1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
|
/*
* Copyright (C) 2008, 2009, 2010 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#if USE(PLUGIN_HOST_PROCESS)
#ifndef NetscapePluginInstanceProxy_h
#define NetscapePluginInstanceProxy_h
#include <JavaScriptCore/JSGlobalData.h>
#include <JavaScriptCore/Strong.h>
#include <WebCore/Timer.h>
#include <WebKit/npapi.h>
#include <wtf/Deque.h>
#include <wtf/Forward.h>
#include <wtf/HashMap.h>
#include <wtf/PassRefPtr.h>
#include <wtf/RefCounted.h>
#include <wtf/RetainPtr.h>
#include "WebKitPluginHostTypes.h"
namespace JSC {
namespace Bindings {
class Instance;
class RootObject;
}
class ArgList;
}
@class WebHostedNetscapePluginView;
@class WebFrame;
namespace WebKit {
class HostedNetscapePluginStream;
class NetscapePluginHostProxy;
class PluginRequest;
class ProxyInstance;
class NetscapePluginInstanceProxy : public RefCounted<NetscapePluginInstanceProxy> {
public:
static PassRefPtr<NetscapePluginInstanceProxy> create(NetscapePluginHostProxy*, WebHostedNetscapePluginView *, bool fullFramePlugin);
~NetscapePluginInstanceProxy();
uint32_t pluginID() const
{
ASSERT(m_pluginID);
return m_pluginID;
}
uint32_t renderContextID() const { ASSERT(fastMallocSize(this)); return m_renderContextID; }
void setRenderContextID(uint32_t renderContextID) { m_renderContextID = renderContextID; }
RendererType rendererType() const { return m_rendererType; }
void setRendererType(RendererType rendererType) { m_rendererType = rendererType; }
WebHostedNetscapePluginView *pluginView() const { ASSERT(fastMallocSize(this)); return m_pluginView; }
NetscapePluginHostProxy* hostProxy() const { ASSERT(fastMallocSize(this)); return m_pluginHostProxy; }
bool cancelStreamLoad(uint32_t streamID, NPReason);
void disconnectStream(HostedNetscapePluginStream*);
void setManualStream(PassRefPtr<HostedNetscapePluginStream>);
HostedNetscapePluginStream* manualStream() const { return m_manualStream.get(); }
void pluginHostDied();
void resize(NSRect size, NSRect clipRect);
void destroy();
void focusChanged(bool hasFocus);
void windowFocusChanged(bool hasFocus);
void windowFrameChanged(NSRect frame);
void mouseEvent(NSView *pluginView, NSEvent *, NPCocoaEventType);
void keyEvent(NSView *pluginView, NSEvent *, NPCocoaEventType);
void insertText(NSString *);
bool wheelEvent(NSView *pluginView, NSEvent *);
void syntheticKeyDownWithCommandModifier(int keyCode, char character);
void flagsChanged(NSEvent *);
void print(CGContextRef, unsigned width, unsigned height);
void snapshot(CGContextRef, unsigned width, unsigned height);
void startTimers(bool throttleTimers);
void stopTimers();
void invalidateRect(double x, double y, double width, double height);
// NPRuntime
bool getWindowNPObject(uint32_t& objectID);
bool getPluginElementNPObject(uint32_t& objectID);
bool forgetBrowserObjectID(uint32_t objectID); // Will fail if the ID is being sent to plug-in right now (i.e., retain/release calls aren't balanced).
