Upstream (most of) ios/web/public

This upstreams the bulk of ios/web/public. Mostly this is new files,
but also some diffs to existing files (where those don't introduce build
dependencies that aren't available yet).

All files in this CL are added to the build.

BUG=464810

Review URL: https://codereview.chromium.org/986743003

Cr-Commit-Position: refs/heads/master@{#319554}

36 files changed, 1623 insertions, 1 deletions

diff --git a/ios/web/ios_web.gyp b/ios/web/ios_web.gyp
index f387fcc..37545c9 100644
--- a/ios/web/ios_web.gyp
+++ b/ios/web/ios_web.gyp
@@ -25,32 +25,55 @@
         'load_committed_details.cc',
         'navigation/navigation_item_impl.h',
         'navigation/navigation_item_impl.mm',
+        'net/cert_policy.cc',
+        'net/certificate_policy_cache.cc',
         'public/block_types.h',
         'public/browser_state.h',
+        'public/browser_url_rewriter.h',
+        'public/cert_policy.h',
+        'public/certificate_policy_cache.h',
         'public/favicon_status.cc',
         'public/favicon_status.h',
+        'public/favicon_url.cc',
+        'public/favicon_url.h',
+        'public/interstitials/web_interstitial.h',
+        'public/interstitials/web_interstitial_delegate.h',
         'public/load_committed_details.h',
         'public/navigation_item.h',
         'public/referrer.h',
+        'public/referrer_util.h',
+        'public/referrer_util.cc',
         'public/security_style.h',
         'public/ssl_status.cc',
         'public/ssl_status.h',
         'public/string_util.h',
         'public/url_scheme_util.h',
+        'public/url_util.h',
         'public/user_agent.h',
         'public/user_agent.mm',
-        'public/web_client.cc',
+        'public/user_metrics.h',
         'public/web_client.h',
+        'public/web_client.mm',
+        'public/web_state/crw_native_content.h',
+        'public/web_state/crw_native_content_provider.h',
+        'public/web_state/crw_web_controller_observer.h',
+        'public/web_state/crw_web_delegate.h',
+        'public/web_state/crw_web_user_interface_delegate.h'
         'public/web_state/js/crw_js_base_manager.h',
         'public/web_state/js/crw_js_early_script_manager.h',
         'public/web_state/js/crw_js_injection_evaluator.h',
         'public/web_state/js/crw_js_injection_manager.h',
         'public/web_state/js/crw_js_injection_receiver.h',
         'public/web_state/js/crw_js_message_manager.h',
+        'public/web_state/url_verification_constants.h',
         'public/web_state/web_state_observer.h',
+        'public/web_state/web_state_observer_bridge.h',
         'public/web_thread.h',
+        'public/web_view_type.h',
         'string_util.cc',
         'url_scheme_util.mm',
+        'url_util.cc',
+        'user_metrics.cc',
         'web_state/js/crw_js_base_manager.mm',
         'web_state/js/crw_js_common_manager.h',
         'web_state/js/crw_js_common_manager.mm',
@@ -61,6 +84,7 @@
         'web_state/js/crw_js_message_dynamic_manager.mm',
         'web_state/js/crw_js_message_manager.mm',
         'web_state/web_state_observer.cc',
+        'web_state/web_state_observer_bridge.mm',
         'web_thread.cc',
         'web_thread_impl.cc',
         'web_thread_impl.h',
diff --git a/ios/web/ios_web_unittests.gyp b/ios/web/ios_web_unittests.gyp
index 994d09d..1bf966f 100644
--- a/ios/web/ios_web_unittests.gyp
+++ b/ios/web/ios_web_unittests.gyp
@@ -21,8 +21,11 @@
       'sources': [
         'browser_state_unittest.cc',
         'navigation/navigation_item_impl_unittest.mm',
+        'net/cert_policy_unittest.cc',
+        'public/referrer_util_unittest.cc',
         'string_util_unittest.cc',
         'url_scheme_util_unittest.mm',
+        'url_util_unittest.cc',
       ],
     },
   ],
diff --git a/ios/web/net/cert_policy.cc b/ios/web/net/cert_policy.cc
new file mode 100644
index 0000000..46d5699
--- /dev/null
+++ b/ios/web/net/cert_policy.cc
@@ -0,0 +1,39 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/cert_policy.h"
+
+#include "base/logging.h"
+#include "net/cert/x509_certificate.h"
+
+namespace web {
+
+CertPolicy::CertPolicy() {
+}
+
+CertPolicy::~CertPolicy() {
+}
+
+// We consider a given |cert| to be a match to a saved allowed cert if the
+// |error| is an exact match to or subset of the errors in the saved CertStatus.
+CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
+                                       net::CertStatus error) const {
+  std::map<net::SHA1HashValue,
+           net::CertStatus,
+           net::SHA1HashValueLessThan>::const_iterator allowed_iter =
+      allowed_.find(cert->fingerprint());
+  if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
+      !(~(allowed_iter->second & error) ^ ~error)) {
+    return ALLOWED;
+  }
+  return UNKNOWN;  // We don't have a policy for this cert.
+}
+
+void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) {
+  // If this same cert had already been saved with a different error status,
+  // this will replace it with the new error status.
+  allowed_[cert->fingerprint()] = error;
+}
+
+}  // namespace web
diff --git a/ios/web/net/cert_policy_unittest.cc b/ios/web/net/cert_policy_unittest.cc
new file mode 100644
index 0000000..47d2f25
--- /dev/null
+++ b/ios/web/net/cert_policy_unittest.cc
@@ -0,0 +1,75 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/cert_policy.h"
+
+#include "base/memory/ref_counted.h"
+#include "net/cert/x509_certificate.h"
+#include "net/test/test_certificate_data.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace web {
+
+TEST(CertPolicyTest, Policy) {
+  scoped_refptr<net::X509Certificate> google_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(google_der), sizeof(google_der)));
+
+  scoped_refptr<net::X509Certificate> webkit_cert(
+      net::X509Certificate::CreateFromBytes(
+          reinterpret_cast<const char*>(webkit_der), sizeof(webkit_der)));
+
+  CertPolicy policy;
+
+  // To begin with, everything should be unknown.
+  EXPECT_EQ(CertPolicy::UNKNOWN,
+            policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+
+  // Test adding one certificate with one error.
+  policy.Allow(google_cert.get(), net::CERT_STATUS_DATE_INVALID);
+  EXPECT_EQ(CertPolicy::ALLOWED,
+            policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+  EXPECT_EQ(CertPolicy::UNKNOWN,
+            policy.Check(google_cert.get(),
+                         net::CERT_STATUS_DATE_INVALID |
+                             net::CERT_STATUS_COMMON_NAME_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+
+  // Test saving the same certificate with a new error.
+  policy.Allow(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID);
+  EXPECT_EQ(CertPolicy::UNKNOWN,
+            policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(
+      CertPolicy::ALLOWED,
+      policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+
+  // Test adding one certificate with two errors.
+  policy.Allow(
+      google_cert.get(),
+      net::CERT_STATUS_DATE_INVALID | net::CERT_STATUS_AUTHORITY_INVALID);
+  EXPECT_EQ(CertPolicy::ALLOWED,
+            policy.Check(google_cert.get(), net::CERT_STATUS_DATE_INVALID));
+  EXPECT_EQ(
+      CertPolicy::ALLOWED,
+      policy.Check(google_cert.get(), net::CERT_STATUS_AUTHORITY_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(google_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+  EXPECT_EQ(
+      CertPolicy::UNKNOWN,
+      policy.Check(webkit_cert.get(), net::CERT_STATUS_COMMON_NAME_INVALID));
+}
+
+}  // namespace web
diff --git a/ios/web/net/certificate_policy_cache.cc b/ios/web/net/certificate_policy_cache.cc
new file mode 100644
index 0000000..5a0ef07
--- /dev/null
+++ b/ios/web/net/certificate_policy_cache.cc
@@ -0,0 +1,38 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/certificate_policy_cache.h"
+
+#include "base/logging.h"
+#include "ios/web/public/web_thread.h"
+
+namespace web {
+
+CertificatePolicyCache::CertificatePolicyCache() {
+}
+
+CertificatePolicyCache::~CertificatePolicyCache() {
+}
+
+void CertificatePolicyCache::AllowCertForHost(net::X509Certificate* cert,
+                                              const std::string& host,
+                                              net::CertStatus error) {
+  DCHECK_CURRENTLY_ON_WEB_THREAD(WebThread::IO);
+  cert_policy_for_host_[host].Allow(cert, error);
+}
+
+CertPolicy::Judgment CertificatePolicyCache::QueryPolicy(
+    net::X509Certificate* cert,
+    const std::string& host,
+    net::CertStatus error) {
+  DCHECK_CURRENTLY_ON_WEB_THREAD(WebThread::IO);
+  return cert_policy_for_host_[host].Check(cert, error);
+}
+
+void CertificatePolicyCache::ClearCertificatePolicies() {
+  DCHECK_CURRENTLY_ON_WEB_THREAD(WebThread::IO);
+  cert_policy_for_host_.clear();
+}
+
+}  // namespace web
diff --git a/ios/web/public/browser_url_rewriter.h b/ios/web/public/browser_url_rewriter.h
new file mode 100644
index 0000000..5738854
--- /dev/null
+++ b/ios/web/public/browser_url_rewriter.h
@@ -0,0 +1,42 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_BROWSER_URL_REWRITER_H_
+#define IOS_WEB_PUBLIC_BROWSER_URL_REWRITER_H_
+
+class GURL;
+
+namespace web {
+
+class BrowserState;
+
+// Some special browser-level URLs (like "about:version") are handled before
