bool EditorClientEfl::handleEditingKeyboardEvent(KeyboardEvent* event) { Node* node = event->target()->toNode(); ASSERT(node); Frame* frame = node->document().frame(); ASSERT(frame); const PlatformKeyboardEvent* keyEvent = event->keyEvent(); if (!keyEvent) return false; bool caretBrowsing = frame->settings().caretBrowsingEnabled(); if (caretBrowsing) { switch (keyEvent->windowsVirtualKeyCode()) { case VK_LEFT: frame->selection().modify(keyEvent->shiftKey() ? FrameSelection::AlterationExtend : FrameSelection::AlterationMove, DirectionLeft, keyEvent->ctrlKey() ? WordGranularity : CharacterGranularity, UserTriggered); return true; case VK_RIGHT: frame->selection().modify(keyEvent->shiftKey() ? FrameSelection::AlterationExtend : FrameSelection::AlterationMove, DirectionRight, keyEvent->ctrlKey() ? WordGranularity : CharacterGranularity, UserTriggered); return true; case VK_UP: frame->selection().modify(keyEvent->shiftKey() ? FrameSelection::AlterationExtend : FrameSelection::AlterationMove, DirectionBackward, keyEvent->ctrlKey() ? ParagraphGranularity : LineGranularity, UserTriggered); return true; case VK_DOWN: frame->selection().modify(keyEvent->shiftKey() ? FrameSelection::AlterationExtend : FrameSelection::AlterationMove, DirectionForward, keyEvent->ctrlKey() ? ParagraphGranularity : LineGranularity, UserTriggered); return true; } } Editor::Command command = frame->editor().command(interpretKeyEvent(event)); if (keyEvent->type() == PlatformEvent::RawKeyDown) { // WebKit doesn't have enough information about mode to decide how commands that just insert text if executed via Editor should be treated, // so we leave it upon WebCore to either handle them immediately (e.g. Tab that changes focus) or let a keypress event be generated // (e.g. Tab that inserts a Tab character, or Enter). return !command.isTextInsertion() && command.execute(event); } if (command.execute(event)) return true; // Don't allow text insertion for nodes that cannot edit. if (!frame->editor().canEdit()) return false; // Don't insert null or control characters as they can result in unexpected behaviour if (event->charCode() < ' ') return false; // Don't insert anything if a modifier is pressed if (keyEvent->ctrlKey() || keyEvent->altKey()) return false; return frame->editor().insertText(event->keyEvent()->text(), event); }
static bool handleEditingKeyboardEvent(KeyboardEvent* evt) { Node* node = evt->target()->toNode(); ASSERT(node); Frame* frame = node->document()->frame(); ASSERT(frame); const PlatformKeyboardEvent* keyEvent = evt->keyEvent(); if (!keyEvent) return false; bool caretBrowsing = frame->settings()->caretBrowsingEnabled(); if (caretBrowsing) { switch (keyEvent->windowsVirtualKeyCode()) { case VK_LEFT: frame->selection()->modify(keyEvent->shiftKey() ? SelectionController::EXTEND : SelectionController::MOVE, SelectionController::LEFT, keyEvent->ctrlKey() ? WordGranularity : CharacterGranularity, true); return true; case VK_RIGHT: frame->selection()->modify(keyEvent->shiftKey() ? SelectionController::EXTEND : SelectionController::MOVE, SelectionController::RIGHT, keyEvent->ctrlKey() ? WordGranularity : CharacterGranularity, true); return true; case VK_UP: frame->selection()->modify(keyEvent->shiftKey() ? SelectionController::EXTEND : SelectionController::MOVE, SelectionController::BACKWARD, keyEvent->ctrlKey() ? ParagraphGranularity : LineGranularity, true); return true; case VK_DOWN: frame->selection()->modify(keyEvent->shiftKey() ? SelectionController::EXTEND : SelectionController::MOVE, SelectionController::FORWARD, keyEvent->ctrlKey() ? ParagraphGranularity : LineGranularity, true); return true; } } Editor::Command command = frame->editor()->command(interpretKeyEvent(evt)); if (keyEvent->type() == PlatformKeyboardEvent::RawKeyDown) { // WebKit doesn't have enough information about mode to decide how commands that just insert text if executed via Editor should be treated, // so we leave it upon WebCore to either handle them immediately (e.g. Tab that changes focus) or let a keypress event be generated // (e.g. Tab that inserts a Tab character, or Enter). return !command.isTextInsertion() && command.execute(evt); } if (command.execute(evt)) return true; // Don't insert null or control characters as they can result in unexpected behaviour if (evt->charCode() < ' ') return false; // Don't insert anything if a modifier is pressed if (keyEvent->ctrlKey() || keyEvent->altKey()) return false; return frame->editor()->insertText(evt->keyEvent()->text(), evt); }
