Update to Chromium revision 203701.

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@1269 5089003a-bbd8-11dd-ad1f-f1f9622dbc98

CHROMIUM_BUILD_COMPATIBILITY.txt

@@ -17,5 +17,5 @@
 
 {
   'chromium_url': 'http://src.chromium.org/svn/trunk/src',
-  'chromium_revision': '198276',
+  'chromium_revision': '203701',
 }

cef.gyp

@@ -58,11 +58,6 @@
         'OTHER_LDFLAGS': ['-Wl,-headerpad_max_install_names'],
       },
       'conditions': [
-        ['OS=="win" and win_use_allocator_shim==1', {
-          'dependencies': [
-            '<(DEPTH)/base/allocator/allocator.gyp:allocator',
-          ],
-        }],
         ['OS=="win"', {
           'configurations': {
             'Debug_Base': {
@@ -883,10 +878,10 @@
         'libcef/browser/resource_dispatcher_host_delegate.h',
         'libcef/browser/resource_request_job.cc',
         'libcef/browser/resource_request_job.h',
+        'libcef/browser/scheme_handler.cc',
+        'libcef/browser/scheme_handler.h',
         'libcef/browser/scheme_impl.cc',
         'libcef/browser/scheme_impl.h',
-        'libcef/browser/scheme_registration.cc',
-        'libcef/browser/scheme_registration.h',
         'libcef/browser/speech_recognition_manager_delegate.cc',
         'libcef/browser/speech_recognition_manager_delegate.h',
         'libcef/browser/stream_impl.cc',
@@ -935,6 +930,8 @@
         'libcef/common/response_manager.h',
         'libcef/common/scheme_registrar_impl.cc',
         'libcef/common/scheme_registrar_impl.h',
+        'libcef/common/scheme_registration.cc',
+        'libcef/common/scheme_registration.h',
         'libcef/common/string_list_impl.cc',
         'libcef/common/string_map_impl.cc',
         'libcef/common/string_multimap_impl.cc',

cef.gypi

@@ -10,6 +10,8 @@
         'cef_directory' : '<!(echo %CEF_DIRECTORY%)',
         # Use SKIA text rendering for transparency support.
         'enable_skia_text': 1,
+        # Disable tcmalloc's debugallocation to avoid crashing during startup.
+        'disable_debugallocation': 1,
       }, { # OS!="win"
         'cef_directory' : '<!(echo $CEF_DIRECTORY)',
       }],

include/internal/cef_types.h

@@ -1413,7 +1413,6 @@ enum cef_dom_node_type_t {
   DOM_NODE_TYPE_ATTRIBUTE,
   DOM_NODE_TYPE_TEXT,
   DOM_NODE_TYPE_CDATA_SECTION,
-  DOM_NODE_TYPE_ENTITY_REFERENCE,
   DOM_NODE_TYPE_ENTITY,
   DOM_NODE_TYPE_PROCESSING_INSTRUCTIONS,
   DOM_NODE_TYPE_COMMENT,

libcef/browser/browser_host_impl.cc

@@ -17,7 +17,7 @@
 #include "libcef/browser/devtools_delegate.h"
 #include "libcef/browser/media_capture_devices_dispatcher.h"
 #include "libcef/browser/navigate_params.h"
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/scheme_handler.h"
 #include "libcef/browser/thread_util.h"
 #include "libcef/browser/url_request_context_getter.h"
 #include "libcef/browser/url_request_context_getter_proxy.h"
@@ -600,7 +600,7 @@ void CefBrowserHostImpl::StartDownload(const CefString& url) {
   if (!context)
     return;
 
-  scoped_refptr<content::DownloadManager> manager =
+  content::DownloadManager* manager =
       content::BrowserContext::GetDownloadManager(context);
   if (!manager)
     return;

libcef/browser/browser_message_loop.h

@@ -10,8 +10,8 @@
 #include "base/message_loop.h"
 
 // Class used to process events on the current message loop.
-class CefBrowserMessageLoop : public MessageLoopForUI {
-  typedef MessageLoopForUI inherited;
+class CefBrowserMessageLoop : public base::MessageLoopForUI {
+  typedef base::MessageLoopForUI inherited;
 
  public:
   CefBrowserMessageLoop();

libcef/browser/browser_settings.cc

@@ -10,7 +10,7 @@
 
 #include "base/command_line.h"
 #include "include/internal/cef_types_wrappers.h"
-#include "webkit/glue/webpreferences.h"
+#include "webkit/common/webpreferences.h"
 
 // Set default preferences based on CEF command-line flags. Chromium command-
 // line flags should not exist for these preferences.

libcef/browser/chrome_scheme_handler.cc

@@ -34,7 +34,7 @@
 #include "ipc/ipc_channel.h"
 #include "net/url_request/url_request.h"
 #include "v8/include/v8.h"
-#include "webkit/user_agent/user_agent_util.h"
+#include "webkit/common/user_agent/user_agent_util.h"
 
 namespace scheme {
 

libcef/browser/content_browser_client.cc

@@ -22,6 +22,7 @@
 #include "libcef/common/cef_switches.h"
 #include "libcef/common/command_line_impl.h"
 #include "libcef/common/content_client.h"
+#include "libcef/common/scheme_registration.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
@@ -30,6 +31,7 @@
 #include "content/browser/plugin_service_impl.h"
 #include "content/public/browser/access_token_store.h"
 #include "content/public/browser/browser_url_handler.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/plugin_service_filter.h"
 #include "content/public/browser/quota_permission_context.h"
 #include "content/public/browser/render_process_host.h"
@@ -250,7 +252,8 @@ class CefPluginServiceFilter : public content::PluginServiceFilter {
 
 CefContentBrowserClient::CefContentBrowserClient()
     : browser_main_parts_(NULL),
-      next_browser_id_(0) {
+      next_browser_id_(0),
+      scheme_set_locked_(false) {
   plugin_service_filter_.reset(new CefPluginServiceFilter);
   content::PluginServiceImpl::GetInstance()->SetFilter(
       plugin_service_filter_.get());
@@ -416,6 +419,19 @@ CefContentBrowserClient::CreateRequestContextForStoragePartition(
       partition_path, in_memory, protocol_handlers);
 }
 