+// actually being loaded by the web view, allowing the embedder to optionally
+// convert them to app-specific URLs that to be handled using
+// CRWNativeContentProviders.
+class BrowserURLRewriter {
+ public:
+  // The type of functions that can process a URL.  URLRewriters return true if
+  // |url| is ready to be loaded and added to the NavigationManager.  They can
+  // optionally modify |url| regardless of whether they return true or false.
+  typedef bool (*URLRewriter)(GURL* url, BrowserState* browser_state);
+
+  // Returns the singleton instance.
+  static BrowserURLRewriter* GetInstance();
+
+  // RewriteURLIfNecessary gives all registered URLRewriters a shot at
+  // processing the given URL, and modifies it in place.
+  virtual void RewriteURLIfNecessary(GURL* url,
+                                     BrowserState* browser_state) = 0;
+
+  // Adds |rewriter| to the list of URL rewriters.  |rewriter| must not be null.
+  virtual void AddURLRewriter(URLRewriter rewriter) = 0;
+
+ protected:
+  virtual ~BrowserURLRewriter() {}
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_BROWSER_URL_REWRITER_H_
diff --git a/ios/web/public/cert_policy.h b/ios/web/public/cert_policy.h
new file mode 100644
index 0000000..037ef30
--- /dev/null
+++ b/ios/web/public/cert_policy.h
@@ -0,0 +1,55 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_CERT_POLICY_H_
+#define IOS_WEB_PUBLIC_CERT_POLICY_H_
+
+#include <map>
+
+#include "net/base/hash_value.h"
+#include "net/cert/cert_status_flags.h"
+
+namespace net {
+class X509Certificate;
+}
+
+namespace web {
+
+// This class is useful for maintaining policies about which certificates are
+// permitted or forbidden for a particular purpose.
+class CertPolicy {
+ public:
+  // The judgments this policy can reach.
+  enum Judgment {
+    // We don't have policy information for this certificate.
+    UNKNOWN,
+
+    // This certificate is allowed.
+    ALLOWED,
+
+    // This certificate is denied.
+    DENIED,
+  };
+
+  CertPolicy();
+  ~CertPolicy();
+
+  // Returns the judgment this policy makes about this certificate.
+  // For a certificate to be allowed, it must not have any *additional* errors
+  // from when it was allowed.
+  // This function returns either ALLOWED or UNKNOWN, but never DENIED.
+  Judgment Check(net::X509Certificate* cert, net::CertStatus error) const;
+
+  // Causes the policy to allow this certificate for a given |error|.
+  void Allow(net::X509Certificate* cert, net::CertStatus error);
+
+ private:
+  // The set of fingerprints of allowed certificates.
+  std::map<net::SHA1HashValue, net::CertStatus, net::SHA1HashValueLessThan>
+      allowed_;
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_CERT_POLICY_H_
diff --git a/ios/web/public/certificate_policy_cache.h b/ios/web/public/certificate_policy_cache.h
new file mode 100644
index 0000000..51d5d4b
--- /dev/null
+++ b/ios/web/public/certificate_policy_cache.h
@@ -0,0 +1,56 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_
+#define IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_
+
+#include <map>
+#include <string>
+
+#include "ios/web/public/cert_policy.h"
+#include "net/cert/x509_certificate.h"
+
+namespace web {
+
+// A manager for certificate policy decisions for hosts, used to remember
+// decisions about how to handle problematic certs.
+// This class is thread-safe only in that in can be created and passed around
+// on any thread; the policy-related methods can only be called from the IO
+// thread.
+class CertificatePolicyCache
+    : public base::RefCountedThreadSafe<CertificatePolicyCache> {
+ public:
+  // Can be called from any thread:
+  CertificatePolicyCache();
+
+  // Everything from here on can only be called from the IO thread.
+
+  // Records that |cert| is permitted to be used for |host| in the future.
+  virtual void AllowCertForHost(net::X509Certificate* cert,
+                                const std::string& host,
+                                net::CertStatus error);
+
+  // Queries whether |cert| is allowed or denied for |host|.
+  virtual CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
+                                           const std::string& host,
+                                           net::CertStatus error);
+
+  // Removes all policies stored in this instance.
+  virtual void ClearCertificatePolicies();
+
+ protected:
+  virtual ~CertificatePolicyCache();
+
+ private:
+  friend class base::RefCountedThreadSafe<CertificatePolicyCache>;
+
+  // Certificate policies for each host.
+  std::map<std::string, CertPolicy> cert_policy_for_host_;
+
+  DISALLOW_COPY_AND_ASSIGN(CertificatePolicyCache);
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_CERTIFICATE_POLICY_CACHE_H_
diff --git a/ios/web/public/favicon_url.cc b/ios/web/public/favicon_url.cc
new file mode 100644
index 0000000..53f15733
--- /dev/null
+++ b/ios/web/public/favicon_url.cc
@@ -0,0 +1,21 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/favicon_url.h"
+
+namespace web {
+
+FaviconURL::FaviconURL()
+  : icon_type(INVALID_ICON) {
+}
+
+FaviconURL::FaviconURL(const GURL& url,
+                       IconType type,
+                       const std::vector<gfx::Size>& sizes)
+    : icon_url(url), icon_type(type), icon_sizes(sizes) {}
+
+FaviconURL::~FaviconURL() {
+}
+
+} // namespace web
diff --git a/ios/web/public/favicon_url.h b/ios/web/public/favicon_url.h
new file mode 100644
index 0000000..762ce85
--- /dev/null
+++ b/ios/web/public/favicon_url.h
@@ -0,0 +1,44 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_FAVICON_URL_
+#define IOS_WEB_PUBLIC_FAVICON_URL_
+
+#include <vector>
+
+#include "ui/gfx/geometry/size.h"
+#include "url/gurl.h"
+
+namespace web {
+
+// The favicon url from the render.
+struct FaviconURL {
+  // The icon type in a page. The definition must be same as
+  // favicon_base::IconType.
+  enum IconType {
+    INVALID_ICON = 0x0,
+    FAVICON = 1 << 0,
+    TOUCH_ICON = 1 << 1,
+    TOUCH_PRECOMPOSED_ICON = 1 << 2
+  };
+
+  FaviconURL();
+  FaviconURL(const GURL& url,
+             IconType type,
+             const std::vector<gfx::Size>& sizes);
+  ~FaviconURL();
+
+  // The url of the icon.
+  GURL icon_url;
+
+  // The type of the icon
+  IconType icon_type;
+
+  // Icon's bitmaps' size
+  std::vector<gfx::Size> icon_sizes;
+};
+
+} // namespace web
+
+#endif  // IOS_WEB_PUBLIC_FAVICON_URL_
diff --git a/ios/web/public/interstitials/web_interstitial.h b/ios/web/public/interstitials/web_interstitial.h
new file mode 100644
index 0000000..da8ae68b
--- /dev/null
+++ b/ios/web/public/interstitials/web_interstitial.h
@@ -0,0 +1,64 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_H_
+#define IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_H_
+
+class GURL;
+
+namespace gfx {
+class Size;
+}
+
+namespace web {
+
+class WebInterstitialDelegate;
+class WebState;
+
+// This class is used for showing interstitial pages, pages that show some
+// informative message asking for user validation before reaching the target
+// page. (Navigating to a page served over bad HTTPS or a page containing
+// malware are typical cases where an interstitial is required.)
+//
+// WebInterstitial instances take care of deleting themselves when closed by the
+// WebState or through a navigation.
+class WebInterstitial {
+ public:
+  // Creates an interstitial page to show in |web_state|. Takes ownership of
+  // |delegate|. Reloading the interstitial page will result in a new navigation
+  // to |url|.
+  static WebInterstitial* Create(WebState* web_state,
+                                 const GURL& url,
+                                 scoped_ptr<WebInterstitialDelegate> delegate);
+
+  // Retrieves the WebInterstitial if any associated with the specified
+  // |web_state|.
+  static WebInterstitial* GetWebInterstitial(WebState* web_state);
+
+  virtual ~WebInterstitial() {}
+
+  // Shows the interstitial page in the WebState.
+  virtual void Show() = 0;
+
+  // Hides the interstitial page.
+  virtual void Hide() = 0;
+
+  // Reverts to the page showing before the interstitial.
+  // Delegates should call this method when the user has chosen NOT to proceed
+  // to the target URL.
+  // Warning: 'this' has been deleted when this method returns.
+  virtual void DontProceed() = 0;
+
+  // Delegates should call this method when the user has chosen to proceed to
+  // the target URL.
+  // Warning: 'this' has been deleted when this method returns.
+  virtual void Proceed() = 0;
+
+  // Sizes the view showing the actual interstitial page contents.
+  virtual void SetSize(const gfx::Size& size) = 0;
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_H_
diff --git a/ios/web/public/interstitials/web_interstitial_delegate.h b/ios/web/public/interstitials/web_interstitial_delegate.h
new file mode 100644
index 0000000..fefad16
--- /dev/null
+++ b/ios/web/public/interstitials/web_interstitial_delegate.h
@@ -0,0 +1,33 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_DELEGATE_H_
+#define IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_DELEGATE_H_
+
+#include <string>
+
+namespace web {
+
+// Controls and provides the html for an interstitial page. The delegate is
+// owned by the WebInterstitial.
+class WebInterstitialDelegate {
+ public:
+  virtual ~WebInterstitialDelegate() {}
