoader::determineFrameLoadType(const FrameLoadRequest& request)
{
if (m_frame->tree().parent() && !m_stateMachine.startedFirstRealLoad())
return FrameLoadTypeInitialInChildFrame;
if (!m_frame->tree().parent() && !history()->currentItem())
return FrameLoadTypeStandard;
if (request.resourceRequest().cachePolicy() == ReloadIgnoringCacheData)
return FrameLoadTypeReload;
if (request.lockBackForwardList() || isScriptTriggeredFormSubmissionInChildFrame(request))
return FrameLoadTypeRedirectWithLockedBackForwardList;
if (!request.requester() && shouldTreatURLAsSameAsCurrent(request.resourceRequest().url()))
return FrameLoadTypeSame;
if (shouldTreatURLAsSameAsCurrent(request.substituteData().failingURL()) && m_loadType == FrameLoadTypeReload)
return FrameLoadTypeReload;
return FrameLoadTypeStandard;
}
bool FrameLoader::prepareRequestForThisFrame(FrameLoadRequest& request)
{
// If no SecurityOrigin was specified, skip security checks and assume the caller has fully initialized the FrameLoadRequest.
if (!request.requester())
return true;
KURL url = request.resourceRequest().url();
if (m_frame->script().executeScriptIfJavaScriptURL(url))
return false;
if (!request.requester()->canDisplay(url)) {
reportLocalLoadFailed(m_frame, url.elidedString());
return false;
}
if (request.requester() && !request.formState() && request.frameName().isEmpty())
request.setFrameName(m_frame->document()->baseTarget());
// If the requesting SecurityOrigin is not this Frame's SecurityOrigin, the request was initiated by a different frame that should
// have already set the referrer.
if (request.requester() == m_frame->document()->securityOrigin())
setReferrerForFrameRequest(request.resourceRequest(), request.shouldSendReferrer());
return true;
}
static bool shouldOpenInNewWindow(Frame* targetFrame, const FrameLoadRequest& request, const NavigationAction& action)
{
if (!targetFrame && !request.frameName().isEmpty())
return true;
if (!request.formState())
return false;
NavigationPolicy navigationPolicy = NavigationPolicyCurrentTab;
if (!action.specifiesNavigationPolicy(&navigationPolicy))
return false;
return navigationPolicy != NavigationPolicyCurrentTab;
}
void FrameLoader::load(const FrameLoadRequest& passedRequest)
{
ASSERT(!m_suppressOpenerInNewFrame);
ASSERT(m_frame->document());
// Protect frame from getting blown away inside dispatchBeforeLoadEvent in loadWithDocumentLoader.
RefPtr<Frame> protect(m_frame);
if (m_inStopAllLoaders)
return;
FrameLoadRequest request(passedRequest);
if (!prepareRequestForThisFrame(request))
return;
RefPtr<Frame> targetFrame = findFrameForNavigation(request.frameName(), request.formState() ? request.formState()->sourceDocument() : m_frame->document());
if (targetFrame && targetFrame != m_frame) {
request.setFrameName("_self");
targetFrame->loader().load(request);
if (Page* page = targetFrame->page())
page->chrome().focus();
return;
}
FrameLoadType newLoadType = determineFrameLoadType(request);
NavigationAction action(request.resourceRequest(), newLoadType, request.formState(), request.triggeringEvent());
if (shouldOpenInNewWindow(targetFrame.get(), request, action)) {
TemporaryChange<bool> changeOpener(m_suppressOpenerInNewFrame, request.shouldSendReferrer() == NeverSendReferrer);
checkNewWindowPolicyAndContinue(request.formState(), request.frameName(), action);
return;
}
if (shouldPerformFragmentNavigation(request.formState(), request.resourceRequest().httpMethod(), newLoadType, request.resourceRequest().url())) {
checkNavigationPolicyAndContinueFragmentScroll(action, newLoadType != FrameLoadTypeRedirectWithLockedBackForwardList, request.clientRedirect());
return;
}
bool sameURL = shouldTreatURLAsSameAsCurrent(request.resourceRequest().url());
loadWithNavigationAction(request.resourceRequest(), action, newLoadType, request.formState(), request.substituteData(), request.clientRedirect());
// Example of this case are sites that reload the same URL with a different cookie
// driving the generated content, or a master frame with links that drive a target
// frame, where the user has clicked on the same link repeatedly.
