/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is Mozilla Communicator client code. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1998 * the Initial Developer. All Rights Reserved. * * Contributor(s): * Johnny Stenback (original author) * * Alternatively, the contents of this file may be used under the terms of * either of the GNU General Public License Version 2 or later (the "GPL"), * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #include "nsIDOMHTMLIFrameElement.h" #include "nsIDOMHTMLFrameElement.h" #include "nsIDOMWindow.h" #include "nsPresContext.h" #include "nsIPresShell.h" #include "nsIContent.h" #include "nsIDocument.h" #include "nsIDOMDocument.h" #include "nsIDOMWindow.h" #include "nsPIDOMWindow.h" #include "nsIWebNavigation.h" #include "nsIChromeEventHandler.h" #include "nsIDocShell.h" #include "nsIDocShellTreeItem.h" #include "nsIDocShellTreeNode.h" #include "nsIDocShellTreeOwner.h" #include "nsIDocShellLoadInfo.h" #include "nsIBaseWindow.h" #include "nsContentUtils.h" #include "nsUnicharUtils.h" #include "nsIScriptGlobalObject.h" #include "nsIScriptSecurityManager.h" #include "nsFrameLoader.h" #include "nsIURI.h" #include "nsIURL.h" #include "nsNetUtil.h" #include "nsHTMLAtoms.h" #include "nsINameSpaceManager.h" // Bug 136580: Limit to the number of nested content frames that can have the // same URL. This is to stop content that is recursively loading // itself. Note that "#foo" on the end of URL doesn't affect // whether it's considered identical, but "?foo" or ";foo" are // considered and compared. // Bug 228829: Limit this to 1, like IE does. #define MAX_SAME_URL_CONTENT_FRAMES 1 // Bug 8065: Limit content frame depth to some reasonable level. This // does not count chrome frames when determining depth, nor does it // prevent chrome recursion. Number is fairly arbitrary, but meant to // keep number of shells to a reasonable number on accidental recursion with a // small (but not 1) branching factor. With large branching factors the number // of shells can rapidly become huge and run us out of memory. To solve that, // we'd need to re-institute a fixed version of bug 98158. #define MAX_DEPTH_CONTENT_FRAMES 10 NS_IMPL_ISUPPORTS1(nsFrameLoader, nsIFrameLoader) NS_IMETHODIMP nsFrameLoader::LoadFrame() { NS_ENSURE_TRUE(mOwnerContent, NS_ERROR_NOT_INITIALIZED); nsresult rv = EnsureDocShell(); NS_ENSURE_SUCCESS(rv, rv); nsIDocument* doc = mOwnerContent->GetDocument(); if (!doc) { return NS_OK; } nsAutoString src; GetURL(src); src.Trim(" \t\n\r"); if (src.IsEmpty()) { src.AssignLiteral("about:blank"); } nsCOMPtr base_uri = mOwnerContent->GetBaseURI(); const nsAFlatCString &doc_charset = doc->GetDocumentCharacterSet(); nsCOMPtr uri; rv = NS_NewURI(getter_AddRefs(uri), src, doc_charset.IsEmpty() ? nsnull : doc_charset.get(), base_uri); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr loadInfo; mDocShell->CreateLoadInfo(getter_AddRefs(loadInfo)); NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE); // Check for security nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager(); // Get referring URL nsCOMPtr referrer; nsCOMPtr principal; rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); // If we were called from script, get the referring URL from the script if (principal) { // Pass the script principal to the docshell loadInfo->SetOwner(principal); } else { // We're not being called form script, tell the docshell // to inherit an owner from the current document. loadInfo->SetInheritOwner(PR_TRUE); principal = doc->GetPrincipal(); } if (!principal) { return NS_ERROR_FAILURE; } // Check if we are allowed to load absURL rv = secMan->CheckLoadURIWithPrincipal(principal, uri, nsIScriptSecurityManager::STANDARD); if (NS_FAILED(rv)) { return rv; // We're not } rv = principal->GetURI(getter_AddRefs(referrer)); NS_ENSURE_SUCCESS(rv, rv); loadInfo->SetReferrer(referrer); // Bail out if this is an infinite recursion scenario rv = CheckForRecursiveLoad(uri); NS_ENSURE_SUCCESS(rv, rv); // Kick off the load... rv = mDocShell->LoadURI(uri, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, PR_FALSE); NS_ASSERTION(NS_SUCCEEDED(rv), "failed to load URL"); return rv; } NS_IMETHODIMP nsFrameLoader::GetDocShell(nsIDocShell **aDocShell) { *aDocShell = nsnull; // If we have an owner, make sure we have a docshell and return // that. If not, we're most likely in the middle of being torn down, // then we just return null. if (mOwnerContent) { nsresult rv = EnsureDocShell(); NS_ENSURE_SUCCESS(rv, rv); } *aDocShell = mDocShell; NS_IF_ADDREF(*aDocShell); return NS_OK; } NS_IMETHODIMP nsFrameLoader::Destroy() { if (mOwnerContent) { nsCOMPtr doc = mOwnerContent->GetDocument(); if (doc) { doc->SetSubDocumentFor(mOwnerContent, nsnull); } mOwnerContent = nsnull; } // Let our window know that we are gone nsCOMPtr win_private(do_GetInterface(mDocShell)); if (win_private) { win_private->SetFrameElementInternal(nsnull); } nsCOMPtr base_win(do_QueryInterface(mDocShell)); if (base_win) { base_win->Destroy(); } mDocShell = nsnull; return NS_OK; } NS_IMETHODIMP nsFrameLoader::GetDepthTooGreat(PRBool* aDepthTooGreat) { *aDepthTooGreat = mDepthTooGreat; return NS_OK; } nsresult nsFrameLoader::EnsureDocShell() { if (mDocShell) { return NS_OK; } // Get our parent docshell off the document of mOwnerContent // XXXbz this is such a total hack.... We really need to have a // better setup for doing this. nsIDocument* doc = mOwnerContent->GetDocument(); if (!doc) { return NS_ERROR_UNEXPECTED; } nsCOMPtr parentAsWebNav = do_GetInterface(doc->GetScriptGlobalObject()); // Create the docshell... mDocShell = do_CreateInstance("@mozilla.org/webshell;1"); NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE); // Get the frame name and tell the docshell about it. nsCOMPtr docShellAsItem(do_QueryInterface(mDocShell)); NS_ENSURE_TRUE(docShellAsItem, NS_ERROR_FAILURE); nsAutoString frameName; // Don't use mOwnerContent->GetNameSpaceID() here since it returns // kNameSpaceID_XHTML for both HTML and XHTML, see bug 183683. nsINodeInfo* ni = mOwnerContent->GetNodeInfo(); if (ni && ni->NamespaceID() == kNameSpaceID_XHTML) { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::id, frameName); } else { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::name, frameName); // XXX if no NAME then use ID, after a transition period this will be // changed so that XUL only uses ID too (bug 254284). if (frameName.IsEmpty() && ni && ni->NamespaceID() == kNameSpaceID_XUL) { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::id, frameName); } } if (!frameName.IsEmpty()) { docShellAsItem->SetName(frameName.get()); } // If our container is a web-shell, inform it that it has a new // child. If it's not a web-shell then some things will not operate // properly. nsCOMPtr parentAsNode(do_QueryInterface(parentAsWebNav)); if (parentAsNode) { nsCOMPtr parentAsItem = do_QueryInterface(parentAsNode); PRInt32 parentType; parentAsItem->GetItemType(&parentType); nsAutoString value; PRBool isContent = PR_FALSE; if (mOwnerContent->IsContentOfType(nsIContent::eXUL)) { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::type, value); } // we accept "content" and "content-xxx" values. // at time of writing, we expect "xxx" to be "primary", but // someday it might be an integer expressing priority if (value.Length() >= 7) { // Lowercase the value, ContentShellAdded() further down relies // on it being lowercased. ToLowerCase(value); nsAutoString::const_char_iterator start, end; value.BeginReading(start); value.EndReading(end); nsAutoString::const_char_iterator iter(start + 7); isContent = Substring(start, iter).EqualsLiteral("content") && (iter == end || *iter == '-'); } if (isContent) { // The web shell's type is content. docShellAsItem->SetItemType(nsIDocShellTreeItem::typeContent); } else { // Inherit our type from our parent webshell. If it is // chrome, we'll be chrome. If it is content, we'll be // content. docShellAsItem->SetItemType(parentType); } parentAsNode->AddChild(docShellAsItem); if (isContent) { // XXXbz why is this in content code, exactly? We should handle // this some other way..... nsCOMPtr parentTreeOwner; parentAsItem->GetTreeOwner(getter_AddRefs(parentTreeOwner)); if (parentTreeOwner) { PRBool is_primary = parentType == nsIDocShellTreeItem::typeChrome && value.EqualsLiteral("content-primary"); parentTreeOwner->ContentShellAdded(docShellAsItem, is_primary, value.get()); } } // Make sure all shells