// static bool MixedContentChecker::shouldBlockFetch( LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, ResourceRequest::RedirectStatus redirectStatus, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus) { Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, frameType, url); if (!mixedFrame) return false; MixedContentChecker::count(mixedFrame, requestContext); if (ContentSecurityPolicy* policy = frame->securityContext()->contentSecurityPolicy()) policy->reportMixedContent(url, redirectStatus); Settings* settings = mixedFrame->settings(); // Use the current local frame's client; the embedder doesn't distinguish // mixed content signals from different frames on the same page. FrameLoaderClient* client = frame->loader().client(); SecurityOrigin* securityOrigin = mixedFrame->securityContext()->getSecurityOrigin(); bool allowed = false; // If we're in strict mode, we'll automagically fail everything, and // intentionally skip the client checks in order to prevent degrading the // site's security UI. bool strictMode = mixedFrame->securityContext()->getInsecureRequestPolicy() & kBlockAllMixedContent || settings->strictMixedContentChecking(); WebMixedContent::ContextType contextType = WebMixedContent::contextTypeFromRequestContext( requestContext, settings->strictMixedContentCheckingForPlugin()); // If we're loading the main resource of a subframe, we need to take a close // look at the loaded URL. If we're dealing with a CORS-enabled scheme, then // block mixed frames as active content. Otherwise, treat frames as passive // content. // // FIXME: Remove this temporary hack once we have a reasonable API for // launching external applications via URLs. http://crbug.com/318788 and // https://crbug.com/393481 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol())) contextType = WebMixedContent::ContextType::OptionallyBlockable; switch (contextType) { case WebMixedContent::ContextType::OptionallyBlockable: client->passiveInsecureContentFound(url); allowed = !strictMode; if (allowed) client->didDisplayInsecureContent(); break; case WebMixedContent::ContextType::Blockable: { // Strictly block subresources that are mixed with respect to their // subframes, unless all insecure content is allowed. This is to avoid the // following situation: https://a.com embeds https://b.com, which loads a // script over insecure HTTP. The user opts to allow the insecure content, // thinking that they are allowing an insecure script to run on // https://a.com and not realizing that they are in fact allowing an // insecure script on https://b.com. if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubresource(effectiveFrame, frameType) && isMixedContent(frame->securityContext()->getSecurityOrigin(), url)) { UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSubframeBlocked); allowed = false; break; } bool shouldAskEmbedder = !strictMode && settings && (!settings->strictlyBlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); allowed = shouldAskEmbedder && client->allowRunningInsecureContent( settings && settings->allowRunningOfInsecureContent(), securityOrigin, url); if (allowed) { client->didRunInsecureContent(securityOrigin, url); UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed); } break; } case WebMixedContent::ContextType::ShouldBeBlockable: allowed = !strictMode; if (allowed) client->didDisplayInsecureContent(); break; case WebMixedContent::ContextType::NotMixedContent: NOTREACHED(); break; }; if (reportingStatus == SendReport) { logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, requestContext, allowed); } return !allowed; }