+bool CefContentBrowserClient::IsHandledURL(const GURL& url) {
+  if (!url.is_valid())
+    return false;
+  const std::string& scheme = url.scheme();
+  DCHECK_EQ(scheme, StringToLowerASCII(scheme));
+
+  if (scheme::IsInternalHandledScheme(scheme))
+    return true;
+
+  DCHECK(scheme_set_locked_);
+  return scheme_set_.find(scheme) != scheme_set_.end();
+}
+
 void CefContentBrowserClient::AppendExtraCommandLineSwitches(
     CommandLine* command_line, int child_process_id) {
   const CommandLine& browser_cmd = *CommandLine::ForCurrentProcess();
@@ -495,14 +511,14 @@ void CefContentBrowserClient::AllowCertificateError(
     bool overridable,
     bool strict_enforcement,
     const base::Callback<void(bool)>& callback,
-    bool* cancel_request) {
+    content::CertificateRequestResultType* result) {
   CEF_REQUIRE_UIT();
 
   if (resource_type != ResourceType::MAIN_FRAME) {
     // A sub-resource has a certificate error. The user doesn't really
     // have a context for making the right decision, so block the request
     // hard.
-    *cancel_request = true;
+    *result = content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
     return;
   }
 
@@ -522,11 +538,14 @@ void CefContentBrowserClient::AllowCertificateError(
   if (overridable && !strict_enforcement)
     callbackImpl = new CefAllowCertificateErrorCallbackImpl(callback);
 
-  *cancel_request = !handler->OnCertificateError(
+  bool proceed = handler->OnCertificateError(
       static_cast<cef_errorcode_t>(cert_error), request_url.spec(),
       callbackImpl.get());
-  if (*cancel_request && callbackImpl.get())
+  if (!proceed && callbackImpl.get())
     callbackImpl->Disconnect();
+
+  *result = proceed ? content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE :
+                      content::CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL;
 }
 
 content::AccessTokenStore* CefContentBrowserClient::CreateAccessTokenStore() {
@@ -681,6 +700,24 @@ const wchar_t* CefContentBrowserClient::GetResourceDllName() {
 }
 #endif  // defined(OS_WIN)
 
+void CefContentBrowserClient::AddCustomScheme(const std::string& scheme) {
+  DCHECK(!scheme_set_locked_);
+  scheme_set_.insert(scheme);
+
+  // Register as a Web-safe scheme so that requests for the scheme from a
+  // render process will be allowed in resource_dispatcher_host_impl.cc
+  // ShouldServiceRequest.
+  content::ChildProcessSecurityPolicy* policy =
+      content::ChildProcessSecurityPolicy::GetInstance();
+  if (!policy->IsWebSafeScheme(scheme))
+    policy->RegisterWebSafeScheme(scheme);
+}
+
+void CefContentBrowserClient::LockCustomSchemes() {
+  DCHECK(!scheme_set_locked_);
+  scheme_set_locked_ = true;
+}
+
 void CefContentBrowserClient::set_last_create_window_params(
     const LastCreateWindowParams& params) {
   CEF_REQUIRE_IOT();

libcef/browser/content_browser_client.h

@@ -8,6 +8,7 @@
 
 #include <list>
 #include <map>
+#include <set>
 #include <string>
 #include <utility>
 
@@ -74,6 +75,7 @@ class CefContentBrowserClient : public content::ContentBrowserClient {
       const base::FilePath& partition_path,
       bool in_memory,
       content::ProtocolHandlerMap* protocol_handlers) OVERRIDE;
+  virtual bool IsHandledURL(const GURL& url) OVERRIDE;
   virtual void AppendExtraCommandLineSwitches(CommandLine* command_line,
                                               int child_process_id) OVERRIDE;
   virtual content::QuotaPermissionContext*
@@ -91,7 +93,7 @@ class CefContentBrowserClient : public content::ContentBrowserClient {
       bool overridable,
       bool strict_enforcement,
       const base::Callback<void(bool)>& callback,
-      bool* cancel_request) OVERRIDE;
+      content::CertificateRequestResultType* result) OVERRIDE;
   virtual content::AccessTokenStore* CreateAccessTokenStore() OVERRIDE;
   virtual bool CanCreateWindow(const GURL& opener_url,
                                const GURL& origin,
@@ -111,6 +113,10 @@ class CefContentBrowserClient : public content::ContentBrowserClient {
   const wchar_t* GetResourceDllName() OVERRIDE;
 #endif
 
+  // Add a custom scheme registration.
+  void AddCustomScheme(const std::string& scheme);
+  void LockCustomSchemes();
+
   // Store additional state from the ViewHostMsg_CreateWindow message that will
   // be used when CanCreateWindow() is called.
   struct LastCreateWindowParams {
@@ -139,6 +145,10 @@ class CefContentBrowserClient : public content::ContentBrowserClient {
   BrowserInfoList browser_info_list_;
   int next_browser_id_;
 
+  typedef std::set<std::string> SchemeSet;
+  SchemeSet scheme_set_;
+  bool scheme_set_locked_;
+
   // Only accessed on the IO thread.
   LastCreateWindowParams last_create_window_params_;
 };

libcef/browser/context.cc

@@ -9,7 +9,7 @@
 #include "libcef/browser/browser_main.h"
 #include "libcef/browser/browser_message_loop.h"
 #include "libcef/browser/content_browser_client.h"
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/scheme_handler.h"
 #include "libcef/browser/thread_util.h"
 #include "libcef/browser/trace_subscriber.h"
 #include "libcef/common/main_delegate.h"

libcef/browser/geolocation_impl.cc

@@ -7,49 +7,76 @@
 #include "libcef/browser/thread_util.h"
 #include "libcef/common/time_util.h"
 #include "base/logging.h"
-#include "content/browser/geolocation/geolocation_provider.h"
+#include "content/public/browser/geolocation_provider.h"
 #include "content/public/common/geoposition.h"
 
