/* * Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #if USE(PLUGIN_HOST_PROCESS) #ifndef NetscapePluginInstanceProxy_h #define NetscapePluginInstanceProxy_h #include <JavaScriptCore/JSGlobalData.h> #include <JavaScriptCore/Strong.h> #include <WebCore/Timer.h> #include <WebKit/npapi.h> #include <wtf/Deque.h> #include <wtf/Forward.h> #include <wtf/HashMap.h> #include <wtf/PassRefPtr.h> #include <wtf/RefCounted.h> #include <wtf/RetainPtr.h> #include "WebKitPluginHostTypes.h" namespace JSC { namespace Bindings { class Instance; class RootObject; } class ArgList; } @class WebHostedNetscapePluginView; @class WebFrame; namespace WebKit { class HostedNetscapePluginStream; class NetscapePluginHostProxy; class PluginRequest; class ProxyInstance; class NetscapePluginInstanceProxy : public RefCounted<NetscapePluginInstanceProxy> { public: static PassRefPtr<NetscapePluginInstanceProxy> create(NetscapePluginHostProxy*, WebHostedNetscapePluginView *, bool fullFramePlugin); ~NetscapePluginInstanceProxy(); uint32_t pluginID() const { ASSERT(m_pluginID); return m_pluginID; } uint32_t renderContextID() const { ASSERT(fastMallocSize(this)); return m_renderContextID; } void setRenderContextID(uint32_t renderContextID) { m_renderContextID = renderContextID; } RendererType rendererType() const { return m_rendererType; } void setRendererType(RendererType rendererType) { m_rendererType = rendererType; } WebHostedNetscapePluginView *pluginView() const { ASSERT(fastMallocSize(this)); return m_pluginView; } NetscapePluginHostProxy* hostProxy() const { ASSERT(fastMallocSize(this)); return m_pluginHostProxy; } bool cancelStreamLoad(uint32_t streamID, NPReason); void disconnectStream(HostedNetscapePluginStream*); void setManualStream(PassRefPtr<HostedNetscapePluginStream>); HostedNetscapePluginStream* manualStream() const { return m_manualStream.get(); } void pluginHostDied(); void resize(NSRect size, NSRect clipRect); void destroy(); void focusChanged(bool hasFocus); void windowFocusChanged(bool hasFocus); void windowFrameChanged(NSRect frame); void mouseEvent(NSView *pluginView, NSEvent *, NPCocoaEventType); void keyEvent(NSView *pluginView, NSEvent *, NPCocoaEventType); void insertText(NSString *); bool wheelEvent(NSView *pluginView, NSEvent *); void syntheticKeyDownWithCommandModifier(int keyCode, char character); void flagsChanged(NSEvent *); void print(CGContextRef, unsigned width, unsigned height); void snapshot(CGContextRef, unsigned width, unsigned height); void startTimers(bool throttleTimers); void stopTimers(); void invalidateRect(double x, double y, double width, double height); // NPRuntime bool getWindowNPObject(uint32_t& objectID); bool getPluginElementNPObject(uint32_t& objectID); bool forgetBrowserObjectID(uint32_t objectID); // Will fail if the ID is being sent to plug-in right now (i.e., retain/release calls aren't balanced). bool evaluate(uint32_t objectID, const WTF::String& script, data_t& resultData, mach_msg_type_number_t& resultLength, bool allowPopups); bool invoke(uint32_t objectID, const JSC::Identifier& methodName, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength); bool invokeDefault(uint32_t objectID, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength); bool construct(uint32_t objectID, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength); bool enumerate(uint32_t objectID, data_t& resultData, mach_msg_type_number_t& resultLength); bool getProperty(uint32_t objectID, const JSC::Identifier& propertyName, data_t &resultData, mach_msg_type_number_t& resultLength); bool getProperty(uint32_t objectID, unsigned propertyName, data_t &resultData, mach_msg_type_number_t& resultLength); bool setProperty(uint32_t objectID, const JSC::Identifier& propertyName, data_t valueData, mach_msg_type_number_t valueLength); bool setProperty(uint32_t objectID, unsigned propertyName, data_t valueData, mach_msg_type_number_t valueLength); bool removeProperty(uint32_t objectID, const JSC::Identifier& propertyName); bool removeProperty(uint32_t objectID, unsigned propertyName); bool