+
+  // Returns the HTML that should be displayed in the page.
+  virtual std::string GetHtmlContents() const = 0;
+
+  // Called when the interstitial is proceeded or cancelled. Note that this may
+  // be called directly even if the embedder didn't call Proceed or DontProceed
+  // on WebInterstitial, since navigations etc may cancel them.
+  virtual void OnProceed() {}
+  virtual void OnDontProceed() {}
+
+  // Invoked when a WebInterstitial receives a command via JavaScript.
+  virtual void CommandReceived(const std::string& command) {}
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_INTERSTITIALS_WEB_INTERSTITIAL_DELEGATE_H_
diff --git a/ios/web/public/referrer_util.cc b/ios/web/public/referrer_util.cc
new file mode 100644
index 0000000..579ca1b
--- /dev/null
+++ b/ios/web/public/referrer_util.cc
@@ -0,0 +1,75 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/referrer_util.h"
+
+#include "base/logging.h"
+#include "ios/web/public/referrer.h"
+#include "url/gurl.h"
+
+namespace web {
+
+GURL ReferrerForHeader(const GURL& referrer) {
+  DCHECK(referrer.is_valid());
+  GURL::Replacements replacements;
+  replacements.ClearUsername();
+  replacements.ClearPassword();
+  replacements.ClearRef();
+  return referrer.ReplaceComponents(replacements);
+}
+
+std::string ReferrerHeaderValueForNavigation(
+    const GURL& destination,
+    const web::Referrer& referrer) {
+  std::string referrer_value;
+  bool leaving_secure_scheme =
+      referrer.url.SchemeIsSecure() && !destination.SchemeIsSecure();
+  if (referrer.policy == ReferrerPolicyAlways ||
+      (referrer.policy == ReferrerPolicyDefault && !leaving_secure_scheme)) {
+    if (referrer.url.is_valid())
+      referrer_value = ReferrerForHeader(referrer.url).spec();
+  } else if (referrer.policy == ReferrerPolicyOrigin) {
+    referrer_value = referrer.url.GetOrigin().spec();
+  } else {
+    // Policy is Never, or it's Default with a secure->insecure transition, so
+    // leave it empty.
+  }
+  return referrer_value;
+}
+
+net::URLRequest::ReferrerPolicy PolicyForNavigation(
+    const GURL& destination,
+    const web::Referrer& referrer) {
+  net::URLRequest::ReferrerPolicy net_referrer_policy =
+      net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE;
+  if (referrer.url.is_valid()) {
+    GURL referrer_url(ReferrerHeaderValueForNavigation(destination, referrer));
+    if (!referrer_url.is_empty()) {
+      switch (referrer.policy) {
+        case ReferrerPolicyDefault:
+          break;
+        case ReferrerPolicyAlways:
+        case ReferrerPolicyNever:
+        case ReferrerPolicyOrigin:
+          net_referrer_policy = net::URLRequest::NEVER_CLEAR_REFERRER;
+          break;
+        default:
+          NOTREACHED();
+      }
+    }
+  }
+  return net_referrer_policy;
+}
+
+ReferrerPolicy ReferrerPolicyFromString(const std::string& policy) {
+  if (policy == "never")
+    return ReferrerPolicyNever;
+  if (policy == "always")
+    return ReferrerPolicyAlways;
+  if (policy == "origin")
+    return ReferrerPolicyOrigin;
+  return web::ReferrerPolicyDefault;
+}
+
+}  // namespace web
diff --git a/ios/web/public/referrer_util.h b/ios/web/public/referrer_util.h
new file mode 100644
index 0000000..3500dfc
--- /dev/null
+++ b/ios/web/public/referrer_util.h
@@ -0,0 +1,40 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_REFERRER_UTIL_H_
+#define IOS_WEB_PUBLIC_REFERRER_UTIL_H_
+
+#include <string>
+
+#include "ios/web/public/referrer.h"
+#include "net/url_request/url_request.h"
+
+class GURL;
+
+namespace web {
+
+// Returns a sanitized version of |referrer| for use in a Referer header.
+GURL ReferrerForHeader(const GURL& referrer);
+
+// Returns the string that should be sent as the Referer header value for
+// navigating to |destination| from the given referrer, taking the referrer
+// policy into account. Returns an empty string if no Referer should be sent.
+std::string ReferrerHeaderValueForNavigation(
+    const GURL& destination,
+    const web::Referrer& referrer);
+
+// Returns the policy that should be used to process subsequent forwards, if
+// any.
+net::URLRequest::ReferrerPolicy PolicyForNavigation(
+    const GURL& destination,
+    const web::Referrer& referrer);
+
+// Returns the WebReferrerPolicy corresponding to the given policy string
+// (e.g., 'always', 'never', 'origin', 'default'). The string is assumed to
+// be lowercase already. Unrecognized values will be treated as Default.
+ReferrerPolicy ReferrerPolicyFromString(const std::string& policy);
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_REFERRER_UTIL_H_
diff --git a/ios/web/public/referrer_util_unittest.cc b/ios/web/public/referrer_util_unittest.cc
new file mode 100644
index 0000000..f59edf9
--- /dev/null
+++ b/ios/web/public/referrer_util_unittest.cc
@@ -0,0 +1,116 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/referrer_util.h"
+
+#include "ios/web/public/referrer.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+
+namespace {
+
+const char* test_urls[] = {
+    "",
+    "http://insecure.com/foo/bar.html",
+    "https://secure.net/trustworthy.html",
+};
+
+enum { Empty = 0, Insecure, Secure };
+
+TEST(ReferrerUtilTest, Sanitization) {
+  GURL unsanitized("http://user:password@foo.com/bar/baz.html#fragment");
+  GURL sanitized = web::ReferrerForHeader(unsanitized);
+  EXPECT_EQ("http://foo.com/bar/baz.html", sanitized.spec());
+}
+
+TEST(ReferrerUtilTest, DefaultPolicy) {
+  // Default: all but secure->insecure should have a full referrer.
+  for (unsigned int source = Empty; source < arraysize(test_urls); ++source) {
+    for (unsigned int dest = Insecure; dest < arraysize(test_urls); ++dest) {
+      web::Referrer referrer(GURL(test_urls[source]),
+                             web::ReferrerPolicyDefault);
+      std::string value = web::ReferrerHeaderValueForNavigation(
+          GURL(test_urls[dest]), referrer);
+      if (source == Empty)
+        EXPECT_EQ("", value);
+      else if (source == Secure && dest == Insecure)
+        EXPECT_EQ("", value);
+      else
+        EXPECT_EQ(test_urls[source], value);
+
+      net::URLRequest::ReferrerPolicy policy =
+          web::PolicyForNavigation(GURL(test_urls[dest]), referrer);
+      EXPECT_EQ(
+          net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+          policy);
+    }
+  }
+}
+
+TEST(ReferrerUtilTest, NeverPolicy) {
+  // Never: always empty string.
+  for (unsigned int source = Empty; source < arraysize(test_urls); ++source) {
+    for (unsigned int dest = Insecure; dest < arraysize(test_urls); ++dest) {
+      web::Referrer referrer(GURL(test_urls[source]),
+                             web::ReferrerPolicyNever);
+      std::string value = web::ReferrerHeaderValueForNavigation(
+          GURL(test_urls[dest]), referrer);
+      EXPECT_EQ("", value);
+
+      net::URLRequest::ReferrerPolicy policy =
+          web::PolicyForNavigation(GURL(test_urls[dest]), referrer);
+      EXPECT_EQ(
+          net::URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+          policy);
+    }
+  }
+}
+
+TEST(ReferrerUtilTest, AlwaysPolicy) {
+  // Always: always the full referrer.
+  for (unsigned int source = Empty; source < arraysize(test_urls); ++source) {
+    for (unsigned int dest = Insecure; dest < arraysize(test_urls); ++dest) {
+      web::Referrer referrer(GURL(test_urls[source]),
+                             web::ReferrerPolicyAlways);
+      std::string value = web::ReferrerHeaderValueForNavigation(
+          GURL(test_urls[dest]), referrer);
+      EXPECT_EQ(test_urls[source], value);
+
+      net::URLRequest::ReferrerPolicy policy =
+          web::PolicyForNavigation(GURL(test_urls[dest]), referrer);
+      if (source == Empty) {
+        EXPECT_EQ(net::URLRequest::
+                      CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+                  policy);
+      } else {
+        EXPECT_EQ(net::URLRequest::NEVER_CLEAR_REFERRER, policy);
+      }
+    }
+  }
+}
+
+TEST(ReferrerUtilTest, OriginPolicy) {
+  // Always: always just the origin.
+  for (unsigned int source = Empty; source < arraysize(test_urls); ++source) {
+    for (unsigned int dest = Insecure; dest < arraysize(test_urls); ++dest) {
+      web::Referrer referrer(GURL(test_urls[source]),
+                             web::ReferrerPolicyOrigin);
+      std::string value = web::ReferrerHeaderValueForNavigation(
+          GURL(test_urls[dest]), referrer);
+      EXPECT_EQ(GURL(test_urls[source]).GetOrigin().spec(), value);
+
+      net::URLRequest::ReferrerPolicy policy =
+          web::PolicyForNavigation(GURL(test_urls[dest]), referrer);
+      if (source == Empty) {
+        EXPECT_EQ(net::URLRequest::
+                      CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
+                  policy);
+      } else {
+        EXPECT_EQ(net::URLRequest::NEVER_CLEAR_REFERRER, policy);
+      }
+    }
+  }
+}
+
+}  // namespace
diff --git a/ios/web/public/test/crw_test_js_injection_receiver.mm b/ios/web/public/test/crw_test_js_injection_receiver.mm
index 3d6d55d..ca987a6 100644
--- a/ios/web/public/test/crw_test_js_injection_receiver.mm
+++ b/ios/web/public/test/crw_test_js_injection_receiver.mm
@@ -49,6 +49,10 @@
   [_webView stringByEvaluatingJavaScriptFromString:script];
 }
 