 namespace {
 
-void SetPosition(const content::Geoposition& source, CefGeoposition& target) {
-  target.latitude = source.latitude;
-  target.longitude = source.longitude;
-  target.altitude = source.altitude;
-  target.accuracy = source.accuracy;
-  target.altitude_accuracy = source.altitude_accuracy;
-  target.heading = source.heading;
-  target.speed = source.speed;
-  cef_time_from_basetime(source.timestamp, target.timestamp);
-
-  switch (source.error_code) {
-    case content::Geoposition::ERROR_CODE_NONE:
-      target.error_code = GEOPOSITON_ERROR_NONE;
-      break;
-    case content::Geoposition::ERROR_CODE_PERMISSION_DENIED:
-      target.error_code = GEOPOSITON_ERROR_PERMISSION_DENIED;
-      break;
-    case content::Geoposition::ERROR_CODE_POSITION_UNAVAILABLE:
-      target.error_code = GEOPOSITON_ERROR_POSITION_UNAVAILABLE;
-      break;
-    case content::Geoposition::ERROR_CODE_TIMEOUT:
-      target.error_code = GEOPOSITON_ERROR_TIMEOUT;
-      break;
+class CefLocationRequest :
+    public base::RefCountedThreadSafe<CefLocationRequest> {
+ public:
+  explicit CefLocationRequest(CefRefPtr<CefGetGeolocationCallback> callback)
+      : callback_(callback) {
+    CEF_REQUIRE_IOT();
+    geo_callback_ = base::Bind(&CefLocationRequest::OnLocationUpdate, this);
+    content::GeolocationProvider* provider =
+        content::GeolocationProvider::GetInstance();
+    provider->AddLocationUpdateCallback(geo_callback_, true);
+    provider->UserDidOptIntoLocationServices();
   }
 
-  CefString(&target.error_message) = source.error_message;
-}
+ private:
+  void OnLocationUpdate(const content::Geoposition& position) {
+    if (CEF_CURRENTLY_ON_UIT()) {
+      if (callback_) {
+        CefGeoposition cef_position;
+        SetPosition(position, cef_position);
+        callback_->OnLocationUpdate(cef_position);
+        callback_ = NULL;
+      }
+    } else {
+      content::GeolocationProvider::GetInstance()->RemoveLocationUpdateCallback(
+          geo_callback_);
+      geo_callback_.Reset();
 
-void LocationCallback(CefRefPtr<CefGetGeolocationCallback> callback,
-                      const content::Geoposition& position) {
-  if (CEF_CURRENTLY_ON_UIT()) {
-    CefGeoposition cef_position;
-    SetPosition(position, cef_position);
-    callback->OnLocationUpdate(cef_position);
-  } else {
-    CEF_POST_TASK(CEF_UIT, base::Bind(LocationCallback, callback, position));
+      CEF_POST_TASK(CEF_UIT,
+          base::Bind(&CefLocationRequest::OnLocationUpdate, this, position));
+    }
   }
-}
+
+  void SetPosition(const content::Geoposition& source, CefGeoposition& target) {
+    target.latitude = source.latitude;
+    target.longitude = source.longitude;
+    target.altitude = source.altitude;
+    target.accuracy = source.accuracy;
+    target.altitude_accuracy = source.altitude_accuracy;
+    target.heading = source.heading;
+    target.speed = source.speed;
+    cef_time_from_basetime(source.timestamp, target.timestamp);
+
+    switch (source.error_code) {
+      case content::Geoposition::ERROR_CODE_NONE:
+        target.error_code = GEOPOSITON_ERROR_NONE;
+        break;
+      case content::Geoposition::ERROR_CODE_PERMISSION_DENIED:
+        target.error_code = GEOPOSITON_ERROR_PERMISSION_DENIED;
+        break;
+      case content::Geoposition::ERROR_CODE_POSITION_UNAVAILABLE:
+        target.error_code = GEOPOSITON_ERROR_POSITION_UNAVAILABLE;
+        break;
+      case content::Geoposition::ERROR_CODE_TIMEOUT:
+        target.error_code = GEOPOSITON_ERROR_TIMEOUT;
+        break;
+    }
+
+    CefString(&target.error_message) = source.error_message;
+  }
+
+  CefRefPtr<CefGetGeolocationCallback> callback_;
+  content::GeolocationProvider::LocationUpdateCallback geo_callback_;
+
+  DISALLOW_COPY_AND_ASSIGN(CefLocationRequest);
+};
 
 }  // namespace
 
@@ -65,10 +92,9 @@ bool CefGetGeolocation(CefRefPtr<CefGetGeolocationCallback> callback) {
   }
 
   if (CEF_CURRENTLY_ON_IOT()) {
-    content::GeolocationProvider* provider =
-        content::GeolocationProvider::GetInstance();
-    if (provider) {
-      provider->RequestCallback(base::Bind(LocationCallback, callback));
+    if (content::GeolocationProvider::GetInstance()) {
+      // Will be released after the callback executes.
+      new CefLocationRequest(callback);
       return true;
     }
     return false;

libcef/browser/menu_creator_runner_mac.mm

@@ -51,7 +51,8 @@ bool CefMenuCreatorRunnerMac::RunContextMenu(CefMenuCreator* manager) {
 
   {
     // Make sure events can be pumped while the menu is up.
-    MessageLoop::ScopedNestableTaskAllower allow(base::MessageLoop::current());
+    base::MessageLoop::ScopedNestableTaskAllower allow(
+        base::MessageLoop::current());
 
     // One of the events that could be pumped is |window.close()|.
     // User-initiated event-tracking loops protect against this by

libcef/browser/menu_creator_runner_win.cc

@@ -19,7 +19,8 @@ bool CefMenuCreatorRunnerWin::RunContextMenu(CefMenuCreator* manager) {
   menu_->Rebuild(NULL);
 