if (sameURL && newLoadType != FrameLoadTypeReload && newLoadType != FrameLoadTypeReloadFromOrigin && request.resourceRequest().httpMethod() != "POST")
m_loadType = FrameLoadTypeSame;
}
SubstituteData FrameLoader::defaultSubstituteDataForURL(const KURL& url)
{
if (!shouldTreatURLAsSrcdocDocument(url))
return SubstituteData();
String srcdoc = m_frame->ownerElement()->fastGetAttribute(srcdocAttr);
ASSERT(!srcdoc.isNull());
CString encodedSrcdoc = srcdoc.utf8();
return SubstituteData(SharedBuffer::create(encodedSrcdoc.data(), encodedSrcdoc.length()), "text/html", "UTF-8", KURL());
}
void FrameLoader::reportLocalLoadFailed(Frame* frame, const String& url)
{
ASSERT(!url.isEmpty());
if (!frame)
return;
frame->document()->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Not allowed to load local resource: " + url);
}
void FrameLoader::reload(ReloadPolicy reloadPolicy, const KURL& overrideURL, const String& overrideEncoding)
{
DocumentLoader* documentLoader = activeDocumentLoader();
if (!documentLoader)
return;
if (m_state == FrameStateProvisional)
insertDummyHistoryItem();
ResourceRequest request = documentLoader->request();
// FIXME: We need to reset cache policy to prevent it from being incorrectly propagted to the reload.
// Do we need to propagate anything other than the url?
request.setCachePolicy(UseProtocolCachePolicy);
if (!overrideURL.isEmpty())
request.setURL(overrideURL);
else if (!documentLoader->unreachableURL().isEmpty())
request.setURL(documentLoader->unreachableURL());
FrameLoadType type = reloadPolicy == EndToEndReload ? FrameLoadTypeReloadFromOrigin : FrameLoadTypeReload;
NavigationAction action(request, type, request.httpMethod() == "POST");
loadWithNavigationAction(request, action, type, 0, SubstituteData(), NotClientRedirect, overrideEncoding);
}
void FrameLoader::stopAllLoaders()
{
if (m_frame->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal)
return;
// If this method is called from within this method, infinite recursion can occur (3442218). Avoid this.
if (m_inStopAllLoaders)
return;
// Calling stopLoading() on the provisional document loader can blow away
// the frame from underneath.
RefPtr<Frame> protect(m_frame);
m_inStopAllLoaders = true;
for (RefPtr<Frame> child = m_frame->tree().firstChild(); child; child = child->tree().nextSibling())
child->loader().stopAllLoaders();
if (m_provisionalDocumentLoader)
m_provisionalDocumentLoader->stopLoading();
if (m_documentLoader)
m_documentLoader->stopLoading();
if (m_provisionalDocumentLoader)
m_provisionalDocumentLoader->detachFromFrame();
m_provisionalDocumentLoader = 0;
m_checkTimer.stop();
m_inStopAllLoaders = false;
m_client->didStopAllLoaders();
}
DocumentLoader* FrameLoader::activeDocumentLoader() const
{
if (m_state == FrameStateProvisional)
return m_provisionalDocumentLoader.get();
return m_documentLoader.get();
}
void FrameLoader::didAccessInitialDocument()
{
// We only need to notify the client once, and only for the main frame.
if (isLoadingMainFrame() && !m_didAccessInitialDocument) {
m_didAccessInitialDocument = true;
// Notify asynchronously, since this is called within a JavaScript security check.
m_didAccessInitialDocumentTimer.startOneShot(0);
}
}
void FrameLoader::didAccessInitialDocumentTimerFired(Timer<FrameLoader>*)
{
m_client->didAccessInitialDocument();
}
void FrameLoader::notifyIfInitialDocumentAccessed()
{
if (m_didAccessInitialDocumentTimer.isActive()
&& m_stateMachine.isDisplayingInitialEmptyDocument()) {
m_didAccessInitialDocumentTimer.stop();
didAccessInitialDocumentTimerFired(0);
}
}
bool FrameLoader::isLoading() const
{
DocumentLoader* docLoader = activeDocumentLoader();
if (!docLoader)
return false;
return docLoader->isLoading();
}
void FrameLoader::commitProvisionalLoad()
{
ASSERT(m_client->hasWebView());
ASSERT(m_state == FrameStateProvisional);
RefPtr<DocumentLoader> pdl = m_provisionalDocumentLoader;
RefPtr<Frame> protect(m_frame);
closeOldDataSources();
// Check if the destination page is allowed to access the previous page's timing information.
if (m_frame->document()) {
RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::create(pdl->request().url());
pdl->timing()->setHasSameOriginAsPreviousDocument(securityOrigin->canRequest(m_frame->document()->url()));
}
// The call to closeURL() invokes the unload event handler, which can execute arbitrary
// JavaScript. If the script initiates a new load, we need to abandon the current load,
// or the two will stomp each other.
