Changeset 145421 in webkit

Timestamp:

Mar 11, 2013 3:51:43 PM (11 years ago)

Author:

dino@apple.com

Message:

Plugins created during user gestures (or soon after) should not be snapshotted
​https://bugs.webkit.org/show_bug.cgi?id=111975

Reviewed by Tim Horton.

There are sites which create plugins in response to user actions, such as clicking
on an image that is acting like a poster frame. In those cases we should never snapshot.

There are some other sites which also create plugins in response to user actions,
but don't necessarily create the content themselves. Instead they run some script
that injects an iframe, and the frame loads a plugin. In order to make sure we don't
snapshot in those cases, we're adding the concept of a blessed plugin. Anything that
is created soon after a *handled* user gesture is not snapshotted. To do this we
mark a timestamp in the document when we've called an event listener for a user
gesture. The plugin element then compares its creation time with the most recent
user action time.

• dom/Document.cpp:

(WebCore::Document::Document): Initialise new timestamp.
(WebCore::Document::resetLastHandledUserGestureTimestamp): Sets the member variable

to the current time.

• dom/Document.h:

(WebCore::Document::lastHandledUserGestureTimestamp): Getter.

• dom/EventTarget.cpp:

(WebCore::EventTarget::fireEventListeners): If there were some event listeners and

we were processing a user gesture, then reset the timestamp in the document.

• html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): Remember if we were created

during a user gesture.

(WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Start the plugin

if we were created during a user gesture, or if we are close enough in time
to a listener that fired in relation to a user gesture.

• html/HTMLPlugInImageElement.h: New private member flag indicating if we were

in a user gesture when constructed.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• dom/Document.cpp (modified) (2 diffs)
• dom/Document.h (modified) (2 diffs)
• dom/EventTarget.cpp (modified) (2 diffs)
• html/HTMLPlugInImageElement.cpp (modified) (3 diffs)
• html/HTMLPlugInImageElement.h (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-03-11  Dean Jackson  <dino@apple.com>
+
+        Plugins created during user gestures (or soon after) should not be snapshotted
+        https://bugs.webkit.org/show_bug.cgi?id=111975
+
+        Reviewed by Tim Horton.
+
+        There are sites which create plugins in response to user actions, such as clicking
+        on an image that is acting like a poster frame. In those cases we should never snapshot.
+
+        There are some other sites which also create plugins in response to user actions,
+        but don't necessarily create the content themselves. Instead they run some script
+        that injects an iframe, and the frame loads a plugin. In order to make sure we don't
+        snapshot in those cases, we're adding the concept of a blessed plugin. Anything that
+        is created soon after a *handled* user gesture is not snapshotted. To do this we
+        mark a timestamp in the document when we've called an event listener for a user
+        gesture. The plugin element then compares its creation time with the most recent
+        user action time.
+
+        * dom/Document.cpp:
+        (WebCore::Document::Document): Initialise new timestamp.
+        (WebCore::Document::resetLastHandledUserGestureTimestamp): Sets the member variable
+            to the current time.
+        * dom/Document.h:
+        (WebCore::Document::lastHandledUserGestureTimestamp): Getter.
+
+        * dom/EventTarget.cpp:
+        (WebCore::EventTarget::fireEventListeners): If there were some event listeners and
+            we were processing a user gesture, then reset the timestamp in the document.
+
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): Remember if we were created
+            during a user gesture.
+        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Start the plugin
+            if we were created during a user gesture, or if we are close enough in time
+            to a listener that fired in relation to a user gesture.
+        * html/HTMLPlugInImageElement.h: New private member flag indicating if we were
+            in a user gesture when constructed.
+
 2013-03-11  Jeffrey Pfau  <jpfau@apple.com>
 

trunk/Source/WebCore/dom/Document.cpp

@@ -477 +477 @@
     , m_writeRecursionDepth(0)
     , m_wheelEventHandlerCount(0)
+    , m_lastHandledUserGestureTimestamp(0)
     , m_pendingTasksTimer(this, &Document::pendingTasksTimerFired)
     , m_scheduledTasksAreSuspended(false)
@@ -5678 +5679 @@
 #endif
 
