// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome_frame/urlmon_bind_status_callback.h"
#include <mshtml.h>
#include <shlguid.h>
#include "base/logging.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "base/threading/platform_thread.h"
#include "chrome_frame/bind_context_info.h"
#include "chrome_frame/chrome_tab.h"
#include "chrome_frame/exception_barrier.h"
#include "chrome_frame/urlmon_moniker.h"
// A helper to given feed data to the specified |bscb| using
// CacheStream instance.
HRESULT CacheStream::BSCBFeedData(IBindStatusCallback* bscb, const char* data,
size_t size, CLIPFORMAT clip_format,
size_t flags, bool eof) {
if (!bscb) {
NOTREACHED() << "invalid IBindStatusCallback";
return E_INVALIDARG;
}
// We can't use a CComObjectStackEx here since mshtml will hold
// onto the stream pointer.
CComObject<CacheStream>* cache_stream = NULL;
HRESULT hr = CComObject<CacheStream>::CreateInstance(&cache_stream);
if (FAILED(hr)) {
NOTREACHED();
return hr;
}
scoped_refptr<CacheStream> cache_ref = cache_stream;
hr = cache_stream->Initialize(data, size, eof);
if (FAILED(hr))
return hr;
FORMATETC format_etc = { clip_format, NULL, DVASPECT_CONTENT, -1,
TYMED_ISTREAM };
STGMEDIUM medium = {0};
medium.tymed = TYMED_ISTREAM;
medium.pstm = cache_stream;
hr = bscb->OnDataAvailable(flags, size, &format_etc, &medium);
return hr;
}
HRESULT CacheStream::Initialize(const char* cache, size_t size, bool eof) {
position_ = 0;
eof_ = eof;
HRESULT hr = S_OK;
cache_.reset(new char[size]);
if (cache_.get()) {
memcpy(cache_.get(), cache, size);
size_ = size;
} else {
DLOG(ERROR) << "failed to allocate cache stream.";
hr = E_OUTOFMEMORY;
}
return hr;
}
// Read is the only call that we expect. Return E_PENDING if there
// is no more data to serve. Otherwise this will result in a
// read with 0 bytes indicating that no more data is available.
STDMETHODIMP CacheStream::Read(void* pv, ULONG cb, ULONG* read) {
if (!pv || !read)
return E_INVALIDARG;
if (!cache_.get()) {
*read = 0;
return S_FALSE;
}
// Default to E_PENDING to signal that this is a partial data.
HRESULT hr = eof_ ? S_FALSE : E_PENDING;
if (position_ < size_) {
*read = std::min(size_ - position_, size_t(cb));
memcpy(pv, cache_ .get() + position_, *read);
position_ += *read;
hr = S_OK;
}
return hr;
}
/////////////////////////////////////////////////////////////////////
HRESULT SniffData::InitializeCache(const std::wstring& url) {
url_ = url;
renderer_type_ = UNDETERMINED;
const int kInitialSize = 4 * 1024; // 4K
HGLOBAL mem = GlobalAlloc(0, kInitialSize);
DCHECK(mem) << "GlobalAlloc failed: " << GetLastError();
HRESULT hr = CreateStreamOnHGlobal(mem, TRUE, cache_.Receive());
if (SUCCEEDED(hr)) {
ULARGE_INTEGER size = {0};
cache_->SetSize(size);
} else {
DLOG(ERROR) << "CreateStreamOnHGlobal failed: " << hr;
}
return hr;
}
HRESULT SniffData::ReadIntoCache(IStream* stream, bool force_determination) {
if (!stream) {
NOTREACHED();
return E_INVALIDARG;
}
HRESULT hr = S_OK;
while (SUCCEEDED(hr)) {
const size_t kChunkSize = 4 * 1024;
char buffer[kChunkSize];
DWORD read = 0;
hr = stream->Read(buffer, sizeof(buffer), &read);
if (read) {
DWORD written = 0;
cache_->Write(buffer, read, &written);
size_ += written;
}
if ((S_FALSE == hr) || !read)
break;
}
bool last_chance = force_determination || (size() >= kMaxSniffSize);
eof_ = force_determination;
DetermineRendererType(last_chance);
return hr;
}
HRESULT SniffData::DrainCache(IBindStatusCallback* bscb, DWORD bscf,
CLIPFORMAT clip_format) {
if (!is_cache_valid()) {
return S_OK;
}
// Ideally we could just use the cache_ IStream implementation but
// can't use it here since we have to return E_PENDING for the
// last call
HGLOBAL memory = NULL;
HRESULT hr = GetHGlobalFromStream(cache_, &memory);
if (SUCCEEDED(hr) && memory) {
char* buffer = reinterpret_cast<char*>(GlobalLock(memory));
hr = CacheStream::BSCBFeedData(bscb, buffer, size_, clip_format, bscf,
eof_);
GlobalUnlock(memory);
}
size_ = 0;
cache_.Release();
return hr;
}
// Scan the buffer or OptIn URL list and decide if the renderer is
// to be switched. Last chance means there's no more data.