+- (web::WebViewType)webViewType {
+  return web::UI_WEB_VIEW_TYPE;
+}
+
 @end
 
 @interface CRWTestJSInjectionReceiver () {
diff --git a/ios/web/public/url_util.h b/ios/web/public/url_util.h
new file mode 100644
index 0000000..30b8d76
--- /dev/null
+++ b/ios/web/public/url_util.h
@@ -0,0 +1,17 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_URL_UTIL_H_
+#define IOS_WEB_PUBLIC_URL_UTIL_H_
+
+#include "url/gurl.h"
+
+namespace web {
+
+// Removes the # (if any) and everything following it from a URL.
+GURL GURLByRemovingRefFromGURL(const GURL& full_url);
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_URL_UTIL_H_
diff --git a/ios/web/public/user_metrics.h b/ios/web/public/user_metrics.h
new file mode 100644
index 0000000..2f354ed
--- /dev/null
+++ b/ios/web/public/user_metrics.h
@@ -0,0 +1,27 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_USER_METRICS_H_
+#define IOS_WEB_PUBLIC_USER_METRICS_H_
+
+#include <string>
+
+#include "base/callback.h"
+
+namespace base {
+struct UserMetricsAction;
+}  // namespace base
+
+namespace web {
+
+// Wrappers around functions defined in base/metrics/user_metrics.h, refer to
+// that header for full documentation. These wrappers can be called from any
+// thread (they will post back to the UI thread to do the recording).
+
+void RecordAction(const base::UserMetricsAction& action);
+void RecordComputedAction(const std::string& action);
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_USER_METRICS_H_
diff --git a/ios/web/public/web_client.h b/ios/web/public/web_client.h
index 41ee680..d4bd2b0 100644
--- a/ios/web/public/web_client.h
+++ b/ios/web/public/web_client.h
@@ -10,6 +10,7 @@
 