hasProperty(uint32_t objectID, const JSC::Identifier& propertyName); bool hasProperty(uint32_t objectID, unsigned propertyName); bool hasMethod(uint32_t objectID, const JSC::Identifier& methodName); void status(const char* message); NPError loadURL(const char* url, const char* target, const char* postData, uint32_t postDataLength, LoadURLFlags, uint32_t& requestID); bool getCookies(data_t urlData, mach_msg_type_number_t urlLength, data_t& cookiesData, mach_msg_type_number_t& cookiesLength); bool setCookies(data_t urlData, mach_msg_type_number_t urlLength, data_t cookiesData, mach_msg_type_number_t cookiesLength); bool getProxy(data_t urlData, mach_msg_type_number_t urlLength, data_t& proxyData, mach_msg_type_number_t& proxyLength); bool getAuthenticationInfo(data_t protocolData, data_t hostData, uint32_t port, data_t schemeData, data_t realmData, data_t& usernameData, mach_msg_type_number_t& usernameLength, data_t& passwordData, mach_msg_type_number_t& passwordLength); bool convertPoint(double sourceX, double sourceY, NPCoordinateSpace sourceSpace, double& destX, double& destY, NPCoordinateSpace destSpace); PassRefPtr<JSC::Bindings::Instance> createBindingsInstance(PassRefPtr<JSC::Bindings::RootObject>); RetainPtr<NSData *> marshalValues(JSC::ExecState*, const JSC::ArgList& args); void marshalValue(JSC::ExecState*, JSC::JSValue, data_t& resultData, mach_msg_type_number_t& resultLength); JSC::JSValue demarshalValue(JSC::ExecState*, const char* valueData, mach_msg_type_number_t valueLength); // No-op if the value does not contain a local object. void retainLocalObject(JSC::JSValue); void releaseLocalObject(JSC::JSValue); void addInstance(ProxyInstance*); void removeInstance(ProxyInstance*); void cleanup(); void invalidate(); void willCallPluginFunction(); void didCallPluginFunction(bool& stopped); bool shouldStop(); uint32_t nextRequestID(); uint32_t checkIfAllowedToLoadURL(const char* url, const char* target); void cancelCheckIfAllowedToLoadURL(uint32_t checkID); void checkIfAllowedToLoadURLResult(uint32_t checkID, bool allowed); void resolveURL(const char* url, const char* target, data_t& resolvedURLData, mach_msg_type_number_t& resolvedURLLength); void didDraw(); void privateBrowsingModeDidChange(bool isPrivateBrowsingEnabled); static void setGlobalException(const WTF::String&); static void moveGlobalExceptionToExecState(JSC::ExecState*); // Reply structs struct Reply { enum Type { InstantiatePlugin, GetScriptableNPObject, BooleanAndData, Boolean }; Reply(Type type) : m_type(type) { } virtual ~Reply() { } Type m_type; }; struct InstantiatePluginReply : public Reply { static const int ReplyType = InstantiatePlugin; InstantiatePluginReply(kern_return_t resultCode, uint32_t renderContextID, RendererType rendererType) : Reply(InstantiatePlugin) , m_resultCode(resultCode) , m_renderContextID(renderContextID) , m_rendererType(rendererType) { } kern_return_t m_resultCode; uint32_t m_renderContextID; RendererType m_rendererType; }; struct GetScriptableNPObjectReply : public Reply { static const Reply::Type ReplyType = GetScriptableNPObject; GetScriptableNPObjectReply(uint32_t objectID) : Reply(ReplyType) , m_objectID(objectID) { } uint32_t m_objectID; }; struct BooleanReply : public Reply { static const Reply::Type ReplyType = Boolean; BooleanReply(boolean_t result) : Reply(ReplyType) , m_result(result) { } boolean_t m_result; }; struct BooleanAndDataReply : public Reply { static const Reply::Type ReplyType = BooleanAndData; BooleanAndDataReply(boolean_t returnValue, RetainPtr<CFDataRef> result) : Reply(ReplyType) , m_returnValue(returnValue) , m_result(result) { } boolean_t m_returnValue; RetainPtr<CFDataRef> m_result; }; void setCurrentReply(uint32_t requestID, Reply* reply) { ASSERT(!m_replies.contains(requestID)); m_replies.set(requestID, reply); } template <typename T> std::auto_ptr<T> waitForReply(uint32_t requestID) { RefPtr<NetscapePluginInstanceProxy> protect(this); // Plug-in host may crash while we are waiting for reply, releasing all instances to the instance