// detachChildren will similarly trigger child frame unload event handlers.
if (m_documentLoader)
closeURL();
detachChildren();
if (pdl != m_provisionalDocumentLoader)
return;
if (m_documentLoader)
m_documentLoader->detachFromFrame();
m_documentLoader = m_provisionalDocumentLoader.release();
m_state = FrameStateCommittedPage;
if (isLoadingMainFrame())
m_frame->page()->chrome().client().needTouchEvents(false);
history()->updateForCommit();
m_client->transitionToCommittedForNewPage();
m_frame->navigationScheduler().cancel();
m_frame->editor().clearLastEditCommand();
// If we are still in the process of initializing an empty document then
// its frame is not in a consistent state for rendering, so avoid setJSStatusBarText
// since it may cause clients to attempt to render the frame.
if (!m_stateMachine.creatingInitialEmptyDocument()) {
DOMWindow* window = m_frame->domWindow();
window->setStatus(String());
window->setDefaultStatus(String());
}
started();
}
void FrameLoader::closeOldDataSources()
{
// FIXME: Is it important for this traversal to be postorder instead of preorder?
// If so, add helpers for postorder traversal, and use them. If not, then lets not
// use a recursive algorithm here.
for (Frame* child = m_frame->tree().firstChild(); child; child = child->tree().nextSibling())
child->loader().closeOldDataSources();
if (m_documentLoader)
m_client->dispatchWillClose();
}
bool FrameLoader::isLoadingMainFrame() const
{
Page* page = m_frame->page();
return page && m_frame == page->mainFrame();
}
bool FrameLoader::subframeIsLoading() const
{
// It's most likely that the last added frame is the last to load so we walk backwards.
for (Frame* child = m_frame->tree().lastChild(); child; child = child->tree().previousSibling()) {
const FrameLoader& childLoader = child->loader();
DocumentLoader* documentLoader = childLoader.documentLoader();
if (documentLoader && documentLoader->isLoadingInAPISense())
return true;
documentLoader = childLoader.provisionalDocumentLoader();
if (documentLoader && documentLoader->isLoadingInAPISense())
return true;
documentLoader = childLoader.policyDocumentLoader();
if (documentLoader)
return true;
}
return false;
}
FrameLoadType FrameLoader::loadType() const
{
return m_loadType;
}
CachePolicy FrameLoader::subresourceCachePolicy() const
{
if (m_frame->document()->loadEventFinished())
return CachePolicyVerify;
if (m_loadType == FrameLoadTypeReloadFromOrigin)
return CachePolicyReload;
if (Frame* parentFrame = m_frame->tree().parent()) {
CachePolicy parentCachePolicy = parentFrame->loader().subresourceCachePolicy();
if (parentCachePolicy != CachePolicyVerify)
return parentCachePolicy;
}
if (m_loadType == FrameLoadTypeReload)
return CachePolicyRevalidate;
const ResourceRequest& request(documentLoader()->request());
if (request.cachePolicy() == ReturnCacheDataElseLoad)
return CachePolicyHistoryBuffer;
return CachePolicyVerify;
}
void FrameLoader::checkLoadCompleteForThisFrame()
{
ASSERT(m_client->hasWebView());
if (m_state == FrameStateProvisional && m_provisionalDocumentLoader) {
const ResourceError& error = m_provisionalDocumentLoader->mainDocumentError();
if (error.isNull())
return;
RefPtr<DocumentLoader> loader = m_provisionalDocumentLoader;
m_client->dispatchDidFailProvisionalLoad(error);
if (loader != m_provisionalDocumentLoader)
return;
m_provisionalDocumentLoader->detachFromFrame();
m_provisionalDocumentLoader = 0;
m_progressTracker->progressCompleted();
m_state = FrameStateComplete;
}
if (m_state != FrameStateCommittedPage)
return;
if (!m_documentLoader || (m_documentLoader->isLoadingInAPISense() && !m_inStopAllLoaders))
return;
m_state = FrameStateComplete;
// FIXME: Is this subsequent work important if we already navigated away?
// Maybe there are bugs because of that, or extra work we can skip because
// the new page is ready.