bool evaluate(uint32_t objectID, const WTF::String& script, data_t& resultData, mach_msg_type_number_t& resultLength, bool allowPopups);
bool invoke(uint32_t objectID, const JSC::Identifier& methodName, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength);
bool invokeDefault(uint32_t objectID, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength);
bool construct(uint32_t objectID, data_t argumentsData, mach_msg_type_number_t argumentsLength, data_t& resultData, mach_msg_type_number_t& resultLength);
bool enumerate(uint32_t objectID, data_t& resultData, mach_msg_type_number_t& resultLength);
bool getProperty(uint32_t objectID, const JSC::Identifier& propertyName, data_t &resultData, mach_msg_type_number_t& resultLength);
bool getProperty(uint32_t objectID, unsigned propertyName, data_t &resultData, mach_msg_type_number_t& resultLength);
bool setProperty(uint32_t objectID, const JSC::Identifier& propertyName, data_t valueData, mach_msg_type_number_t valueLength);
bool setProperty(uint32_t objectID, unsigned propertyName, data_t valueData, mach_msg_type_number_t valueLength);
bool removeProperty(uint32_t objectID, const JSC::Identifier& propertyName);
bool removeProperty(uint32_t objectID, unsigned propertyName);
bool hasProperty(uint32_t objectID, const JSC::Identifier& propertyName);
bool hasProperty(uint32_t objectID, unsigned propertyName);
bool hasMethod(uint32_t objectID, const JSC::Identifier& methodName);
void status(const char* message);
NPError loadURL(const char* url, const char* target, const char* postData, uint32_t postDataLength, LoadURLFlags, uint32_t& requestID);
bool getCookies(data_t urlData, mach_msg_type_number_t urlLength, data_t& cookiesData, mach_msg_type_number_t& cookiesLength);
bool setCookies(data_t urlData, mach_msg_type_number_t urlLength, data_t cookiesData, mach_msg_type_number_t cookiesLength);
bool getProxy(data_t urlData, mach_msg_type_number_t urlLength, data_t& proxyData, mach_msg_type_number_t& proxyLength);
bool getAuthenticationInfo(data_t protocolData, data_t hostData, uint32_t port, data_t schemeData, data_t realmData,
data_t& usernameData, mach_msg_type_number_t& usernameLength, data_t& passwordData, mach_msg_type_number_t& passwordLength);
bool convertPoint(double sourceX, double sourceY, NPCoordinateSpace sourceSpace,
double& destX, double& destY, NPCoordinateSpace destSpace);
PassRefPtr<JSC::Bindings::Instance> createBindingsInstance(PassRefPtr<JSC::Bindings::RootObject>);
RetainPtr<NSData *> marshalValues(JSC::ExecState*, const JSC::ArgList& args);
void marshalValue(JSC::ExecState*, JSC::JSValue, data_t& resultData, mach_msg_type_number_t& resultLength);
JSC::JSValue demarshalValue(JSC::ExecState*, const char* valueData, mach_msg_type_number_t valueLength);
// No-op if the value does not contain a local object.
void retainLocalObject(JSC::JSValue);
void releaseLocalObject(JSC::JSValue);
void addInstance(ProxyInstance*);
void removeInstance(ProxyInstance*);
void cleanup();
void invalidate();
void willCallPluginFunction();
void didCallPluginFunction(bool& stopped);
bool shouldStop();
uint32_t nextRequestID();
uint32_t checkIfAllowedToLoadURL(const char* url, const char* target);
void cancelCheckIfAllowedToLoadURL(uint32_t checkID);
void checkIfAllowedToLoadURLResult(uint32_t checkID, bool allowed);
void resolveURL(const char* url, const char* target, data_t& resolvedURLData, mach_msg_type_number_t& resolvedURLLength);
void didDraw();
void privateBrowsingModeDidChange(bool isPrivateBrowsingEnabled);
static void setGlobalException(const WTF::String&);
static void moveGlobalExceptionToExecState(JSC::ExecState*);
// Reply structs
struct Reply {
enum Type {
InstantiatePlugin,
GetScriptableNPObject,
BooleanAndData,
Boolean
};
Reply(Type type)
: m_type(type)
{
}
virtual ~Reply() { }
Type m_type;
};
struct InstantiatePluginReply : public Reply {
static const int ReplyType = InstantiatePlugin;
InstantiatePluginReply(kern_return_t resultCode, uint32_t renderContextID, RendererType rendererType)
: Reply(InstantiatePlugin)
, m_resultCode(resultCode)
, m_renderContextID(renderContextID)
, m_rendererType(rendererType)
{
}
kern_return_t m_resultCode;
uint32_t m_renderContextID;
RendererType m_rendererType;
};
struct GetScriptableNPObjectReply : public Reply {
static const Reply::Type ReplyType = GetScriptableNPObject;
GetScriptableNPObjectReply(uint32_t objectID)
: Reply(ReplyType)
, m_objectID(objectID)
{
}
uint32_t m_objectID;
};
struct BooleanReply : public Reply {
static const Reply::Type ReplyType = Boolean;
BooleanReply(boolean_t result)
: Reply(ReplyType)
, m_result(result)
{
}
boolean_t m_result;
};
struct BooleanAndDataReply : public Reply {
static const Reply::Type ReplyType = BooleanAndData;
BooleanAndDataReply(boolean_t returnValue, RetainPtr<CFDataRef> result)
: Reply(ReplyType)
, m_returnValue(returnValue)
, m_result(result)
{
}
boolean_t m_returnValue;
RetainPtr<CFDataRef> m_result;
};
void setCurrentReply(uint32_t requestID, Reply* reply)
{
ASSERT(!m_replies.contains(requestID));
m_replies.set(requestID, reply);
}
template <typename T>
std::auto_ptr<T> waitForReply(uint32_t requestID)
{
RefPtr<NetscapePluginInstanceProxy> protect(this); // Plug-in host may crash while we are waiting for reply, releasing all instances to the instance proxy.