proxy. willCallPluginFunction(); m_waitingForReply = true; Reply* reply = processRequestsAndWaitForReply(requestID); if (reply) ASSERT(reply->m_type == T::ReplyType); m_waitingForReply = false; bool stopped = false; didCallPluginFunction(stopped); if (stopped) { // The instance proxy may have been deleted from didCallPluginFunction(), so a null reply needs to be returned. delete static_cast<T*>(reply); return std::auto_ptr<T>(); } return std::auto_ptr<T>(static_cast<T*>(reply)); } void webFrameDidFinishLoadWithReason(WebFrame*, NPReason); private: NetscapePluginInstanceProxy(NetscapePluginHostProxy*, WebHostedNetscapePluginView*, bool fullFramePlugin); NPError loadRequest(NSURLRequest*, const char* cTarget, bool currentEventIsUserGesture, uint32_t& streamID); class PluginRequest; void performRequest(PluginRequest*); void evaluateJavaScript(PluginRequest*); void stopAllStreams(); Reply* processRequestsAndWaitForReply(uint32_t requestID); NetscapePluginHostProxy* m_pluginHostProxy; WebHostedNetscapePluginView *m_pluginView; void requestTimerFired(WebCore::Timer<NetscapePluginInstanceProxy>*); WebCore::Timer<NetscapePluginInstanceProxy> m_requestTimer; Deque<RefPtr<PluginRequest> > m_pluginRequests; HashMap<uint32_t, RefPtr<HostedNetscapePluginStream> > m_streams; uint32_t m_currentURLRequestID; uint32_t m_pluginID; uint32_t m_renderContextID; RendererType m_rendererType; bool m_waitingForReply; HashMap<uint32_t, Reply*> m_replies; // NPRuntime void addValueToArray(NSMutableArray *, JSC::ExecState* exec, JSC::JSValue value); bool demarshalValueFromArray(JSC::ExecState*, NSArray *array, NSUInteger& index, JSC::JSValue& result); void demarshalValues(JSC::ExecState*, data_t valuesData, mach_msg_type_number_t valuesLength, JSC::MarkedArgumentBuffer& result); class LocalObjectMap { WTF_MAKE_NONCOPYABLE(LocalObjectMap); public: LocalObjectMap(); ~LocalObjectMap(); uint32_t idForObject(JSC::JSGlobalData&, JSC::JSObject*); void retain(JSC::JSObject*); void release(JSC::JSObject*); void clear(); bool forget(uint32_t); bool contains(uint32_t) const; JSC::JSObject* get(uint32_t) const; private: HashMap<uint32_t, JSC::Strong<JSC::JSObject> > m_idToJSObjectMap; // The pair consists of object ID and a reference count. One reference belongs to remote plug-in, // and the proxy will add transient references for arguments that are being sent out. HashMap<JSC::JSObject*, pair<uint32_t, uint32_t> > m_jsObjectToIDMap; uint32_t m_objectIDCounter; }; LocalObjectMap m_localObjects; typedef HashSet<ProxyInstance*> ProxyInstanceSet; ProxyInstanceSet m_instances; uint32_t m_urlCheckCounter; typedef HashMap<uint32_t, RetainPtr<id> > URLCheckMap; URLCheckMap m_urlChecks; unsigned m_pluginFunctionCallDepth; bool m_shouldStopSoon; uint32_t m_currentRequestID; // All NPRuntime functions will return false when destroying a plug-in. This is necessary because there may be unhandled messages waiting, // and spinning in processRequests() will unexpectedly execute them from inside destroy(). That's not a good time to execute arbitrary JavaScript, // since both loading and rendering data structures may be in inconsistent state. // This suppresses calls from all plug-ins, even those in different pages, since JS might affect the frame with plug-in that's being stopped. // // FIXME: Plug-ins can execute arbitrary JS from destroy() in same process case, and other browsers also support that. // A better fix may be to make sure that unrelated messages are postponed until after destroy() returns. // Another possible fix may be to send destroy message at a time when internal structures are consistent. // // FIXME: We lack similar message suppression in other cases - resize() is also triggered by layout, so executing arbitrary JS is also problematic. static bool m_inDestroy; bool m_pluginIsWaitingForDraw; RefPtr<HostedNetscapePluginStream> m_manualStream; typedef HashMap<WebFrame*, RefPtr<PluginRequest> > FrameLoadMap; FrameLoadMap m_pendingFrameLoads; }; } // namespace WebKit #endif // NetscapePluginInstanceProxy_h #endif // USE(PLUGIN_HOST_PROCESS)