// If the user had a scroll point, scroll to it, overriding the anchor point if any.
if (m_frame->page()) {
if (isBackForwardLoadType(m_loadType) || m_loadType == FrameLoadTypeReload || m_loadType == FrameLoadTypeReloadFromOrigin)
history()->restoreScrollPositionAndViewState();
}
if (!m_stateMachine.committedFirstRealDocumentLoad())
return;
m_progressTracker->progressCompleted();
const ResourceError& error = m_documentLoader->mainDocumentError();
if (!error.isNull())
m_client->dispatchDidFailLoad(error);
else
m_client->dispatchDidFinishLoad();
m_loadType = FrameLoadTypeStandard;
}
void FrameLoader::didFirstLayout()
{
if (!m_frame->page())
return;
if (isBackForwardLoadType(m_loadType) || m_loadType == FrameLoadTypeReload || m_loadType == FrameLoadTypeReloadFromOrigin)
history()->restoreScrollPositionAndViewState();
}
void FrameLoader::detachChildren()
{
typedef Vector<RefPtr<Frame> > FrameVector;
FrameVector childrenToDetach;
childrenToDetach.reserveCapacity(m_frame->tree().childCount());
for (Frame* child = m_frame->tree().lastChild(); child; child = child->tree().previousSibling())
childrenToDetach.append(child);
FrameVector::iterator end = childrenToDetach.end();
for (FrameVector::iterator it = childrenToDetach.begin(); it != end; it++)
(*it)->loader().detachFromParent();
}
void FrameLoader::closeAndRemoveChild(Frame* child)
{
child->tree().detachFromParent();
child->setView(0);
if (child->ownerElement() && child->page())
child->page()->decrementSubframeCount();
child->willDetachPage();
child->detachFromPage();
m_frame->tree().removeChild(child);
}
// Called every time a resource is completely loaded or an error is received.
void FrameLoader::checkLoadComplete()
{
ASSERT(m_client->hasWebView());
// FIXME: Always traversing the entire frame tree is a bit inefficient, but
// is currently needed in order to null out the previous history item for all frames.
if (Page* page = m_frame->page()) {
Vector<RefPtr<Frame>, 10> frames;
for (RefPtr<Frame> frame = page->mainFrame(); frame; frame = frame->tree().traverseNext())
frames.append(frame);
// To process children before their parents, iterate the vector backwards.
for (size_t i = frames.size(); i; --i)
frames[i - 1]->loader().checkLoadCompleteForThisFrame();
}
}
void FrameLoader::checkLoadComplete(DocumentLoader* documentLoader)
{
if (documentLoader)
documentLoader->checkLoadComplete();
checkLoadComplete();
}
int FrameLoader::numPendingOrLoadingRequests(bool recurse) const
{
if (!recurse)
return m_frame->document()->fetcher()->requestCount();
int count = 0;
for (Frame* frame = m_frame; frame; frame = frame->tree().traverseNext(m_frame))
count += frame->document()->fetcher()->requestCount();
return count;
}
String FrameLoader::userAgent(const KURL& url) const
{
String userAgent = m_client->userAgent(url);
InspectorInstrumentation::applyUserAgentOverride(m_frame, &userAgent);
return userAgent;
}
void FrameLoader::frameDetached()
{
// stopAllLoaders can detach the Frame, so protect it.
RefPtr<Frame> protect(m_frame);
stopAllLoaders();
detachFromParent();
}
void FrameLoader::detachFromParent()
{
// stopAllLoaders can detach the Frame, so protect it.
RefPtr<Frame> protect(m_frame);
closeURL();
detachChildren();
// stopAllLoaders() needs to be called after detachChildren(), because detachedChildren()
// will trigger the unload event handlers of any child frames, and those event
// handlers might start a new subresource load in this frame.
stopAllLoaders();
InspectorInstrumentation::frameDetachedFromParent(m_frame);
if (m_documentLoader)
m_documentLoader->detachFromFrame();
m_documentLoader = 0;
m_client->detachedFromParent();
m_progressTracker.clear();
if (Frame* parent = m_frame->tree().parent()) {
parent->loader().closeAndRemoveChild(m_frame);
parent->loader().scheduleCheckCompleted();
} else {
m_frame->setView(0);
m_frame->willDetachPage();
m_frame->detachFromPage();
}
}
void FrameLoader::addExtraFieldsToRequest(ResourceRequest& request)
{
bool isMainResource = (request.targetType() == ResourceRequest::TargetIsMainFrame) || (request.targetType() == ResourceRequest::TargetIsSubframe);
if (isMainResource && isLoadingMainFrame())
request.setFirstPartyForCookies(request.url());
else
request.setFirstPartyForCookies(m_frame->document()->firstPartyForCookies());
// The remaining modifications are only necessary for HTTP and HTTPS.