have links back to the content element // in the nearest enclosing chrome shell. nsCOMPtr chromeEventHandler; if (parentType == nsIDocShellTreeItem::typeChrome) { // Our parent shell is a chrome shell. It is therefore our nearest // enclosing chrome shell. chromeEventHandler = do_QueryInterface(mOwnerContent); NS_WARN_IF_FALSE(chromeEventHandler, "This mContent should implement this."); } else { nsCOMPtr parentShell(do_QueryInterface(parentAsNode)); // Our parent shell is a content shell. Get the chrome event // handler from it and use that for our shell as well. parentShell->GetChromeEventHandler(getter_AddRefs(chromeEventHandler)); } mDocShell->SetChromeEventHandler(chromeEventHandler); } // This is nasty, this code (the do_GetInterface(mDocShell) below) // *must* come *after* the above call to // mDocShell->SetChromeEventHandler() for the global window to get // the right chrome event handler. // Tell the window about the frame that hosts it. nsCOMPtr frame_element(do_QueryInterface(mOwnerContent)); NS_ASSERTION(frame_element, "frame loader owner element not a DOM element!"); nsCOMPtr win_private(do_GetInterface(mDocShell)); NS_ENSURE_TRUE(win_private, NS_ERROR_UNEXPECTED); win_private->SetFrameElementInternal(frame_element); nsCOMPtr base_win(do_QueryInterface(mDocShell)); NS_ENSURE_TRUE(base_win, NS_ERROR_UNEXPECTED); // This is kinda whacky, this call doesn't really create anything, // but it must be called to make sure things are properly // initialized base_win->Create(); return NS_OK; } void nsFrameLoader::GetURL(nsString& aURI) { aURI.Truncate(); if (mOwnerContent->Tag() == nsHTMLAtoms::object) { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::data, aURI); } else { mOwnerContent->GetAttr(kNameSpaceID_None, nsHTMLAtoms::src, aURI); } } nsresult nsFrameLoader::CheckForRecursiveLoad(nsIURI* aURI) { mDepthTooGreat = PR_FALSE; NS_PRECONDITION(mDocShell, "Must have docshell here"); nsCOMPtr treeItem = do_QueryInterface(mDocShell); NS_ASSERTION(treeItem, "docshell must be a treeitem!"); PRInt32 ourType; nsresult rv = treeItem->GetItemType(&ourType); if (NS_SUCCEEDED(rv) && ourType != nsIDocShellTreeItem::typeContent) { // No need to do recursion-protection here XXXbz why not?? Do we really // trust people not to screw up with non-content docshells? return NS_OK; } // Bug 8065: Don't exceed some maximum depth in content frames // (MAX_DEPTH_CONTENT_FRAMES) nsCOMPtr parentAsItem; treeItem->GetSameTypeParent(getter_AddRefs(parentAsItem)); PRInt32 depth = 0; while (parentAsItem) { ++depth; if (depth >= MAX_DEPTH_CONTENT_FRAMES) { mDepthTooGreat = PR_TRUE; NS_WARNING("Too many nested content frames so giving up"); return NS_ERROR_UNEXPECTED; // Too deep, give up! (silently?) } nsCOMPtr temp; temp.swap(parentAsItem); temp->GetSameTypeParent(getter_AddRefs(parentAsItem)); } // Bug 136580: Check for recursive frame loading // pre-grab these for speed nsCOMPtr cloneURI; rv = aURI->Clone(getter_AddRefs(cloneURI)); NS_ENSURE_SUCCESS(rv, rv); // Bug 98158/193011: We need to ignore data after the # nsCOMPtr cloneURL(do_QueryInterface(cloneURI)); // QI can fail if (cloneURL) { rv = cloneURL->SetRef(EmptyCString()); NS_ENSURE_SUCCESS(rv,rv); } PRInt32 matchCount = 0; treeItem->GetSameTypeParent(getter_AddRefs(parentAsItem)); while (parentAsItem) { // Check the parent URI with the URI we're loading nsCOMPtr parentAsNav(do_QueryInterface(parentAsItem)); if (parentAsNav) { // Does the URI match the one we're about to load? nsCOMPtr parentURI; parentAsNav->GetCurrentURI(getter_AddRefs(parentURI)); if (parentURI) { nsCOMPtr parentClone; rv = parentURI->Clone(getter_AddRefs(parentClone)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr parentURL(do_QueryInterface(parentClone)); if (parentURL) { rv = parentURL->SetRef(EmptyCString()); NS_ENSURE_SUCCESS(rv,rv); } PRBool equal; rv = cloneURI->Equals(parentClone, &equal); NS_ENSURE_SUCCESS(rv, rv); if (equal) { matchCount++; if (matchCount >= MAX_SAME_URL_CONTENT_FRAMES) { NS_WARNING("Too many nested content frames have the same url (recursion?) so giving up"); return NS_ERROR_UNEXPECTED; } } } } nsCOMPtr temp; temp.swap(parentAsItem); temp->GetSameTypeParent(getter_AddRefs(parentAsItem)); } return NS_OK; }