   // Make sure events can be pumped while the menu is up.
-  MessageLoop::ScopedNestableTaskAllower allow(base::MessageLoop::current());
+  base::MessageLoop::ScopedNestableTaskAllower allow(
+      base::MessageLoop::current());
 
   gfx::Point screen_point;
 

libcef/browser/proxy_stubs.cc

@@ -5,10 +5,14 @@
 #include "base/logging.h"
 #include "components/user_prefs/pref_registry_syncable.h"
 
+namespace user_prefs {
+
 // Required by PrefProxyConfigTrackerImpl::RegisterUserPrefs.
 void PrefRegistrySyncable::RegisterDictionaryPref(
-    const char* path,
-    base::DictionaryValue* default_value,
+    const char* path,
+    base::DictionaryValue* default_value,
     PrefSyncStatus sync_status) {
   NOTREACHED();
 }
+
+}  // namespace user_prefs

libcef/browser/render_widget_host_view_osr.cc

@@ -18,7 +18,7 @@
 #include "third_party/WebKit/Source/WebKit/chromium/public/win/WebScreenInfoFactory.h"
 #endif
 
-#include "webkit/glue/webcursor.h"
+#include "webkit/common/cursors/webcursor.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebScreenInfo.h"
 
 namespace {

libcef/browser/scheme_handler.cc

@@ -1,61 +1,30 @@
-// Copyright (c) 2012 The Chromium Embedded Framework Authors. All rights
+// Copyright (c) 2013 The Chromium Embedded Framework Authors. All rights
 // reserved. Use of this source code is governed by a BSD-style license that
 // can be found in the LICENSE file.
 
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/scheme_handler.h"
+
+#include <string>
+
 #include "libcef/browser/chrome_scheme_handler.h"
 #include "libcef/browser/devtools_scheme_handler.h"
-#include "libcef/renderer/content_renderer_client.h"
+#include "libcef/common/scheme_registration.h"
 
 #include "content/public/common/url_constants.h"
+#include "net/url_request/data_protocol_handler.h"
+#include "net/url_request/file_protocol_handler.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 
 namespace scheme {
 
-void AddInternalStandardSchemes(std::vector<std::string>* standard_schemes) {
-  static struct {
-    const char* name;
-    bool is_local;
-    bool is_display_isolated;
-  } schemes[] = {
-    { chrome::kChromeUIScheme,        true,  true  },
-    { chrome::kChromeDevToolsScheme,  true,  false }
-  };
-
-  for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i)
-    standard_schemes->push_back(schemes[i].name);
-
-  if (CefContentRendererClient::Get()) {
-    // Running in single-process mode. Register the schemes with WebKit.
-    for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i) {
-      CefContentRendererClient::Get()->AddCustomScheme(
-          schemes[i].name, true, schemes[i].is_local,
-          schemes[i].is_display_isolated);
-    }
-  }
-}
-
-bool IsInternalProtectedScheme(const std::string& scheme) {
-  // These values originate from StoragePartitionImplMap::Get() in
-  // content/browser/storage_partition_impl_map.cc and are modified by
-  // InstallInternalHandlers().
-  static const char* schemes[] = {
-    chrome::kBlobScheme,
-    chrome::kChromeUIScheme,
-    chrome::kFileSystemScheme,
-  };
-
-  for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i) {
-    if (scheme == schemes[i])
-      return true;
-  }
-
-  return false;
-}
-
 void InstallInternalProtectedHandlers(
     net::URLRequestJobFactoryImpl* job_factory,
     content::ProtocolHandlerMap* protocol_handlers) {
+  protocol_handlers->insert(
+      std::make_pair(chrome::kDataScheme, new net::DataProtocolHandler));
+  protocol_handlers->insert(
+      std::make_pair(chrome::kFileScheme, new net::FileProtocolHandler));
+
   for (content::ProtocolHandlerMap::iterator it =
            protocol_handlers->begin();
        it != protocol_handlers->end();
@@ -76,8 +45,8 @@ void InstallInternalProtectedHandlers(
       protocol_handler.reset(it->second.release());
     }
 
-    // Make sure IsInternalScheme() stays synchronized with what Chromium is
-    // actually giving us.
+    // Make sure IsInternalProtectedScheme() stays synchronized with what
+    // Chromium is actually giving us.
     DCHECK(IsInternalProtectedScheme(scheme));
 
     bool set_protocol = job_factory->SetProtocolHandler(

libcef/browser/scheme_handler.h

@@ -1,14 +1,11 @@
-// Copyright (c) 2012 The Chromium Embedded Framework Authors. All rights
+// Copyright (c) 2013 The Chromium Embedded Framework Authors. All rights
 // reserved. Use of this source code is governed by a BSD-style license that
 // can be found in the LICENSE file.
 
-#ifndef CEF_LIBCEF_BROWSER_SCHEME_REGISTRATION_H_
-#define CEF_LIBCEF_BROWSER_SCHEME_REGISTRATION_H_
+#ifndef CEF_LIBCEF_BROWSER_SCHEME_HANDLER_H_
+#define CEF_LIBCEF_BROWSER_SCHEME_HANDLER_H_
 #pragma once
 
-#include <string>
-#include <vector>
-
 #include "include/cef_frame.h"
 
 #include "content/public/browser/content_browser_client.h"
@@ -20,16 +17,6 @@ class URLRequestJobFactoryImpl;
 
 namespace scheme {
 
-// Add internal standard schemes.
-void AddInternalStandardSchemes(std::vector<std::string>* standard_schemes);
-
-// Returns true if the specified |scheme| is handled internally and should not
-// be explicitly registered or unregistered with the URLRequestJobFactory. A
-// registered handler for one of these schemes (like "chrome") may still be
-// triggered via chaining from an existing ProtocolHandler. |scheme| should
-// always be a lower-case string.
-bool IsInternalProtectedScheme(const std::string& scheme);
-
 // Install the internal scheme handlers provided by Chromium that cannot be
 // overridden.
 void InstallInternalProtectedHandlers(
@@ -44,4 +31,4 @@ void DidFinishLoad(CefRefPtr<CefFrame> frame, const GURL& validated_url);
 