 #include "base/strings/string16.h"
 #include "base/strings/string_piece.h"
+#include "ios/web/public/web_view_type.h"
 #include "ui/base/layout.h"
 
 namespace base {
@@ -20,8 +21,10 @@ class GURL;
 
 #ifdef __OBJC__
 @class UIWebView;
+@class NSString;
 #else
 class UIWebView;
+class NSString;
 #endif
 
 namespace web {
@@ -61,6 +64,9 @@ class WebClient {
   // Used to decide URL formating.
   virtual std::string GetAcceptLangs(BrowserState* state) const;
 
+  // Returns the embedding application locale string.
+  virtual std::string GetApplicationLocale() const;
+
   // Returns true if URL has application specific schema. Embedder must return
   // true for every custom app specific schema it supports. For example Chromium
   // browser would return true for "chrome://about" URL.
@@ -100,6 +106,10 @@ class WebClient {
   // Gives the embedder a chance to add url rewriters to the BrowserURLRewriter
   // singleton.
   virtual void PostBrowserURLRewriterCreation(BrowserURLRewriter* rewriter) {}
+
+  // Gives the embedder a chance to provide the JavaScript to be injected into
+  // the web view as early as possible. Result must not be nil.
+  virtual NSString* GetEarlyPageScript(WebViewType web_view_type) const;
 };
 
 }  // namespace web
diff --git a/ios/web/public/web_client.cc b/ios/web/public/web_client.mm
index 0f2cf0c..ef46fdf 100644
--- a/ios/web/public/web_client.cc
+++ b/ios/web/public/web_client.mm
@@ -4,6 +4,8 @@
 
 #include "ios/web/public/web_client.h"
 
+#include <Foundation/Foundation.h>
+
 namespace web {
 
 static WebClient* g_client;
@@ -34,6 +36,10 @@ std::string WebClient::GetAcceptLangs(BrowserState* state) const {
   return std::string();
 }
 
+std::string WebClient::GetApplicationLocale() const {
+  return "en-US";
+}
+
 bool WebClient::IsAppSpecificURL(const GURL& url) const {
   return false;
 }
@@ -65,4 +71,8 @@ base::RefCountedStaticMemory* WebClient::GetDataResourceBytes(
   return nullptr;
 }
 