+void Document::resetLastHandledUserGestureTimestamp()
+{
+    m_lastHandledUserGestureTimestamp = currentTime();
+}
+
 HTMLIFrameElement* Document::seamlessParentIFrame() const
 {

trunk/Source/WebCore/dom/Document.h

@@ -1102 +1102 @@
     void didRemoveWheelEventHandler();
 
+    double lastHandledUserGestureTimestamp() const { return m_lastHandledUserGestureTimestamp; }
+    void resetLastHandledUserGestureTimestamp();
+
 #if ENABLE(TOUCH_EVENTS)
     bool hasTouchEventHandlers() const { return (m_touchEventTargets.get()) ? m_touchEventTargets->size() : false; }
@@ -1514 +1517 @@
 #endif
 
+    double m_lastHandledUserGestureTimestamp;
+
 #if ENABLE(REQUEST_ANIMATION_FRAME)
     RefPtr<ScriptedAnimationController> m_scriptedAnimationController;

trunk/Source/WebCore/dom/EventTarget.cpp

@@ -233 +233 @@
     // so iterating to 'end' naturally excludes new event listeners.
 
+    bool userEventWasHandled = false;
     size_t i = 0;
     size_t end = entry.size();
@@ -255 +256 @@
         // event listeners, even though that violates some versions of the DOM spec.
         registeredListener.listener->handleEvent(context, event);
+        if (!userEventWasHandled && ScriptController::processingUserGesture())
+            userEventWasHandled = true;
         InspectorInstrumentation::didHandleEvent(cookie);
     }
     d->firingEventIterators->removeLast();
+    if (userEventWasHandled) {
+        ScriptExecutionContext* context = scriptExecutionContext();
+        if (context && context->isDocument()) {
+            Document* document = static_cast<Document*>(context);
+            document->resetLastHandledUserGestureTimestamp();
+        }
+    }
 }
 

trunk/Source/WebCore/html/HTMLPlugInImageElement.cpp

@@ -59 +59 @@
 static const int sizingMediumHeightThreshold = 300;
 static const float sizingFullPageAreaRatioThreshold = 0.96;
+static const float autostartSoonAfterUserGestureThreshold = 5.0;
 
 // This delay should not exceed the snapshot delay in PluginView.cpp
@@ -75 +76 @@
     , m_simulatedMouseClickTimer(this, &HTMLPlugInImageElement::simulatedMouseClickTimerFired, simulatedMouseClickTimerDelay)
     , m_swapRendererTimer(this, &HTMLPlugInImageElement::swapRendererTimerFired)
+    , m_createdDuringUserGesture(ScriptController::processingUserGesture())
 {
     setHasCustomStyleCallbacks();
@@ -445 +447 @@
     }
 
+    if (m_createdDuringUserGesture) {
+        LOG(Plugins, "%p Plug-in was created when processing user gesture, set to play", this);
+        return;
+    }
+
+    double lastKnownUserGestureTimestamp = document()->lastHandledUserGestureTimestamp();
+    if (!inMainFrame && document()->page()->mainFrame() && document()->page()->mainFrame()->document())
+        lastKnownUserGestureTimestamp = std::max(lastKnownUserGestureTimestamp, document()->page()->mainFrame()->document()->lastHandledUserGestureTimestamp());
+    if (currentTime() - lastKnownUserGestureTimestamp < autostartSoonAfterUserGestureThreshold) {
+        LOG(Plugins, "%p Plug-in was created shortly after a user gesture, set to play", this);
+        return;
+    }
+
     RenderBox* renderEmbeddedObject = toRenderBox(renderer());
     Length styleWidth = renderEmbeddedObject->style()->width();

trunk/Source/WebCore/html/HTMLPlugInImageElement.h

@@ -126 +126 @@
     Timer<HTMLPlugInImageElement> m_swapRendererTimer;
     RefPtr<Image> m_snapshotImage;
+    bool m_createdDuringUserGesture;
 };