 }  // namespace scheme
 
-#endif  // CEF_LIBCEF_BROWSER_SCHEME_REGISTRATION_H_
+#endif  // CEF_LIBCEF_BROWSER_SCHEME_HANDLER_H_

libcef/browser/scheme_impl.cc

@@ -11,11 +11,12 @@
 #include "libcef/browser/browser_host_impl.h"
 #include "libcef/browser/context.h"
 #include "libcef/browser/resource_request_job.h"
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/scheme_handler.h"
 #include "libcef/browser/thread_util.h"
 #include "libcef/browser/url_request_context_getter.h"
 #include "libcef/common/request_impl.h"
 #include "libcef/common/response_impl.h"
+#include "libcef/common/scheme_registration.h"
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
@@ -30,13 +31,8 @@
 #include "net/http/http_response_headers.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request.h"
-#include "net/url_request/url_request_about_job.h"
 #include "net/url_request/url_request_context.h"
-#include "net/url_request/url_request_data_job.h"
-#include "net/url_request/url_request_error_job.h"
-#include "net/url_request/url_request_file_job.h"
 #include "net/url_request/url_request_filter.h"
-#include "net/url_request/url_request_ftp_job.h"
 #include "net/url_request/url_request_http_job.h"
 #include "net/url_request/url_request_job.h"
 #include "net/url_request/url_request_job_factory_impl.h"
@@ -58,10 +54,6 @@ struct SchemeToFactory {
 static const SchemeToFactory kBuiltinFactories[] = {
   { "http", net::URLRequestHttpJob::Factory },
   { "https", net::URLRequestHttpJob::Factory },
-  { "file", net::URLRequestFileJob::Factory },
-  { "ftp", net::URLRequestFtpJob::Factory },
-  { "about", net::URLRequestAboutJob::Factory },
-  { "data", net::URLRequestDataJob::Factory },
 };
 
 bool IsBuiltinScheme(const std::string& scheme) {
@@ -301,8 +293,7 @@ class CefUrlRequestManager {
     return job;
   }
 
-  // Map (scheme, domain) to factories. This map will only be accessed on the IO
-  // thread.
+  // Map (scheme, domain) to factories. Will only be accessed on the IO thread.
   typedef std::map<std::pair<std::string, std::string>,
       CefRefPtr<CefSchemeHandlerFactory> > HandlerMap;
   HandlerMap handler_map_;

libcef/browser/url_request_context_getter.cc

@@ -11,7 +11,7 @@
 #include <vector>
 
 #include "libcef/browser/context.h"
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/scheme_handler.h"
 #include "libcef/browser/thread_util.h"
 #include "libcef/browser/url_network_delegate.h"
 #include "libcef/browser/url_request_context_proxy.h"
@@ -33,7 +33,6 @@
 #include "net/cert/cert_verifier.h"
 #include "net/cookies/cookie_monster.h"
 #include "net/dns/host_resolver.h"
-#include "net/ftp/ftp_network_layer.h"
 #include "net/http/http_auth_handler_factory.h"
 #include "net/http/http_cache.h"
 #include "net/http/http_server_properties_impl.h"
@@ -133,6 +132,7 @@ net::URLRequestContext* CefURLRequestContextGetter::GetURLRequestContext() {
     net::HttpCache::DefaultBackend* main_backend =
         new net::HttpCache::DefaultBackend(
             cache_path.empty() ? net::MEMORY_CACHE : net::DISK_CACHE,
+            net::CACHE_BACKEND_DEFAULT,
             cache_path,
             0,
             BrowserThread::GetMessageLoopProxyForThread(
@@ -163,9 +163,6 @@ net::URLRequestContext* CefURLRequestContextGetter::GetURLRequestContext() {
                                                     main_backend);
     storage_->set_http_transaction_factory(main_cache);
 
-    storage_->set_ftp_transaction_factory(
-      new net::FtpNetworkLayer(url_request_context_->host_resolver()));
-
     scoped_ptr<net::URLRequestJobFactoryImpl> job_factory(
         new net::URLRequestJobFactoryImpl());
     job_factory_impl_ = job_factory.get();

libcef/browser/url_request_context_proxy.cc

@@ -145,7 +145,6 @@ void CefURLRequestContextProxy::Initialize(CefBrowserHostImpl* browser) {
   set_ssl_config_service(context->ssl_config_service());
   set_http_auth_handler_factory(context->http_auth_handler_factory());
   set_http_transaction_factory(context->http_transaction_factory());
-  set_ftp_transaction_factory(context->ftp_transaction_factory());
   set_network_delegate(context->network_delegate());
   set_http_server_properties(context->http_server_properties());
   set_transport_security_state(context->transport_security_state());

libcef/common/content_client.cc

@@ -5,8 +5,10 @@
 #include "libcef/common/content_client.h"
 #include "include/cef_stream.h"
 #include "include/cef_version.h"
-#include "libcef/browser/scheme_registration.h"
+#include "libcef/browser/content_browser_client.h"
 #include "libcef/common/scheme_registrar_impl.h"
+#include "libcef/common/scheme_registration.h"
+#include "libcef/renderer/content_renderer_client.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
@@ -15,7 +17,7 @@
 #include "chrome/common/chrome_switches.h"
 #include "content/public/common/content_switches.h"
 #include "ui/base/resource/resource_bundle.h"
-#include "webkit/user_agent/user_agent_util.h"
+#include "webkit/common/user_agent/user_agent_util.h"
 
 namespace {
 
@@ -59,6 +61,11 @@ void CefContentClient::AddAdditionalSchemes(
   }
 
   scheme::AddInternalStandardSchemes(standard_schemes);
+
+  if (CefContentBrowserClient::Get())
+    CefContentBrowserClient::Get()->LockCustomSchemes();
+  if (CefContentRendererClient::Get())
+    CefContentRendererClient::Get()->LockCustomSchemes();
 }
 
 std::string CefContentClient::GetUserAgent() const {

libcef/common/scheme_registrar_impl.cc

@@ -6,6 +6,7 @@
 
 #include <string>
 
+#include "libcef/browser/content_browser_client.h"
 #include "libcef/renderer/content_renderer_client.h"
 