+NSString* WebClient::GetEarlyPageScript(WebViewType web_view_type) const {
+  return @"";
+}
+
 }  // namespace web
diff --git a/ios/web/public/web_state/crw_native_content.h b/ios/web/public/web_state/crw_native_content.h
new file mode 100644
index 0000000..61463d3
--- /dev/null
+++ b/ios/web/public/web_state/crw_native_content.h
@@ -0,0 +1,92 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_H_
+
+#import <UIKit/UIKit.h>
+
+#include "url/gurl.h"
+
+@protocol CRWNativeContentDelegate;
+
+// Abstract methods needed for manipulating native content in the web content
+// area.
+@protocol CRWNativeContent<NSObject>
+
+// The page title, meant for display to the user. Will return nil if not
+// available.
+- (NSString*)title;
+
+// The URL represented by the content being displayed.
+- (const GURL&)url;
+
+// The view to insert into the content area displayed to the user.
+- (UIView*)view;
+
+// Called when memory is low. Release anything (such as views) that can be
+// easily re-created to free up RAM.
+- (void)handleLowMemory;
+
+// Returns YES if there is currently a live view in the tab (e.g., the view
+// hasn't been discarded due to low memory).
+// NOTE: This should be used for metrics-gathering only; for any other purpose
+// callers should not know or care whether the view is live.
+- (BOOL)isViewAlive;
+
+// Reload any displayed data to ensure the view is up to date.
+- (void)reload;
+
+@optional
+
+// Optional method that allows to set CRWNativeContent delegate.
+- (void)setDelegate:(id<CRWNativeContentDelegate>)delegate;
+
+// Notifies the CRWNativeContent that it has been shown.
+- (void)wasShown;
+
+// Notifies the CRWNativeContent that it has been hidden.
+- (void)wasHidden;
+
+// Returns |YES| if CRWNativeContent wants the keyboard shield when the keyboard
+// is up.
+- (BOOL)wantsKeyboardShield;
+
+// Returns |YES| if CRWNativeContent wants the hint text displayed.
+// TODO(shreyasv): Remove this. This is chrome level concept and should not
+// exist in the web/ layer. crbug.com/374984.
+- (BOOL)wantsLocationBarHintText;
+
+// Dismisses on-screen keyboard if necessary.
+- (void)dismissKeyboard;
+
+// Dismisses any outstanding modal interaction elements (e.g. modal view
+// controllers, context menus, etc).
+- (void)dismissModals;
+
+// A native content controller should do any clean up at this time when
+// WebController closes.
+- (void)close;
+
+// Enables or disables usage of web views inside the native controller.
+- (void)setWebUsageEnabled:(BOOL)webUsageEnabled;
+
+// Enables or disables the scrolling in the native view (when available).
+- (void)setScrollEnabled:(BOOL)enabled;
+
+// Called when a snapshot of the content will be taken.
+- (void)willUpdateSnapshot;
+
+@end
+
+// CRWNativeContent delegate protocol.
+@protocol CRWNativeContentDelegate<NSObject>
+
+@optional
+// Called when the content supplies a new title.
+- (void)nativeContent:(id)content titleDidChange:(NSString*)title;
+
+@end
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_H_
diff --git a/ios/web/public/web_state/crw_native_content_provider.h b/ios/web/public/web_state/crw_native_content_provider.h
new file mode 100644
index 0000000..7d4a4cc
--- /dev/null
+++ b/ios/web/public/web_state/crw_native_content_provider.h
@@ -0,0 +1,34 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_PROVIDER_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_PROVIDER_H_
+#import <UIKit/UIKit.h>
+
+class GURL;
+
+@protocol CRWNativeContent;
+
+// Provide a controller to a native view representing a given URL.
+@protocol CRWNativeContentProvider
+
+// Returns whether the Provider has a controller for the given URL.
+- (BOOL)hasControllerForURL:(const GURL&)url;
+
+// Returns an autoreleased controller for driving a native view contained
+// within the web content area. This may return nil if the url is unsupported.
+// |url| will be of the form "chrome://foo".
+- (id<CRWNativeContent>)controllerForURL:(const GURL&)url;
+
+// Returns an autoreleased controller for driving a native view contained
+// within the web content area. The native view will contain an error page
+// with information appropriate for the problem described in |error|.
+// |isPost| indicates whether the error was for a post request.
+- (id<CRWNativeContent>)controllerForURL:(const GURL&)url
+                               withError:(NSError*)error
+                                  isPost:(BOOL)isPost;
+
+@end
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_CRW_NATIVE_CONTENT_PROVIDER_H_
diff --git a/ios/web/public/web_state/crw_web_controller_observer.h b/ios/web/public/web_state/crw_web_controller_observer.h
new file mode 100644
index 0000000..ded276d
--- /dev/null
+++ b/ios/web/public/web_state/crw_web_controller_observer.h
@@ -0,0 +1,89 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_CONTROLLER_OBSERVER_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_CONTROLLER_OBSERVER_H_
+
+#import <Foundation/Foundation.h>
+#include <string>
+
+@class CRWWebController;
+@class CRWWebViewProxy;
+class GURL;
+@class UIWebView;
+
+namespace base {
+class DictionaryValue;
+}
+
+// NOTE: When adding new methods to CRWWebControllerObserver, consider adding
+// them to WebStateObserver instead if they need to be surfaced to the public
+// API.
+@protocol CRWWebControllerObserver<NSObject>
+
+@optional
+
+// Supplies a text prefix to the CRWWebController to indicate which commands the
+// observer should receive using the handleCommand message.
+// Called only as the observer is added to its parent CRWWebController.
+@property(nonatomic, readonly) NSString* commandPrefix;
+
+// Called when the current page is loaded.
+// DEPRECATED: Use WebStateObserver instead.
+- (void)pageLoaded:(CRWWebController*)webController;
+
+// Called when a form is being submitted.
+- (void)documentSubmit:(CRWWebController*)webController
+              formName:(const std::string&)formName
+       userInteraction:(BOOL)userInteraction;
+
+// Called when the user is typing on a form field, with |error| indicating if
+// there is any error when parsing the form field information. Currently these
+// events will not be sent if the Disable Autofill experiment is set.
+- (void)formActivity:(CRWWebController*)webController
+            formName:(const std::string&)formName
+           fieldName:(const std::string&)fieldName
+                type:(const std::string&)type
+               value:(const std::string&)value
+               error:(bool)error;
+
+// Identical to |formActivity:formName:fieldName:type:value:error:|, but
+// indicates that the activity was triggered by typing the key specified by
+// |keyCode|.
+- (void)formActivity:(CRWWebController*)webController
+            formName:(const std::string&)formName
+           fieldName:(const std::string&)fieldName
+                type:(const std::string&)type
+               value:(const std::string&)value
+             keyCode:(int)keyCode
+               error:(bool)error;
+
+// The page requested autocomplete.
+- (void)requestAutocomplete:(CRWWebController*)webController
+                  sourceURL:(const GURL&)sourceURL
+                   formName:(const std::string&)formName
+            userInteraction:(BOOL)userInteraction;
+
+// Called when the web controller is about to close.
+- (void)webControllerWillClose:(CRWWebController*)webController;
+
+// Handle the command from page scripts. Return NO if the command was known to
+// be invalid. This will cause the page to be reset as a security precaution.
+// DEPRECATED: Use WebState::ScriptCommandCallback instead.
+- (BOOL)handleCommand:(const base::DictionaryValue&)command
+        webController:(CRWWebController*)webController
+    userIsInteracting:(BOOL)userIsInteracting
+            originURL:(const GURL&)originURL;
+
+// Gives CRWWebControllerObservers access to the CRWWebViewProxy.
+- (void)setWebViewProxy:(CRWWebViewProxy*)webView
+             controller:(CRWWebController*)webController;
+
+// Obtains the scripts that should be injected into pages ASAP when this
+// observer is active.
+- (Class)scriptManagerForEarlyInjection:(CRWWebController*)webController;
+
+@end
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_CONTROLLER_OBSERVER_H_
diff --git a/ios/web/public/web_state/crw_web_delegate.h b/ios/web/public/web_state/crw_web_delegate.h
new file mode 100644
index 0000000..991df4a
--- /dev/null
+++ b/ios/web/public/web_state/crw_web_delegate.h
@@ -0,0 +1,266 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_DELEGATE_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_DELEGATE_H_
+
+#import <UIKit/UIKit.h>
+#include <vector>
+
+#include "base/ios/block_types.h"
+#include "ios/web/public/favicon_url.h"
+#include "ios/web/public/ssl_status.h"
+#import "ios/web/public/web_state/crw_native_content.h"
+#include "ios/web/public/web_state/web_state.h"
+#include "ui/base/page_transition_types.h"
+
+class GURL;
+@class CRWSessionEntry;
+@class CRWWebController;
+
+namespace net {
+class HttpResponseHeaders;
+class SSLInfo;
+class X509Certificate;
+}
+
+namespace web {
+class BlockedPopupInfo;
+struct Referrer;
+struct WebLoadParams;
+}
+
+// Callback for -presentSSLError:forSSLStatus:onUrl:recoverable:callback:
+typedef void (^SSLErrorCallback)(BOOL);
+
+// Interface to perform cross window scripting on CRWWebController.
+@protocol CRWWebControllerScripting
+
+// Loads the HTML into the page.
+- (void)loadHTML:(NSString*)html;
+
+// Loads HTML in the page and presents it as if it was originating from the
+// URL itself. Should be used only in specific cases, where the injected html
+// is guaranteed to be some derived representation of the original content.
+- (void)loadHTMLForCurrentURL:(NSString*)html;
+
+// Stops loading the page.
+- (void)stopLoading;
+
+// TODO(eugenebut): rename -[CRWWebController close] method to avoid confusion.
+// Asks the delegate to be closed.
+- (void)orderClose;
+
+@end
+
+// Methods implemented by the delegate of the CRWWebController.
+@protocol CRWWebDelegate<NSObject>
+
+// Called when the page wants to open a new window by DOM (e.g. with
+// |window.open| JavaScript call or by clicking a link with |_blank| target) or
+// wants to open a window with a new tab. |inBackground| allows a page to force
+// a new window to open in the background. CRWSessionController's openedByDOM
+// property of the returned CRWWebController must be YES.
+- (CRWWebController*)webPageOrderedOpen:(const GURL&)url
+                               referrer:(const web::Referrer&)referrer
+                             windowName:(NSString*)windowName
+                           inBackground:(BOOL)inBackground;
+
+// Called when the page wants to open a new window by DOM.
+// CRWSessionController's openedByDOM property of the returned CRWWebController
+// must be YES.
+- (CRWWebController*)webPageOrderedOpenBlankWithReferrer:
+    (const web::Referrer&)referrer
+        inBackground:(BOOL)inBackground;
+
+// Called when the page calls window.close() on itself. Begin the shut-down
+// sequence for this controller.
+- (void)webPageOrderedClose;
+// Navigate forwards or backwards by delta pages.
+- (void)goDelta:(int)delta;
+// Opens a URL with the given parameters.
+- (void)openURLWithParams:(const web::WebState::OpenURLParams&)params;
+// Called when a link to an external app needs to be opened. Returns YES iff
+// |url| is launched in an external app.
+- (BOOL)openExternalURL:(const GURL&)url;
+
+// This method is called when a network request has an issue with the SSL
+// connection to present it to the user. The user will decide if the request
+// should continue or not and the callback should be invoked to let the backend
+// know.
+// The callback is safe to call until CRWWebController is closed.
+- (void)presentSSLError:(const net::SSLInfo&)info
+           forSSLStatus:(const web::SSLStatus&)status
+            recoverable:(BOOL)recoverable
+               callback:(SSLErrorCallback)shouldContinue;
+// Asked the delegate to present an error to the user because the
+// CRWWebController cannot verify the URL of the current page.
+- (void)presentSpoofingError;
+// This method is invoked whenever the system believes the URL is about to
+// change, or immediately after any unexpected change of the URL, prior to