PlatformMenuDescription ContextMenuClientImpl::getCustomMenuFromDefaultItems( ContextMenu* defaultMenu) { // Displaying the context menu in this function is a big hack as we don't // have context, i.e. whether this is being invoked via a script or in // response to user input (Mouse event WM_RBUTTONDOWN, // Keyboard events KeyVK_APPS, Shift+F10). Check if this is being invoked // in response to the above input events before popping up the context menu. if (!m_webView->contextMenuAllowed()) return 0; HitTestResult r = m_webView->page()->contextMenuController()->hitTestResult(); Frame* selectedFrame = r.innerNonSharedNode()->document()->frame(); WebContextMenuData data; data.mousePosition = selectedFrame->view()->contentsToWindow(r.roundedPoint()); // Compute edit flags. data.editFlags = WebContextMenuData::CanDoNone; if (m_webView->focusedWebCoreFrame()->editor()->canUndo()) data.editFlags |= WebContextMenuData::CanUndo; if (m_webView->focusedWebCoreFrame()->editor()->canRedo()) data.editFlags |= WebContextMenuData::CanRedo; if (m_webView->focusedWebCoreFrame()->editor()->canCut()) data.editFlags |= WebContextMenuData::CanCut; if (m_webView->focusedWebCoreFrame()->editor()->canCopy()) data.editFlags |= WebContextMenuData::CanCopy; if (m_webView->focusedWebCoreFrame()->editor()->canPaste()) data.editFlags |= WebContextMenuData::CanPaste; if (m_webView->focusedWebCoreFrame()->editor()->canDelete()) data.editFlags |= WebContextMenuData::CanDelete; // We can always select all... data.editFlags |= WebContextMenuData::CanSelectAll; data.editFlags |= WebContextMenuData::CanTranslate; // Links, Images, Media tags, and Image/Media-Links take preference over // all else. data.linkURL = r.absoluteLinkURL(); if (!r.absoluteImageURL().isEmpty()) { data.srcURL = r.absoluteImageURL(); data.mediaType = WebContextMenuData::MediaTypeImage; } else if (!r.absoluteMediaURL().isEmpty()) { data.srcURL = r.absoluteMediaURL(); // We know that if absoluteMediaURL() is not empty, then this // is a media element. HTMLMediaElement* mediaElement = static_cast<HTMLMediaElement*>(r.innerNonSharedNode()); if (mediaElement->hasTagName(HTMLNames::videoTag)) data.mediaType = WebContextMenuData::MediaTypeVideo; else if (mediaElement->hasTagName(HTMLNames::audioTag)) data.mediaType = WebContextMenuData::MediaTypeAudio; if (mediaElement->error()) data.mediaFlags |= WebContextMenuData::MediaInError; if (mediaElement->paused()) data.mediaFlags |= WebContextMenuData::MediaPaused; if (mediaElement->muted()) data.mediaFlags |= WebContextMenuData::MediaMuted; if (mediaElement->loop()) data.mediaFlags |= WebContextMenuData::MediaLoop; if (mediaElement->supportsSave()) data.mediaFlags |= WebContextMenuData::MediaCanSave; if (mediaElement->hasAudio()) data.mediaFlags |= WebContextMenuData::MediaHasAudio; if (mediaElement->hasVideo()) data.mediaFlags |= WebContextMenuData::MediaHasVideo; if (mediaElement->controls()) data.mediaFlags |= WebContextMenuData::MediaControlRootElement; } else if (r.innerNonSharedNode()->hasTagName(HTMLNames::objectTag) || r.innerNonSharedNode()->hasTagName(HTMLNames::embedTag)) { RenderObject* object = r.innerNonSharedNode()->renderer(); if (object && object->isWidget()) { Widget* widget = toRenderWidget(object)->widget(); if (widget && widget->isPluginContainer()) { data.mediaType = WebContextMenuData::MediaTypePlugin; WebPluginContainerImpl* plugin = static_cast<WebPluginContainerImpl*>(widget); WebString text = plugin->plugin()->selectionAsText(); if (!text.isEmpty()) { data.selectedText = text; data.editFlags |= WebContextMenuData::CanCopy; } data.editFlags &= ~WebContextMenuData::CanTranslate; data.linkURL = plugin->plugin()->linkAtPosition(data.mousePosition); if (plugin->plugin()->supportsPaginatedPrint()) data.mediaFlags |= WebContextMenuData::MediaCanPrint; HTMLPlugInImageElement* pluginElement = static_cast<HTMLPlugInImageElement*>(r.innerNonSharedNode()); data.srcURL = pluginElement->document()->completeURL(pluginElement->url()); data.mediaFlags |= WebContextMenuData::MediaCanSave; // Add