if (!request.url().isEmpty() && !request.url().protocolIsInHTTPFamily())
return;
applyUserAgent(request);
if (request.cachePolicy() == ReloadIgnoringCacheData) {
if (m_loadType == FrameLoadTypeReload)
request.setHTTPHeaderField("Cache-Control", "max-age=0");
else if (m_loadType == FrameLoadTypeReloadFromOrigin) {
request.setHTTPHeaderField("Cache-Control", "no-cache");
request.setHTTPHeaderField("Pragma", "no-cache");
}
}
if (isMainResource)
request.setHTTPAccept(defaultAcceptHeader);
// Make sure we send the Origin header.
addHTTPOriginIfNeeded(request, String());
}
void FrameLoader::addHTTPOriginIfNeeded(ResourceRequest& request, const String& origin)
{
if (!request.httpOrigin().isEmpty())
return; // Request already has an Origin header.
// Don't send an Origin header for GET or HEAD to avoid privacy issues.
// For example, if an intranet page has a hyperlink to an external web
// site, we don't want to include the Origin of the request because it
// will leak the internal host name. Similar privacy concerns have lead
// to the widespread suppression of the Referer header at the network
// layer.
if (request.httpMethod() == "GET" || request.httpMethod() == "HEAD")
return;
// For non-GET and non-HEAD methods, always send an Origin header so the
// server knows we support this feature.
if (origin.isEmpty()) {
// If we don't know what origin header to attach, we attach the value
// for an empty origin.
request.setHTTPOrigin(SecurityOrigin::createUnique()->toString());
return;
}
request.setHTTPOrigin(origin);
}
const ResourceRequest& FrameLoader::originalRequest() const
{
return activeDocumentLoader()->originalRequestCopy();
}
void FrameLoader::receivedMainResourceError(const ResourceError& error)
{
// Retain because the stop may release the last reference to it.
RefPtr<Frame> protect(m_frame);
RefPtr<DocumentLoader> loader = activeDocumentLoader();
if (m_frame->document()->parser())
m_frame->document()->parser()->stopParsing();
// FIXME: We really ought to be able to just check for isCancellation() here, but there are some
// ResourceErrors that setIsCancellation() but aren't created by ResourceError::cancelledError().
ResourceError c(ResourceError::cancelledError(KURL()));
if ((error.errorCode() != c.errorCode() || error.domain() != c.domain()) && m_frame->ownerElement())
m_frame->ownerElement()->renderFallbackContent();
checkCompleted();
if (m_frame->page())
checkLoadComplete();
}
void FrameLoader::checkNavigationPolicyAndContinueFragmentScroll(const NavigationAction& action, bool isNewNavigation, ClientRedirectPolicy clientRedirect)
{
m_documentLoader->setTriggeringAction(action);
const ResourceRequest& request = action.resourceRequest();
if (!m_documentLoader->shouldContinueForNavigationPolicy(request, DocumentLoader::PolicyCheckFragment))
return;
// If we have a provisional request for a different document, a fragment scroll should cancel it.
if (m_provisionalDocumentLoader && !equalIgnoringFragmentIdentifier(m_provisionalDocumentLoader->request().url(), request.url())) {
m_provisionalDocumentLoader->stopLoading();
if (m_provisionalDocumentLoader)
m_provisionalDocumentLoader->detachFromFrame();
m_provisionalDocumentLoader = 0;
}
history()->setProvisionalItem(0);
loadInSameDocument(request.url(), 0, isNewNavigation, clientRedirect);
}
bool FrameLoader::shouldPerformFragmentNavigation(bool isFormSubmission, const String& httpMethod, FrameLoadType loadType, const KURL& url)
{
ASSERT(loadType != FrameLoadTypeBackForward);
ASSERT(loadType != FrameLoadTypeReloadFromOrigin);
// We don't do this if we are submitting a form with method other than "GET", explicitly reloading,
// currently displaying a frameset, or if the URL does not have a fragment.
return (!isFormSubmission || equalIgnoringCase(httpMethod, "GET"))
&& loadType != FrameLoadTypeReload
&& loadType != FrameLoadTypeSame
&& url.hasFragmentIdentifier()
&& equalIgnoringFragmentIdentifier(m_frame->document()->url(), url)
// We don't want to just scroll if a link from within a
// frameset is trying to reload the frameset into _top.
&& !m_frame->document()->isFrameSet();
}
void FrameLoader::scrollToFragmentWithParentBoundary(const KURL& url)
{
FrameView* view = m_frame->view();
if (!view)
return;
// Leaking scroll position to a cross-origin ancestor would permit the so-called "framesniffing" attack.