+// updating the navigation manager's pending entry.
+// Phase will be LOAD_REQUESTED.
+- (void)webWillAddPendingURL:(const GURL&)url
+                  transition:(ui::PageTransition)transition;
+// This method is invoked after an update to the navigation manager's pending
+// URL, triggered whenever the system believes the URL is about to
+// change, or immediately after any unexpected change of the URL.
+// This can be followed by a call to webDidStartLoading (phase PAGE_LOADING) or
+// another call to webWillAddPendingURL and webDidAddPendingURL (phase still
+// LOAD_REQUESTED).
+- (void)webDidAddPendingURL;
+// Called when webWillStartLoadingURL was called, but something went wrong, and
+// webDidStartLoadingURL will now never be called.
+- (void)webCancelStartLoadingRequest;
+// Called when the page URL has changed. Phase will be PAGE_LOADING. Can be
+// followed by webDidFinishWithURL or webWillStartLoadingURL.
+// |updateHistory| is YES if the URL should be added to the history DB.
+// TODO(stuartmorgan): Remove or rename the history param; the history DB
+// isn't a web concept, so this shoud be expressed differently.
+- (void)webDidStartLoadingURL:(const GURL&)url
+          shouldUpdateHistory:(BOOL)updateHistory;
+// Called when the page finishes loading, with the URL, page title and load
+// success status. Phase will be PAGE_LOADED.
+// On the next navigation event, this will be followed by a call to
+// webWillStartLoadingURL.
+- (void)webDidFinishWithURL:(const GURL&)url
+                loadSuccess:(BOOL)loadSuccess;
+// Called when the page load was cancelled by page activity (before a success /
+// failure state is known). Phase will be PAGE_LOADED.
+- (void)webLoadCancelled:(const GURL&)url;
+// Called when a page updates its history stack using pushState or replaceState.
+// TODO(stuartmorgan): Generalize this to cover any change of URL without page
+// document change.
+- (void)webDidUpdateHistoryStateWithPageURL:(const GURL&)pageUrl;
+// Called when the page updates its icons.
+- (void)onUpdateFavicons:(const std::vector<web::FaviconURL>&)icons;
+// Called when a placeholder image should be displayed instead of the WebView.
+- (void)webController:(CRWWebController*)webController
+    retrievePlaceholderOverlayImage:(void (^)(UIImage*))block;
+// Consults the delegate whether a form should be resubmitted for a request.
+// Occurs when a POST request is reached when navigating through history.
+// Call |continueBlock| if a form should be resubmitted.
+// Call |cancelBlock| if a form should not be resubmitted.
+// Delegates must call either of these (just once) before the load will
+// continue.
+- (void)webController:(CRWWebController*)webController
+    onFormResubmissionForRequest:(NSURLRequest*)request
+                   continueBlock:(ProceduralBlock)continueBlock
+                     cancelBlock:(ProceduralBlock)cancelBlock;
+// Returns the unique id of the download request and starts downloading the
+// image at |url| without sending the cookies. Invokes |callback| on completion.
+- (int)downloadImageAtUrl:(const GURL&)url
+    maxBitmapSize:(uint32_t)maxBitmapSize
+         callback:(const web::WebState::ImageDownloadCallback&)callback;
+
+// ---------------------------------------------------------------------
+// TODO(rohitrao): Eliminate as many of the following delegate methods as
+// possible.  They only exist because the Tab and CRWWebController logic was
+// very intertwined. We should streamline the logic to jump between classes
+// less, then remove any delegate method that becomes unneccessary as a result.
+
+// Called when the page is reloaded.
+- (void)webWillReload;
+// Called when a page is loaded using loadWithParams.  In
+// |webWillInitiateLoadWithParams|, the |params| argument is non-const so that
+// the delegate can make changes if necessary.
+// TODO(rohitrao): This is not a great API.  Clean it up.
+- (void)webWillInitiateLoadWithParams:(web::WebLoadParams&)params;
+- (void)webDidUpdateSessionForLoadWithParams:(const web::WebLoadParams&)params
+                        wasInitialNavigation:(BOOL)initialNavigation;
+// Called from finishHistoryNavigationFromEntry.
+- (void)webWillFinishHistoryNavigationFromEntry:(CRWSessionEntry*)fromEntry;
+// Called when a page navigates backwards or forwards.
+- (void)webWillGoDelta:(int)delta;
+- (void)webDidPrepareForGoBack;
+// ---------------------------------------------------------------------
+
+
+@optional
+
+// Called to ask CRWWebDelegate if |CRWWebController| should open the given URL.
+// CRWWebDelegate can intercept the request by returning NO and processing URL
+// in own way.
+- (BOOL)webController:(CRWWebController*)webController
+        shouldOpenURL:(const GURL&)url
+      mainDocumentURL:(const GURL&)mainDocumentURL
+          linkClicked:(BOOL)linkClicked;
+
+// Called to ask if external URL should be opened. External URL is one that
+// cannot be presented by CRWWebController.
+- (BOOL)webController:(CRWWebController*)webController
+    shouldOpenExternalURL:(const GURL&)url;
+
+
+// Called when |url| is deemed suitable to be opened in a matching native app.
+// Needs to return whether |url| was opened in a matching native app.
+// The return value indicates if the native app was launched, not if a native
+// app was found.
+// TODO(shreyasv): Instead of having the CRWWebDelegate handle an external URL,
+// provide a hook/API to steal a URL navigation. That way the logic to determine
+// a URL as triggering a native app launch can also be moved.
+- (BOOL)urlTriggersNativeAppLaunch:(const GURL&)url
+                         sourceURL:(const GURL&)sourceURL;
+
+// Called to ask the delegate for a controller to display the given url,
+// which contained content that the UIWebView couldn't display. Returns
+// the native controller to display if the delegate can handle the url,
+// or nil otherwise.
+- (id<CRWNativeContent>)controllerForUnhandledContentAtURL:(const GURL&)url;
+
+// Called when the page supplies a new title.
+- (void)webController:(CRWWebController*)webController
+       titleDidChange:(NSString*)title;
+
+// Called when CRWWebController has detected a popup. If NO is returned then
+// popup will be shown, otherwise |webController:didBlockPopup:| will be called
+// and CRWWebDelegate will have a chance to unblock the popup later. NO is
+// assumed by default if this method is not implemented.
+- (BOOL)webController:(CRWWebController*)webController
+    shouldBlockPopupWithURL:(const GURL&)popupURL
+                  sourceURL:(const GURL&)sourceURL;
+
+// Called when CRWWebController has detected and blocked a popup. In order to
+// allow the blocked pop up CRWWebDelegate must call
+// |blockedPopupInfo.ShowPopup()| instead of attempting to open a new window.
+- (void)webController:(CRWWebController*)webController
+        didBlockPopup:(const web::BlockedPopupInfo&)blockedPopupInfo;
+
+// TODO(jimblackler): Create a DialogController and move dialog-related delegate
+// methods to CRWWebControllerObserver.
+
+// Called when CRWWebController will present a dialog (only if
+// kNotifyBeforeOpeningDialogs policy is set via
+// -[CRWWebController setPageDialogsOpenPolicy:] method).
+- (void)webControllerWillShowDialog:(CRWWebController*)webController;
+
+// Called when CRWWebController did suppress a dialog (only if kSuppressDialogs
+// policy is set via -[CRWWebController setPageDialogsOpenPolicy:] method).
+- (void)webControllerDidSuppressDialog:(CRWWebController*)webController;
+
+// Called to get CRWWebController of a child window by name.
+- (id<CRWWebControllerScripting>)webController:(CRWWebController*)webController
+              scriptingInterfaceForWindowNamed:(NSString*)windowName;
+
+// Called to retrieve the height of any header that is overlaying on top of the
+// web view. This can be used to implement, for e.g. a toolbar that changes
+// height dynamically. Returning a non-zero height affects the visible frame
+// shown by the CRWWebController. 0.0 is assumed if not implemented.
+- (CGFloat)headerHeightForWebController:(CRWWebController*)webController;
+
+// Called when CRWWebController updated the SSL status for the current
+// NagivationItem.
+- (void)webControllerDidUpdateSSLStatusForCurrentNavigationItem:
+    (CRWWebController*)webController;
+
+// Called when CRWWebController did update page load progress.
+- (void)webController:(CRWWebController*)webController
+    didUpdateProgress:(CGFloat)progress;
+
+// Called when web view process has been terminated.
+- (void)webControllerWebProcessDidCrash:(CRWWebController*)webController;
+
+@end
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_DELEGATE_H_
diff --git a/ios/web/public/web_state/crw_web_user_interface_delegate.h b/ios/web/public/web_state/crw_web_user_interface_delegate.h
new file mode 100644
index 0000000..443a24f
--- /dev/null
+++ b/ios/web/public/web_state/crw_web_user_interface_delegate.h
@@ -0,0 +1,64 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_USER_INTERFACE_DELEGATE_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_USER_INTERFACE_DELEGATE_H_
+
+#include <Foundation/Foundation.h>
+
+@class CRWWebController;
+class GURL;
+
+@protocol CRWWebUserInterfaceDelegate<NSObject>
+
+ @optional
+// The JavaScript panel selectors below are only called by the web controller
+// for builds with WKWebView enabled.
+
+// Displays a JavaScript alert with an OK button, showing the provided message.
+// |completionHandler| is called afer the OK button on the alert is tapped.  If
+// this selector isn't implemented, the completion handler provided by the web
+// view will be called without any UI displayed.
+- (void)webController:(CRWWebController*)webController
+    runJavaScriptAlertPanelWithMessage:(NSString*)message
+                            requestURL:(const GURL&)requestURL
+                     completionHandler:(void (^)(void))completionHandler;
+
+// Displays a JavaScript confirm alert with an OK and Cancel button, showing the
+// provided message.  |completionHandler| is called after a button is pressed,
+// with |isConfirmed| indicating whether OK was pressed.  If this selector isn't
+// implemented, the competion handler provided by the web view will be called
+// with |isConfirmed| = NO.
+- (void)webController:(CRWWebController*)webController
+    runJavaScriptConfirmPanelWithMessage:(NSString*)message
+                              requestURL:(const GURL&)requestURL
+                       completionHandler:
+        (void (^)(BOOL isConfirmed))completionHandler;
+
+// Displays a JavaScript input alert with an OK and Cancel button, showing the
+// provided message and placeholder text.  |completionHandler| is called after a
+// button is pressed.  If the OK button is pressed, |input| contains the user
+// text.  If the cancel but is pressed, |input| will be nil.  If this selector
+// isn't implemented, the completion handler provided by the web view will be
+// called with |input| = nil.
+- (void)webController:(CRWWebController*)webController
+    runJavaScriptTextInputPanelWithPrompt:(NSString*)message
+                          placeholderText:(NSString*)placeholderText
+                               requestURL:(const GURL&)requestURL
+                        completionHandler:
+        (void (^)(NSString* input))completionHandler;
+
+// Displays a context menu for DOM element. |point| and |view| represent the
+// location and UIView where the context menu was triggered by a user gesture.
+// |menuInfo| keys are defined in crw_context_menu_provider.h.
+// TODO(eugenebut): create DOMElement class (tag + attributes) and pass
+// it and referrer as separate arguments instead of |menuInfo|.
+- (void)webController:(CRWWebController*)webController
+       runContextMenu:(NSDictionary*)menuInfo
+              atPoint:(CGPoint)point
+               inView:(UIView*)view;
+
+@end
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_CRW_WEB_USER_INTERFACE_DELEGATE_H_
diff --git a/ios/web/public/web_state/js/crw_js_injection_evaluator.h b/ios/web/public/web_state/js/crw_js_injection_evaluator.h
index 724f1bd..3264b03 100644
--- a/ios/web/public/web_state/js/crw_js_injection_evaluator.h
+++ b/ios/web/public/web_state/js/crw_js_injection_evaluator.h
@@ -7,6 +7,8 @@
 