void SniffData::DetermineRendererType(bool last_chance) {
if (is_undetermined()) {
if (last_chance)
renderer_type_ = OTHER;
if (IsChrome(RendererTypeForUrl(url_))) {
renderer_type_ = CHROME;
} else {
if (is_cache_valid() && cache_) {
HGLOBAL memory = NULL;
GetHGlobalFromStream(cache_, &memory);
const char* buffer = reinterpret_cast<const char*>(GlobalLock(memory));
std::wstring html_contents;
// TODO(joshia): detect and handle different content encodings
if (buffer && size_) {
UTF8ToWide(buffer, std::min(size_, kMaxSniffSize), &html_contents);
GlobalUnlock(memory);
}
// Note that document_contents_ may have NULL characters in it. While
// browsers may handle this properly, we don't and will stop scanning
// for the XUACompat content value if we encounter one.
std::wstring xua_compat_content;
UtilGetXUACompatContentValue(html_contents, &xua_compat_content);
if (StrStrI(xua_compat_content.c_str(), kChromeContentPrefix)) {
renderer_type_ = CHROME;
}
}
}
DVLOG(1) << __FUNCTION__ << "Url: " << url_ << base::StringPrintf(
"Renderer type: %s", renderer_type_ == CHROME ? "CHROME" : "OTHER");
}
}
/////////////////////////////////////////////////////////////////////
BSCBStorageBind::BSCBStorageBind() : clip_format_(CF_NULL) {
}
BSCBStorageBind::~BSCBStorageBind() {
std::for_each(saved_progress_.begin(), saved_progress_.end(),
utils::DeleteObject());
}
HRESULT BSCBStorageBind::Initialize(IMoniker* moniker, IBindCtx* bind_ctx) {
DVLOG(1) << __FUNCTION__ << me()
<< base::StringPrintf(" tid=%i", base::PlatformThread::CurrentId());
std::wstring url = GetActualUrlFromMoniker(moniker, bind_ctx,
std::wstring());
HRESULT hr = data_sniffer_.InitializeCache(url);
if (FAILED(hr))
return hr;
hr = AttachToBind(bind_ctx);
if (FAILED(hr)) {
NOTREACHED() << __FUNCTION__ << me() << "AttachToBind error: " << hr;
return hr;
}
if (!delegate()) {
NOTREACHED() << __FUNCTION__ << me() << "No existing callback: " << hr;
return E_FAIL;
}
return hr;
}
STDMETHODIMP BSCBStorageBind::OnProgress(ULONG progress, ULONG progress_max,
ULONG status_code, LPCWSTR status_text) {
DVLOG(1) << __FUNCTION__ << me()
<< base::StringPrintf(" status=%i tid=%i %ls", status_code,
base::PlatformThread::CurrentId(),
status_text);
// Report all crashes in the exception handler if we wrap the callback.
// Note that this avoids having the VEH report a crash if an SEH earlier in
// the chain handles the exception.
ExceptionBarrier barrier;
HRESULT hr = S_OK;
// TODO(ananta)
// ChromeFrame will not be informed of any redirects which occur while we
// switch into Chrome. This will only break the moniker patch which is
// legacy and needs to be deleted.
if (ShouldCacheProgress(status_code)) {
saved_progress_.push_back(new Progress(progress, progress_max, status_code,
status_text));
} else {
hr = CallbackImpl::OnProgress(progress, progress_max, status_code,
status_text);
}
return hr;
}
// Refer to urlmon_moniker.h for explanation of how things work.
STDMETHODIMP BSCBStorageBind::OnDataAvailable(DWORD flags, DWORD size,
FORMATETC* format_etc,
STGMEDIUM* stgmed) {
DVLOG(1) << __FUNCTION__
<< base::StringPrintf(" tid=%i", base::PlatformThread::CurrentId());
// Report all crashes in the exception handler if we wrap the callback.
// Note that this avoids having the VEH report a crash if an SEH earlier in
// the chain handles the exception.
ExceptionBarrier barrier;
// Do not touch anything other than text/html.
bool is_interesting = (format_etc && stgmed && stgmed->pstm &&
stgmed->tymed == TYMED_ISTREAM &&
IsTextHtmlClipFormat(format_etc->cfFormat));
if (!is_interesting) {
// Play back report progress so far.