RefPtr<Frame> boundaryFrame(url.hasFragmentIdentifier() ? m_frame->document()->findUnsafeParentScrollPropagationBoundary() : 0);
if (boundaryFrame)
boundaryFrame->view()->setSafeToPropagateScrollToParent(false);
view->scrollToFragment(url);
if (boundaryFrame)
boundaryFrame->view()->setSafeToPropagateScrollToParent(true);
}
bool FrameLoader::shouldClose()
{
Page* page = m_frame->page();
if (!page || !page->chrome().canRunBeforeUnloadConfirmPanel())
return true;
// Store all references to each subframe in advance since beforeunload's event handler may modify frame
Vector<RefPtr<Frame> > targetFrames;
targetFrames.append(m_frame);
for (Frame* child = m_frame->tree().firstChild(); child; child = child->tree().traverseNext(m_frame))
targetFrames.append(child);
bool shouldClose = false;
{
NavigationDisablerForBeforeUnload navigationDisabler;
size_t i;
bool didAllowNavigation = false;
for (i = 0; i < targetFrames.size(); i++) {
if (!targetFrames[i]->tree().isDescendantOf(m_frame))
continue;
if (!targetFrames[i]->document()->dispatchBeforeUnloadEvent(page->chrome(), didAllowNavigation))
break;
}
if (i == targetFrames.size())
shouldClose = true;
}
return shouldClose;
}
void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, FrameLoadType type, PassRefPtr<FormState> formState, const SubstituteData& substituteData, ClientRedirectPolicy clientRedirect, const String& overrideEncoding)
{
ASSERT(m_client->hasWebView());
if (m_frame->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal)
return;
// We skip dispatching the beforeload event on the frame owner if we've already committed a real
// document load because the event would leak subsequent activity by the frame which the parent
// frame isn't supposed to learn. For example, if the child frame navigated to a new URL, the
// parent frame shouldn't learn the URL.
if (!m_stateMachine.committedFirstRealDocumentLoad() && m_frame->ownerElement() && !m_frame->ownerElement()->dispatchBeforeLoadEvent(request.url().string()))
return;
if (!m_stateMachine.startedFirstRealLoad())
m_stateMachine.advanceTo(FrameLoaderStateMachine::StartedFirstRealLoad);
// The current load should replace the history item if it is the first real
// load of the frame. FrameLoadTypeRedirectWithLockedBackForwardList is a
// proxy for history()->currentItemShouldBeReplaced().
bool replacesCurrentHistoryItem = false;
if (type == FrameLoadTypeRedirectWithLockedBackForwardList
|| !m_stateMachine.committedFirstRealDocumentLoad()) {
replacesCurrentHistoryItem = true;
}
m_policyDocumentLoader = m_client->createDocumentLoader(request, substituteData.isValid() ? substituteData : defaultSubstituteDataForURL(request.url()));
m_policyDocumentLoader->setFrame(m_frame);
m_policyDocumentLoader->setTriggeringAction(action);
m_policyDocumentLoader->setReplacesCurrentHistoryItem(replacesCurrentHistoryItem);
m_policyDocumentLoader->setIsClientRedirect(clientRedirect == ClientRedirect);
if (Frame* parent = m_frame->tree().parent())
m_policyDocumentLoader->setOverrideEncoding(parent->loader().documentLoader()->overrideEncoding());
else if (!overrideEncoding.isEmpty())
m_policyDocumentLoader->setOverrideEncoding(overrideEncoding);
else if (m_documentLoader)
m_policyDocumentLoader->setOverrideEncoding(m_documentLoader->overrideEncoding());
// stopAllLoaders can detach the Frame, so protect it.
RefPtr<Frame> protect(m_frame);
if ((!m_policyDocumentLoader->shouldContinueForNavigationPolicy(request, DocumentLoader::PolicyCheckStandard) || !shouldClose()) && m_policyDocumentLoader) {
m_policyDocumentLoader->detachFromFrame();
m_policyDocumentLoader = 0;
return;
}
// A new navigation is in progress, so don't clear the history's provisional item.
stopAllLoaders();
// <rdar://problem/6250856> - In certain circumstances on pages with multiple frames, stopAllLoaders()
// might detach the current FrameLoader, in which case we should bail on this newly defunct load.