willCallPluginFunction();
m_waitingForReply = true;
Reply* reply = processRequestsAndWaitForReply(requestID);
if (reply)
ASSERT(reply->m_type == T::ReplyType);
m_waitingForReply = false;
bool stopped = false;
didCallPluginFunction(stopped);
if (stopped) {
// The instance proxy may have been deleted from didCallPluginFunction(), so a null reply needs to be returned.
delete static_cast<T*>(reply);
return std::auto_ptr<T>();
}
return std::auto_ptr<T>(static_cast<T*>(reply));
}
void webFrameDidFinishLoadWithReason(WebFrame*, NPReason);
private:
NetscapePluginInstanceProxy(NetscapePluginHostProxy*, WebHostedNetscapePluginView*, bool fullFramePlugin);
NPError loadRequest(NSURLRequest*, const char* cTarget, bool currentEventIsUserGesture, uint32_t& streamID);
class PluginRequest;
void performRequest(PluginRequest*);
void evaluateJavaScript(PluginRequest*);
void stopAllStreams();
Reply* processRequestsAndWaitForReply(uint32_t requestID);
NetscapePluginHostProxy* m_pluginHostProxy;
WebHostedNetscapePluginView *m_pluginView;
void requestTimerFired(WebCore::Timer<NetscapePluginInstanceProxy>*);
WebCore::Timer<NetscapePluginInstanceProxy> m_requestTimer;
Deque<RefPtr<PluginRequest> > m_pluginRequests;
HashMap<uint32_t, RefPtr<HostedNetscapePluginStream> > m_streams;
uint32_t m_currentURLRequestID;
uint32_t m_pluginID;
uint32_t m_renderContextID;
RendererType m_rendererType;
bool m_waitingForReply;
HashMap<uint32_t, Reply*> m_replies;
// NPRuntime
void addValueToArray(NSMutableArray *, JSC::ExecState* exec, JSC::JSValue value);
bool demarshalValueFromArray(JSC::ExecState*, NSArray *array, NSUInteger& index, JSC::JSValue& result);
void demarshalValues(JSC::ExecState*, data_t valuesData, mach_msg_type_number_t valuesLength, JSC::MarkedArgumentBuffer& result);
class LocalObjectMap {
WTF_MAKE_NONCOPYABLE(LocalObjectMap);
public:
LocalObjectMap();
~LocalObjectMap();
uint32_t idForObject(JSC::JSGlobalData&, JSC::JSObject*);
void retain(JSC::JSObject*);
void release(JSC::JSObject*);
void clear();
bool forget(uint32_t);
bool contains(uint32_t) const;
JSC::JSObject* get(uint32_t) const;
private:
HashMap<uint32_t, JSC::Strong<JSC::JSObject> > m_idToJSObjectMap;
// The pair consists of object ID and a reference count. One reference belongs to remote plug-in,
// and the proxy will add transient references for arguments that are being sent out.
HashMap<JSC::JSObject*, pair<uint32_t, uint32_t> > m_jsObjectToIDMap;
uint32_t m_objectIDCounter;
};
LocalObjectMap m_localObjects;
typedef HashSet<ProxyInstance*> ProxyInstanceSet;
ProxyInstanceSet m_instances;
uint32_t m_urlCheckCounter;
typedef HashMap<uint32_t, RetainPtr<id> > URLCheckMap;
URLCheckMap m_urlChecks;
unsigned m_pluginFunctionCallDepth;
bool m_shouldStopSoon;
uint32_t m_currentRequestID;
// All NPRuntime functions will return false when destroying a plug-in. This is necessary because there may be unhandled messages waiting,
// and spinning in processRequests() will unexpectedly execute them from inside destroy(). That's not a good time to execute arbitrary JavaScript,
// since both loading and rendering data structures may be in inconsistent state.
// This suppresses calls from all plug-ins, even those in different pages, since JS might affect the frame with plug-in that's being stopped.
//
// FIXME: Plug-ins can execute arbitrary JS from destroy() in same process case, and other browsers also support that.
// A better fix may be to make sure that unrelated messages are postponed until after destroy() returns.
// Another possible fix may be to send destroy message at a time when internal structures are consistent.
//
// FIXME: We lack similar message suppression in other cases - resize() is also triggered by layout, so executing arbitrary JS is also problematic.
static bool m_inDestroy;
bool m_pluginIsWaitingForDraw;
RefPtr<HostedNetscapePluginStream> m_manualStream;
typedef HashMap<WebFrame*, RefPtr<PluginRequest> > FrameLoadMap;
FrameLoadMap m_pendingFrameLoads;
};
} // namespace WebKit
#endif // NetscapePluginInstanceProxy_h
#endif // USE(PLUGIN_HOST_PROCESS)
|