MayPlayBack(flags);
return CallbackImpl::OnDataAvailable(flags, size, format_etc, stgmed);
}
HRESULT hr = S_OK;
if (!clip_format_)
clip_format_ = format_etc->cfFormat;
if (data_sniffer_.is_undetermined()) {
bool force_determination = !!(flags &
(BSCF_LASTDATANOTIFICATION | BSCF_DATAFULLYAVAILABLE));
hr = data_sniffer_.ReadIntoCache(stgmed->pstm, force_determination);
// If we don't have sufficient data to determine renderer type
// wait for the next data notification.
if (data_sniffer_.is_undetermined())
return S_OK;
}
DCHECK(!data_sniffer_.is_undetermined());
if (data_sniffer_.is_cache_valid()) {
hr = MayPlayBack(flags);
DCHECK(!data_sniffer_.is_cache_valid());
} else {
hr = CallbackImpl::OnDataAvailable(flags, size, format_etc, stgmed);
}
return hr;
}
STDMETHODIMP BSCBStorageBind::OnStopBinding(HRESULT hresult, LPCWSTR error) {
DVLOG(1) << __FUNCTION__
<< base::StringPrintf(" tid=%i", base::PlatformThread::CurrentId());
// Report all crashes in the exception handler if we wrap the callback.
// Note that this avoids having the VEH report a crash if an SEH earlier in
// the chain handles the exception.
ExceptionBarrier barrier;
HRESULT hr = MayPlayBack(BSCF_LASTDATANOTIFICATION);
if (FAILED(hr))
return hr;
hr = CallbackImpl::OnStopBinding(hresult, error);
ReleaseBind();
return hr;
}
// Play back the cached data to the delegate. Normally this would happen
// when we have read enough data to determine the renderer. In this case
// we first play back the data from the cache and then go into a 'pass
// through' mode. In some cases we may end up getting OnStopBinding
// before we get a chance to determine. Also it's possible that the
// BindToStorage call will return before OnStopBinding is sent. Hence
// This is called from 3 places and it's important to maintain the
// exact sequence of calls.
// Once the data is played back, calling this again is a no op.
HRESULT BSCBStorageBind::MayPlayBack(DWORD flags) {
// Force renderer type determination if not already done since
// we want to play back data now.
data_sniffer_.DetermineRendererType(true);
DCHECK(!data_sniffer_.is_undetermined());
HRESULT hr = S_OK;
if (data_sniffer_.is_chrome()) {
// Remember clip format. If we are switching to chrome, then in order
// to make mshtml return INET_E_TERMINATED_BIND and reissue navigation
// with the same bind context, we have to return a mime type that is
// special cased by mshtml.
static const CLIPFORMAT kMagicClipFormat =
RegisterClipboardFormat(CFSTR_MIME_MPEG);
clip_format_ = kMagicClipFormat;
} else {
if (!saved_progress_.empty()) {
for (ProgressVector::iterator i = saved_progress_.begin();
i != saved_progress_.end(); i++) {
Progress* p = (*i);
// We don't really expect a race condition here but just for sake
// of completeness we check.
if (p) {
(*i) = NULL;
CallbackImpl::OnProgress(p->progress(), p->progress_max(),
p->status_code(), p->status_text());
delete p;
}
}
saved_progress_.clear();
}
}
if (data_sniffer_.is_cache_valid()) {
if (data_sniffer_.is_chrome()) {
base::win::ScopedComPtr<BindContextInfo> info;
BindContextInfo::FromBindContext(bind_ctx_, info.Receive());
DCHECK(info);
if (info) {
info->SetToSwitch(data_sniffer_.cache_);
}
}
hr = data_sniffer_.DrainCache(delegate(),
flags | BSCF_FIRSTDATANOTIFICATION, clip_format_);
DLOG_IF(WARNING, INET_E_TERMINATED_BIND != hr) << __FUNCTION__ <<
" mshtml OnDataAvailable returned: " << std::hex << hr;
}
return hr;
}
// We cache and suppress sending progress notifications till
// we get the first OnDataAvailable. This is to prevent
// mshtml from making up its mind about the mime type.
// However, this is the invasive part of the patch and
// could trip other software that's due to mistimed progress
// notifications. It is probably not a good idea to hide redirects
// and some cookie notifications.
//
// We only need to suppress data notifications like
// BINDSTATUS_MIMETYPEAVAILABLE,
// BINDSTATUS_CACHEFILENAMEAVAILABLE etc.
//
// This is an atempt to reduce the exposure by starting to
// cache only when we receive one of the interesting progress
// notification.
bool BSCBStorageBind::ShouldCacheProgress(unsigned long status_code) const {
// We need to cache progress notifications only if we haven't yet figured
// out which way the request is going.
if (data_sniffer_.is_undetermined()) {
// If we are already caching then continue.
if (!saved_progress_.empty())
return true;
// Start caching only if we see one of the interesting progress
// notifications.
switch (status_code) {
case BINDSTATUS_BEGINDOWNLOADDATA:
case BINDSTATUS_DOWNLOADINGDATA:
case BINDSTATUS_USINGCACHEDCOPY:
case BINDSTATUS_MIMETYPEAVAILABLE:
case BINDSTATUS_CACHEFILENAMEAVAILABLE:
case BINDSTATUS_SERVER_MIMETYPEAVAILABLE:
return true;
default:
break;
}
}
return false;
}