context menu commands that are supported by the plugin. if (plugin->plugin()->canRotateView()) data.mediaFlags |= WebContextMenuData::MediaCanRotate; } } } data.isImageBlocked = (data.mediaType == WebContextMenuData::MediaTypeImage) && !r.image(); // If it's not a link, an image, a media element, or an image/media link, // show a selection menu or a more generic page menu. if (selectedFrame->document()->loader()) data.frameEncoding = selectedFrame->document()->encoding(); // Send the frame and page URLs in any case. data.pageURL = urlFromFrame(m_webView->mainFrameImpl()->frame()); if (selectedFrame != m_webView->mainFrameImpl()->frame()) { data.frameURL = urlFromFrame(selectedFrame); RefPtr<HistoryItem> historyItem = selectedFrame->loader()->history()->currentItem(); if (historyItem) data.frameHistoryItem = WebHistoryItem(historyItem); } if (r.isSelected()) { if (!r.innerNonSharedNode()->hasTagName(HTMLNames::inputTag) || !static_cast<HTMLInputElement*>(r.innerNonSharedNode())->isPasswordField()) data.selectedText = selectedFrame->editor()->selectedText().stripWhiteSpace(); } if (r.isContentEditable()) { data.isEditable = true; #if ENABLE(INPUT_SPEECH) if (r.innerNonSharedNode()->hasTagName(HTMLNames::inputTag)) { data.isSpeechInputEnabled = static_cast<HTMLInputElement*>(r.innerNonSharedNode())->isSpeechEnabled(); } #endif // When Chrome enables asynchronous spellchecking, its spellchecker adds spelling markers to misspelled // words and attaches suggestions to these markers in the background. Therefore, when a user right-clicks // a mouse on a word, Chrome just needs to find a spelling marker on the word instread of spellchecking it. if (selectedFrame->settings() && selectedFrame->settings()->asynchronousSpellCheckingEnabled()) { VisibleSelection selection = selectedFrame->selection()->selection(); if (selection.isCaret()) { selection.expandUsingGranularity(WordGranularity); RefPtr<Range> range = selection.toNormalizedRange(); Vector<DocumentMarker*> markers = selectedFrame->document()->markers()->markersInRange(range.get(), DocumentMarker::Spelling | DocumentMarker::Grammar); if (markers.size() == 1) { range->setStart(range->startContainer(), markers[0]->startOffset()); range->setEnd(range->endContainer(), markers[0]->endOffset()); data.misspelledWord = range->text(); if (markers[0]->description().length()) { Vector<String> suggestions; markers[0]->description().split('\n', suggestions); data.dictionarySuggestions = suggestions; } else if (m_webView->spellCheckClient()) { int misspelledOffset, misspelledLength; m_webView->spellCheckClient()->spellCheck(data.misspelledWord, misspelledOffset, misspelledLength, &data.dictionarySuggestions); } selection = VisibleSelection(range.get()); if (selectedFrame->selection()->shouldChangeSelection(selection)) selectedFrame->selection()->setSelection(selection, WordGranularity); } } } else if (m_webView->focusedWebCoreFrame()->editor()->isContinuousSpellCheckingEnabled()) { data.isSpellCheckingEnabled = true; // Spellchecking might be enabled for the field, but could be disabled on the node. if (m_webView->focusedWebCoreFrame()->editor()->isSpellCheckingEnabledInFocusedNode()) { data.misspelledWord = selectMisspelledWord(defaultMenu, selectedFrame); if (m_webView->spellCheckClient()) { int misspelledOffset, misspelledLength; m_webView->spellCheckClient()->spellCheck( data.misspelledWord, misspelledOffset, misspelledLength, &data.dictionarySuggestions); if (!misspelledLength) data.misspelledWord.reset(); } } } HTMLFormElement* form = selectedFrame->selection()->currentForm(); if (form && form->checkValidity() && r.innerNonSharedNode()->hasTagName(HTMLNames::inputTag)) { HTMLInputElement* selectedElement = static_cast<HTMLInputElement*>(r.innerNonSharedNode()); if (selectedElement) { WebSearchableFormData ws = WebSearchableFormData(WebFormElement(form), WebInputElement(selectedElement)); if (ws.url().isValid()) data.keywordURL = ws.url(); } } } #if OS(DARWIN) if (selectedFrame->editor()->selectionHasStyle(CSSPropertyDirection, "ltr") != FalseTriState) data.writingDirectionLeftToRight |= WebContextMenuData::CheckableMenuItemChecked; if (selectedFrame->editor()->selectionHasStyle(CSSPropertyDirection, "rtl") != FalseTriState) data.writingDirectionRightToLeft |= WebContextMenuData::CheckableMenuItemChecked; #endif // OS(DARWIN) // Now retrieve the security info. DocumentLoader* dl = selectedFrame->loader()->documentLoader(); WebDataSource* ds = WebDataSourceImpl::fromDocumentLoader(dl); if (ds) data.securityInfo = ds->response().securityInfo(); data.referrerPolicy = static_cast<WebReferrerPolicy>(selectedFrame->document()->referrerPolicy()); // Filter out custom menu elements and add them into the data. populateCustomMenuItems(defaultMenu, &data); data.node = r.innerNonSharedNode(); WebFrame* selected_web_frame = WebFrameImpl::fromFrame(selectedFrame); if (m_webView->client()) m_webView->client()->showContextMenu(selected_web_frame, data); return 0; }
// static bool MixedContentChecker::shouldBlockFetch(LocalFrame* frame, WebURLRequest::RequestContext requestContext, WebURLRequest::FrameType frameType, const KURL& url, MixedContentChecker::ReportingStatus reportingStatus) { Frame* effectiveFrame = effectiveFrameForFrameType(frame, frameType); Frame* mixedFrame = inWhichFrameIsContentMixed(effectiveFrame, frameType, url); if (!mixedFrame) return false; MixedContentChecker::count(mixedFrame, requestContext); Settings* settings = mixedFrame->settings(); // Use the current local frame's client; the embedder doesn't // distinguish mixed content signals from different frames on the // same page. FrameLoaderClient* client = frame->loader().client(); SecurityOrigin* securityOrigin = mixedFrame->securityContext()->securityOrigin(); bool allowed = false; // If we're in strict mode, we'll automagically fail everything, and intentionally skip // the client checks in order to prevent degrading the site's security UI. bool strictMode = mixedFrame->securityContext()->shouldEnforceStrictMixedContentChecking() || settings->strictMixedContentChecking(); ContextType contextType = contextTypeFromContext(requestContext, mixedFrame); // If we're loading the main resource of a subframe, we need to take a close look at the loaded URL. // If we're dealing with a CORS-enabled scheme, then block mixed frames as active content. Otherwise, // treat frames as passive content. // // FIXME: Remove this temporary hack once we have a reasonable API for launching external applications // via URLs. http://crbug.com/318788 and https://crbug.com/393481 if (frameType == WebURLRequest::FrameTypeNested && !SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(url.protocol())) contextType = ContextTypeOptionallyBlockable; switch (contextType) { case ContextTypeOptionallyBlockable: allowed = !strictMode && client->allowDisplayingInsecureContent(settings && settings->allowDisplayOfInsecureContent(), url); if (allowed) client->didDisplayInsecureContent(); break; case ContextTypeBlockable: { // Strictly block subresources in subframes, unless all insecure // content is allowed. if (!settings->allowRunningOfInsecureContent() && requestIsSubframeSubresource(effectiveFrame, frameType)) { UseCounter::count(mixedFrame, UseCounter::BlockableMixedContentInSubframeBlocked); allowed = false; break; } bool shouldAskEmbedder = !strictMode && settings && (!settings->strictlyBlockBlockableMixedContent() || settings->allowRunningOfInsecureContent()); allowed = shouldAskEmbedder && client->allowRunningInsecureContent(settings && settings->allowRunningOfInsecureContent(), securityOrigin, url); if (allowed) { client->didRunInsecureContent(securityOrigin, url); UseCounter::count(mixedFrame, UseCounter::MixedContentBlockableAllowed); } break; } case ContextTypeShouldBeBlockable: allowed = !strictMode; if (allowed) client->didDisplayInsecureContent(); break; case ContextTypeNotMixedContent: ASSERT_NOT_REACHED(); break; }; if (reportingStatus == SendReport) logToConsoleAboutFetch(frame, mainResourceUrlForFrame(mixedFrame), url, requestContext, allowed); return !allowed; }