if (!m_frame->page() || !m_policyDocumentLoader)
return;
if (isLoadingMainFrame())
m_frame->page()->inspectorController().resume();
m_frame->navigationScheduler().cancel();
m_provisionalDocumentLoader = m_policyDocumentLoader.release();
m_loadType = type;
m_state = FrameStateProvisional;
if (formState)
m_client->dispatchWillSubmitForm(formState);
m_progressTracker->progressStarted();
if (m_provisionalDocumentLoader->isClientRedirect())
m_provisionalDocumentLoader->appendRedirect(m_frame->document()->url());
m_provisionalDocumentLoader->appendRedirect(m_provisionalDocumentLoader->request().url());
m_client->dispatchDidStartProvisionalLoad();
ASSERT(m_provisionalDocumentLoader);
m_provisionalDocumentLoader->startLoadingMainResource();
}
void FrameLoader::checkNewWindowPolicyAndContinue(PassRefPtr<FormState> formState, const String& frameName, const NavigationAction& action)
{
if (m_frame->document()->pageDismissalEventBeingDispatched() != Document::NoDismissal)
return;
if (m_frame->document() && m_frame->document()->isSandboxed(SandboxPopups))
return;
if (!DOMWindow::allowPopUp(m_frame))
return;
NavigationPolicy navigationPolicy = NavigationPolicyNewForegroundTab;
action.specifiesNavigationPolicy(&navigationPolicy);
if (navigationPolicy == NavigationPolicyDownload) {
m_client->loadURLExternally(action.resourceRequest(), navigationPolicy);
return;
}
RefPtr<Frame> frame = m_frame;
RefPtr<Frame> mainFrame = m_frame;
if (!m_frame->settings() || m_frame->settings()->supportsMultipleWindows()) {
struct WindowFeatures features;
Page* newPage = m_frame->page()->chrome().client().createWindow(m_frame, FrameLoadRequest(m_frame->document()->securityOrigin(), action.resourceRequest()),
features, navigationPolicy);
// createWindow can return null (e.g., popup blocker denies the window).
if (!newPage)
return;
mainFrame = newPage->mainFrame();
}
if (frameName != "_blank")
mainFrame->tree().setName(frameName);
mainFrame->page()->setOpenedByDOM();
mainFrame->page()->chrome().show(navigationPolicy);
if (!m_suppressOpenerInNewFrame) {
mainFrame->loader().setOpener(frame.get());
mainFrame->document()->setReferrerPolicy(frame->document()->referrerPolicy());
}
// FIXME: We can't just send our NavigationAction to the new FrameLoader's loadWithNavigationAction(), we need to
// create a new one with a default NavigationType and no triggering event. We should figure out why.
mainFrame->loader().loadWithNavigationAction(action.resourceRequest(), NavigationAction(action.resourceRequest()), FrameLoadTypeStandard, formState, SubstituteData());
}
void FrameLoader::applyUserAgent(ResourceRequest& request)
{
String userAgent = this->userAgent(request.url());
ASSERT(!userAgent.isNull());
request.setHTTPUserAgent(userAgent);
}
bool FrameLoader::shouldInterruptLoadForXFrameOptions(const String& content, const KURL& url, unsigned long requestIdentifier)
{
UseCounter::count(m_frame->domWindow(), UseCounter::XFrameOptions);
Frame* topFrame = m_frame->tree().top();
if (m_frame == topFrame)
return false;
XFrameOptionsDisposition disposition = parseXFrameOptionsHeader(content);
switch (disposition) {
case XFrameOptionsSameOrigin: {
UseCounter::count(m_frame->domWindow(), UseCounter::XFrameOptionsSameOrigin);
RefPtr<SecurityOrigin> origin = SecurityOrigin::create(url);
if (!origin->isSameSchemeHostPort(topFrame->document()->securityOrigin()))
return true;
for (Frame* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
if (!origin->isSameSchemeHostPort(frame->document()->securityOrigin())) {
UseCounter::count(m_frame->domWindow(), UseCounter::XFrameOptionsSameOriginWithBadAncestorChain);
return true;
}
}
return false;
}
case XFrameOptionsDeny:
return true;
case XFrameOptionsAllowAll:
return false;
case XFrameOptionsConflict:
m_frame->document()->addConsoleMessageWithRequestIdentifier(JSMessageSource, ErrorMessageLevel, "Multiple 'X-Frame-Options' headers with conflicting values ('" + content + "') encountered when loading '" + url.elidedString() + "'. Falling back to 'DENY'.", requestIdentifier);
return true;
case XFrameOptionsInvalid:
m_frame->document()->addConsoleMessageWithRequestIdentifier(JSMessageSource, ErrorMessageLevel, "Invalid 'X-Frame-Options' header encountered when loading '" + url.elidedString() + "': '" + content + "' is not a recognized directive. The header will be ignored.", requestIdentifier);
return false;
default:
ASSERT_NOT_REACHED();
return false;
}
}
bool FrameLoader::shouldTreatURLAsSameAsCurrent(const KURL& url) const
{
if (!history()->currentItem())
return false;
return url == history()->currentItem()->url() || url == history()->currentItem()->originalURL();
}
bool FrameLoader::shouldTreatURLAsSrcdocDocument(const KURL& url) const
{
if (!equalIgnoringCase(url.string(), "about:srcdoc"))
return false;
HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement();
if (!ownerElement)
return false;
if (!ownerElement->hasTagName(iframeTag))
return false;
return ownerElement->fastHasAttribute(srcdocAttr);
}
Frame* FrameLoader::findFrameForNavigation(const AtomicString& name, Document* activeDocument)
{
ASSERT(activeDocument);
Frame* frame = m_frame->tree().find(name);
// From http://www.whatwg.org/specs/web-apps/current-work/#seamlessLinks:
//
// If the source browsing context is the same as the browsing context
// being navigated, and this browsing context has its seamless browsing
// context flag set, and the browsing context being navigated was not
// chosen using an explicit self-navigation override, then find the
// nearest ancestor browsing context that does not have its seamless
// browsing context flag set, and continue these steps as if that
// browsing context was the one that was going to be navigated instead.
if (frame == m_frame && name != "_self" && m_frame->document()->shouldDisplaySeamlesslyWithParent()) {
for (Frame* ancestor = m_frame; ancestor; ancestor = ancestor->tree().parent()) {
if (!ancestor->document()->shouldDisplaySeamlesslyWithParent()) {
frame = ancestor;
break;
}
}
ASSERT(frame != m_frame);
}
if (!activeDocument->canNavigate(frame))
return 0;
return frame;
}
void FrameLoader::loadHistoryItem(HistoryItem* item)
{
HistoryItem* currentItem = history()->currentItem();
if (currentItem && item->shouldDoSameDocumentNavigationTo(currentItem)) {
history()->setCurrentItem(item);
loadInSameDocument(item->url(), item->stateObject(), false, NotClientRedirect);
return;
}
// Remember this item so we can traverse any child items as child frames load
history()->setProvisionalItem(item);
RefPtr<FormData> formData = item->formData();
ResourceRequest request(item->url());
request.setHTTPReferrer(item->referrer());
if (formData) {
request.setHTTPMethod("POST");
request.setHTTPBody(formData);
request.setHTTPContentType(item->formContentType());
RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::createFromString(item->referrer());
addHTTPOriginIfNeeded(request, securityOrigin->toString());
}
loadWithNavigationAction(request, NavigationAction(request, FrameLoadTypeBackForward, formData), FrameLoadTypeBackForward, 0, SubstituteData());
}
void FrameLoader::insertDummyHistoryItem()
{
RefPtr<HistoryItem> currentItem = HistoryItem::create();
history()->setCurrentItem(currentItem.get());
}
void FrameLoader::dispatchDocumentElementAvailable()
{
m_client->documentElementAvailable();
}
void FrameLoader::dispatchDidClearWindowObjectsInAllWorlds()
{
if (!m_frame->script().canExecuteScripts(NotAboutToExecuteScript))
return;
Vector<RefPtr<DOMWrapperWorld> > worlds;
DOMWrapperWorld::getAllWorlds(worlds);
for (size_t i = 0; i < worlds.size(); ++i)
dispatchDidClearWindowObjectInWorld(worlds[i].get());
}
void FrameLoader::dispatchDidClearWindowObjectInWorld(DOMWrapperWorld* world)
{
if (!m_frame->script().canExecuteScripts(NotAboutToExecuteScript) || !m_frame->script().existingWindowShell(world))
return;
m_client->dispatchDidClearWindowObjectInWorld(world);
if (Page* page = m_frame->page())
page->inspectorController().didClearWindowObjectInWorld(m_frame, world);
InspectorInstrumentation::didClearWindowObjectInWorld(m_frame, world);
}
SandboxFlags FrameLoader::effectiveSandboxFlags() const
{
SandboxFlags flags = m_forcedSandboxFlags;
if (Frame* parentFrame = m_frame->tree().parent())
flags |= parentFrame->document()->sandboxFlags();
if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
flags |= ownerElement->sandboxFlags();
return flags;
}
} // namespace WebCore