 #include "base/bind.h"
@@ -23,17 +24,21 @@ bool CefSchemeRegistrarImpl::AddCustomScheme(
   if (!VerifyContext())
     return false;
 
+  const std::string& scheme = scheme_name;
+
   if (is_standard)
-    standard_schemes_.push_back(scheme_name);
+    standard_schemes_.push_back(scheme);
 
   if (CefContentRendererClient::Get()) {
-    // Register the custom scheme with WebKit.
-    CefContentRendererClient::Get()->AddCustomScheme(scheme_name,
+    CefContentRendererClient::Get()->AddCustomScheme(scheme,
                                                      is_standard,
                                                      is_local,
                                                      is_display_isolated);
   }
 
+  if (CefContentBrowserClient::Get())
+    CefContentBrowserClient::Get()->AddCustomScheme(scheme);
+
   return true;
 }
 

libcef/common/scheme_registration.cc

@@ -0,0 +1,75 @@
+// Copyright (c) 2013 The Chromium Embedded Framework Authors. All rights
+// reserved. Use of this source code is governed by a BSD-style license that
+// can be found in the LICENSE file.
+
+#include "libcef/common/scheme_registration.h"
+#include "libcef/browser/content_browser_client.h"
+#include "libcef/renderer/content_renderer_client.h"
+
+#include "content/public/common/url_constants.h"
+
+namespace scheme {
+
+void AddInternalStandardSchemes(std::vector<std::string>* standard_schemes) {
+  static struct {
+    const char* name;
+    bool is_local;
+    bool is_display_isolated;
+  } schemes[] = {
+    { chrome::kChromeUIScheme,        true,  true  },
+    { chrome::kChromeDevToolsScheme,  true,  false }
+  };
+
+  for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i) {
+    standard_schemes->push_back(schemes[i].name);
+
+    if (CefContentBrowserClient::Get())
+      CefContentBrowserClient::Get()->AddCustomScheme(schemes[i].name);
+
+    if (CefContentRendererClient::Get()) {
+      CefContentRendererClient::Get()->AddCustomScheme(
+          schemes[i].name, true, schemes[i].is_local,
+          schemes[i].is_display_isolated);
+    }
+  }
+}
+
+bool IsInternalHandledScheme(const std::string& scheme) {
+  static const char* schemes[] = {
+    chrome::kBlobScheme,
+    chrome::kChromeDevToolsScheme,
+    chrome::kChromeUIScheme,
+    chrome::kDataScheme,
+    chrome::kFileScheme,
+    chrome::kFileSystemScheme,
+  };
+
+  for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i) {
+    if (scheme == schemes[i])
+      return true;
+  }
+
+  return false;
+}
+
+bool IsInternalProtectedScheme(const std::string& scheme) {
+  // Some of these values originate from StoragePartitionImplMap::Get() in
+  // content/browser/storage_partition_impl_map.cc and are modified by
+  // InstallInternalProtectedHandlers().
+  static const char* schemes[] = {
+    chrome::kBlobScheme,
+    chrome::kChromeUIScheme,
+    chrome::kDataScheme,
+    chrome::kFileScheme,
+    chrome::kFileSystemScheme,
+  };
+
+  for (size_t i = 0; i < sizeof(schemes) / sizeof(schemes[0]); ++i) {
+    if (scheme == schemes[i])
+      return true;
+  }
+
+  return false;
+}
+
+}  // namespace scheme

libcef/common/scheme_registration.h

@@ -0,0 +1,29 @@
+// Copyright (c) 2013 The Chromium Embedded Framework Authors. All rights
+// reserved. Use of this source code is governed by a BSD-style license that
+// can be found in the LICENSE file.
+
+#ifndef CEF_LIBCEF_COMMON_SCHEME_REGISTRATION_H_
+#define CEF_LIBCEF_COMMON_SCHEME_REGISTRATION_H_
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace scheme {
+
+// Add internal standard schemes.
+void AddInternalStandardSchemes(std::vector<std::string>* standard_schemes);
+
+// Returns true if the specified |scheme| is handled internally.
+bool IsInternalHandledScheme(const std::string& scheme);
+
+// Returns true if the specified |scheme| is handled internally and should not
+// be explicitly registered or unregistered with the URLRequestJobFactory. A
+// registered handler for one of these schemes (like "chrome") may still be
+// triggered via chaining from an existing ProtocolHandler. |scheme| should
+// always be a lower-case string.
+bool IsInternalProtectedScheme(const std::string& scheme);
+
+}  // namespace scheme
+
+#endif  // CEF_LIBCEF_COMMON_SCHEME_REGISTRATION_H_

libcef/renderer/content_renderer_client.cc

@@ -138,7 +138,8 @@ struct CefContentRendererClient::SchemeInfo {
 };
 
 CefContentRendererClient::CefContentRendererClient()
-    : devtools_agent_count_(0),
+    : scheme_info_list_locked_(false),
+      devtools_agent_count_(0),
       uncaught_exception_stack_size_(0),
       single_process_cleanup_complete_(false) {
 }
@@ -196,10 +197,16 @@ void CefContentRendererClient::AddCustomScheme(
     bool is_standard,
     bool is_local,
     bool is_display_isolated) {
+  DCHECK(!scheme_info_list_locked_);
   SchemeInfo info = {scheme_name, is_standard, is_local, is_display_isolated};
   scheme_info_list_.push_back(info);
 }
 
+void CefContentRendererClient::LockCustomSchemes() {
+  DCHECK(!scheme_info_list_locked_);
+  scheme_info_list_locked_ = true;
+}
+
 void CefContentRendererClient::WebKitInitialized() {
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
@@ -214,6 +221,7 @@ void CefContentRendererClient::WebKitInitialized() {
   WebKit::WebRuntimeFeatures::enableMediaStream(
       command_line.HasSwitch(switches::kEnableMediaStream));
 
+  DCHECK(scheme_info_list_locked_);
   if (!scheme_info_list_.empty()) {
     // Register the custom schemes.
     SchemeInfoList::const_iterator it = scheme_info_list_.begin();

libcef/renderer/content_renderer_client.h

@@ -46,6 +46,7 @@ class CefContentRendererClient : public content::ContentRendererClient,
                        bool is_standard,
                        bool is_local,
                        bool is_display_isolated);
+  void LockCustomSchemes();
 
   // Render thread task runner.
   base::SequencedTaskRunner* render_task_runner() const {
@@ -112,6 +113,7 @@ class CefContentRendererClient : public content::ContentRendererClient,
   struct SchemeInfo;
   typedef std::list<SchemeInfo> SchemeInfoList;
   SchemeInfoList scheme_info_list_;
+  bool scheme_info_list_locked_;
 
   // Cross-origin white list entries that need to be registered with WebKit.
   typedef std::vector<Cef_CrossOriginWhiteListEntry_Params> CrossOriginList;

libcef/renderer/dom_node_impl.cc

@@ -111,8 +111,6 @@ CefDOMNodeImpl::Type CefDOMNodeImpl::GetType() {
       return DOM_NODE_TYPE_TEXT;
     case WebNode::CDataSectionNode:
       return DOM_NODE_TYPE_CDATA_SECTION;
-    case WebNode::EntityReferenceNode:
-      return DOM_NODE_TYPE_ENTITY_REFERENCE;
     case WebNode::EntityNode:
       return DOM_NODE_TYPE_ENTITY;
     case WebNode::ProcessingInstructionsNode:

libcef/renderer/frame_impl.cc

@@ -20,7 +20,6 @@
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebView.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebScriptSource.h"
-#include "webkit/glue/webkit_glue.h"
 
 using WebKit::WebString;
 

libcef/renderer/render_urlrequest_impl.cc

@@ -16,7 +16,6 @@
 #include "third_party/WebKit/Source/Platform/chromium/public/WebURLLoaderClient.h"
 #include "third_party/WebKit/Source/Platform/chromium/public/WebURLRequest.h"
 #include "third_party/WebKit/Source/Platform/chromium/public/WebURLResponse.h"
-#include "third_party/WebKit/Source/WebKit/chromium/public/WebKit.h"
 
 using WebKit::WebString;
 using WebKit::WebURL;
@@ -105,7 +104,7 @@ class CefRenderURLRequest::Context
     if (!url.is_valid())
       return false;
 
-    loader_.reset(WebKit::webKitPlatformSupport()->createURLLoader());
+    loader_.reset(WebKit::Platform::current()->createURLLoader());
     url_client_.reset(new CefWebURLLoaderClient(this, request_->GetFlags()));
 
     WebURLRequest urlRequest;

libcef/renderer/webkit_glue.cc

@@ -6,10 +6,13 @@
 #include "libcef/renderer/webkit_glue.h"
 
 #include "base/compiler_specific.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"
+#include "third_party/WebKit/Source/WebKit/chromium/public/WebElement.h"
 
 #include "config.h"
 MSVC_PUSH_WARNING_LEVEL(0);
 #include "bindings/v8/ScriptController.h"
+#include "core/history/BackForwardController.h"
 #include "core/page/Page.h"
 #include "third_party/WebKit/Source/WebKit/chromium/src/WebFrameImpl.h"
 #include "third_party/WebKit/Source/WebKit/chromium/src/WebViewImpl.h"
@@ -22,7 +25,13 @@ bool CanGoBackOrForward(WebKit::WebView* view, int distance) {
   if (!view)
     return false;
   WebKit::WebViewImpl* impl = reinterpret_cast<WebKit::WebViewImpl*>(view);
-  return impl->page()->canGoBackOrForward(distance);
+  if (distance == 0)
+    return true;
+  if (distance > 0 && distance <= impl->page()->backForward()->forwardCount())
+    return true;
+  if (distance < 0 && -distance <= impl->page()->backForward()->backCount())
+    return true;
+  return false;
 }
 
 void GoBackOrForward(WebKit::WebView* view, int distance) {
@@ -37,4 +46,14 @@ v8::Handle<v8::Context> GetV8Context(WebKit::WebFrame* frame) {
   return WebCore::ScriptController::mainWorldContext(impl->frame());
 }
 
+base::string16 DumpDocumentText(WebKit::WebFrame* frame) {
+  // We use the document element's text instead of the body text here because
+  // not all documents have a body, such as XML documents.
+  WebKit::WebElement document_element = frame->document().documentElement();
+  if (document_element.isNull())
+    return base::string16();
+
+  return document_element.innerText();
+}
+
 }  // webkit_glue

libcef/renderer/webkit_glue.h

@@ -7,6 +7,7 @@
 #define CEF_LIBCEF_RENDERER_WEBKIT_GLUE_H_
 
 #include <string>
+#include "base/string16.h"
 #include "v8/include/v8.h"
 
 namespace WebKit {
@@ -22,6 +23,9 @@ void GoBackOrForward(WebKit::WebView* view, int distance);
 // Retrieve the V8 context associated with the frame.
 v8::Handle<v8::Context> GetV8Context(WebKit::WebFrame* frame);
 
+// Returns the text of the document element.
+base::string16 DumpDocumentText(WebKit::WebFrame* frame);
+
 }  // webkit_glue
 
 #endif  // CEF_LIBCEF_RENDERER_WEBKIT_GLUE_H_

patch/patches/gyp_331.patch

@@ -1,8 +1,8 @@
 Index: gyp/generator/ninja.py
 ===================================================================
---- gyp/generator/ninja.py	(revision 1602)
+--- gyp/generator/ninja.py	(revision 1640)
 +++ gyp/generator/ninja.py	(working copy)
-@@ -662,7 +662,16 @@
+@@ -664,7 +664,16 @@
        for path in copy['files']:
          # Normalize the path so trailing slashes don't confuse us.
          path = os.path.normpath(path)

patch/patches/spi_webcore_364.patch

@@ -1,8 +1,8 @@
 Index: page/FrameView.cpp
 ===================================================================
---- page/FrameView.cpp	(revision 149653)
+--- page/FrameView.cpp	(revision 151551)
 +++ page/FrameView.cpp	(working copy)
-@@ -199,10 +199,12 @@
+@@ -198,10 +198,12 @@
      if (!page)
          return;
  
@@ -17,7 +17,7 @@ Index: page/FrameView.cpp
  PassRefPtr<FrameView> FrameView::create(Frame* frame)
 Index: platform/mac/NSScrollerImpDetails.mm
 ===================================================================
---- platform/mac/NSScrollerImpDetails.mm	(revision 149653)
+--- platform/mac/NSScrollerImpDetails.mm	(revision 151551)
 +++ platform/mac/NSScrollerImpDetails.mm	(working copy)
 @@ -33,6 +33,7 @@
  

patch/patches/webkit_features.patch

@@ -1,10 +1,10 @@
 Index: features.gypi
 ===================================================================
---- features.gypi	(revision 149653)
+--- features.gypi	(revision 151551)
 +++ features.gypi	(working copy)
-@@ -90,7 +90,7 @@
+@@ -78,7 +78,7 @@
+         'feature_defines': [
            'ENABLE_CALENDAR_PICKER=1',
-           'ENABLE_DATALIST_ELEMENT=1',
            'ENABLE_INPUT_SPEECH=1',
 -          'ENABLE_INPUT_TYPE_COLOR=1',
 +          'ENABLE_INPUT_TYPE_COLOR=0',

patch/patches/webkit_popups.patch

@@ -1,8 +1,8 @@
 Index: public/WebView.h
 ===================================================================
---- public/WebView.h	(revision 149653)
+--- public/WebView.h	(revision 151551)
 +++ public/WebView.h	(working copy)
-@@ -418,6 +418,7 @@
+@@ -417,6 +417,7 @@
  
      // Sets whether select popup menus should be rendered by the browser.
      WEBKIT_EXPORT static void setUseExternalPopupMenus(bool);
@@ -12,22 +12,22 @@ Index: public/WebView.h
      // Visited link state --------------------------------------------------
 Index: src/ChromeClientImpl.cpp
 ===================================================================
---- src/ChromeClientImpl.cpp	(revision 149653)
+--- src/ChromeClientImpl.cpp	(revision 151551)
 +++ src/ChromeClientImpl.cpp	(working copy)
-@@ -976,7 +976,7 @@
+@@ -894,7 +894,7 @@
  
- PassRefPtr<PopupMenu> ChromeClientImpl::createPopupMenu(PopupMenuClient* client) const
+ PassRefPtr<PopupMenu> ChromeClientImpl::createPopupMenu(Frame& frame, PopupMenuClient* client) const
  {
 -    if (WebViewImpl::useExternalPopupMenus())
 +    if (m_webView->useExternalPopupMenus())
-         return adoptRef(new ExternalPopupMenu(client, m_webView->client()));
+         return adoptRef(new ExternalPopupMenu(frame, client, m_webView->client()));
  
-     return adoptRef(new PopupMenuChromium(client));
+     return adoptRef(new PopupMenuChromium(frame, client));
 Index: src/WebViewImpl.cpp
 ===================================================================
---- src/WebViewImpl.cpp	(revision 149653)
+--- src/WebViewImpl.cpp	(revision 151551)
 +++ src/WebViewImpl.cpp	(working copy)
-@@ -406,6 +406,7 @@
+@@ -385,6 +385,7 @@
      , m_fakeDoubleTapPageScaleFactor(0)
      , m_fakeDoubleTapUseAnchor(false)
      , m_contextMenuAllowed(false)
@@ -35,7 +35,7 @@ Index: src/WebViewImpl.cpp
      , m_doingDragAndDrop(false)
      , m_ignoreInputEvents(false)
      , m_suppressNextKeypressEvent(false)
-@@ -3704,9 +3705,14 @@
+@@ -3634,9 +3635,14 @@
      updateLayerTreeViewport();
  }
  
@@ -53,9 +53,9 @@ Index: src/WebViewImpl.cpp
  void WebViewImpl::setEmulatedTextZoomFactor(float textZoomFactor)
 Index: src/WebViewImpl.h
 ===================================================================
---- src/WebViewImpl.h	(revision 149653)
+--- src/WebViewImpl.h	(revision 151551)
 +++ src/WebViewImpl.h	(working copy)
-@@ -421,7 +421,8 @@
+@@ -417,7 +417,8 @@
  
      // Returns true if popup menus should be rendered by the browser, false if
      // they should be rendered by WebKit (which is the default).
@@ -65,7 +65,7 @@ Index: src/WebViewImpl.h
  
      bool contextMenuAllowed() const
      {
-@@ -753,6 +754,8 @@
+@@ -730,6 +731,8 @@
  
      bool m_contextMenuAllowed;
  

tests/unittests/scheme_handler_unittest.cc

@@ -1365,8 +1365,8 @@ TEST(SchemeHandlerTest, CustomStandardXHRDifferentOriginRedirectAsync) {
   EXPECT_TRUE(g_TestResults.got_read);
   EXPECT_TRUE(g_TestResults.got_output);
   EXPECT_TRUE(g_TestResults.got_sub_redirect);
-  EXPECT_FALSE(g_TestResults.got_sub_request);
-  EXPECT_FALSE(g_TestResults.got_sub_read);
+  EXPECT_TRUE(g_TestResults.got_sub_request);
+  EXPECT_TRUE(g_TestResults.got_sub_read);
   EXPECT_FALSE(g_TestResults.got_sub_success);
 
   ClearTestSchemes();

tests/unittests/urlrequest_unittest.cc

@@ -420,6 +420,7 @@ class RequestClient : public CefURLRequestClient {
     status_ = request->GetRequestStatus();
     error_code_ = request->GetRequestError();
     response_ = request->GetResponse();
+    EXPECT_TRUE(response_);
     EXPECT_TRUE(response_->IsReadOnly());
 
     delegate_->OnRequestComplete(this);