 #import <Foundation/Foundation.h>
 
+#include "ios/web/public/web_view_type.h"
+
 // The type of the completion handler block that is called from
 // |evaluateJavaScript:completionHandler|
 namespace web {
@@ -33,6 +35,10 @@ typedef void (^JavaScriptCompletion)(NSString*, NSError*);
 // the manager's script, and not for evaluating arbitrary JavaScript.
 - (void)injectScript:(NSString*)script forClass:(Class)jsInjectionManagerClass;
 
+// Returns type of web view used for evaluation. Must not change for the
+// lifetime of the object.
+- (web::WebViewType)webViewType;
+
 @end
 
 #endif  // IOS_WEB_PUBLIC_WEB_STATE_JS_CRW_JS_INJECTION_EVALUATOR_H_
diff --git a/ios/web/public/web_state/url_verification_constants.h b/ios/web/public/web_state/url_verification_constants.h
new file mode 100644
index 0000000..f973d56
--- /dev/null
+++ b/ios/web/public/web_state/url_verification_constants.h
@@ -0,0 +1,20 @@
+// Copyright 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_URL_VERIFICATION_CONSTANTS_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_URL_VERIFICATION_CONSTANTS_H_
+
+namespace web {
+enum URLVerificationTrustLevel {
+  // The returned URL cannot be trusted.
+  kNone,
+  // The returned URL can be displayed to the user, but the DOM of the
+  // UIWebView doesn't match yet.
+  kMixed,
+  // The returned URL can be trusted.
+  kAbsolute,
+};
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_URL_VERIFICATION_CONSTANTS_H_
diff --git a/ios/web/public/web_state/web_state_observer.h b/ios/web/public/web_state/web_state_observer.h
index ac6f9d2..443dcf1 100644
--- a/ios/web/public/web_state/web_state_observer.h
+++ b/ios/web/public/web_state/web_state_observer.h
@@ -5,6 +5,8 @@
 #ifndef IOS_WEB_PUBLIC_WEB_STATE_WEB_STATE_OBSERVER_H_
 #define IOS_WEB_PUBLIC_WEB_STATE_WEB_STATE_OBSERVER_H_
 
+#include <string>
+
 #include "base/macros.h"
 
 namespace web {
@@ -19,6 +21,10 @@ enum class PageLoadCompletionStatus : bool { SUCCESS = 0, FAILURE = 1 };
 // load events from WebState.
 class WebStateObserver {
  public:
+  // Key code associated to form events for which the key code is missing or
+  // irrelevant.
+  static int kInvalidFormKeyCode;
+
   // Returns the web state associated with this observer.
   WebState* web_state() const { return web_state_; }
 
@@ -32,12 +38,30 @@ class WebStateObserver {
   // Called when the current page is loaded.
   virtual void PageLoaded(PageLoadCompletionStatus load_completion_status) {}
 
+  // Called when the interstitial is dismissed by the user.
+  virtual void InsterstitialDismissed() {}
+
   // Called on URL hash change events.
   virtual void URLHashChanged() {}
 
   // Called on history state change events.
   virtual void HistoryStateChanged() {}
 
+  // Called on form submission. |user_interaction| is true if the user
+  // interacted with the page.
+  virtual void DocumentSubmitted(const std::string& form_name,
+                                 bool user_interaction) {}
+
+  // Called when the user is typing on a form field, with |error| indicating if
+  // there is any error when parsing the form field information.
+  // |key_code| may be kInvalidFormKeyCode if there is no key code.
+  virtual void FormActivityRegistered(const std::string& form_name,
+                                      const std::string& field_name,
+                                      const std::string& type,
+                                      const std::string& value,
+                                      int key_code,
+                                      bool error) {}
+
   // Invoked when the WebState is being destroyed. Gives subclasses a chance
   // to cleanup.
   virtual void WebStateDestroyed() {}
diff --git a/ios/web/public/web_state/web_state_observer_bridge.h b/ios/web/public/web_state/web_state_observer_bridge.h
new file mode 100644
index 0000000..0a2d2b9
--- /dev/null
+++ b/ios/web/public/web_state/web_state_observer_bridge.h
@@ -0,0 +1,75 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_STATE_WEB_STATE_OBSERVER_BRIDGE_H_
+#define IOS_WEB_PUBLIC_WEB_STATE_WEB_STATE_OBSERVER_BRIDGE_H_
+
+#import <Foundation/Foundation.h>
+
+#include <string>
+
+#import "base/ios/weak_nsobject.h"
+#import "ios/web/public/web_state/web_state_observer.h"
+
+// Observes page lifecyle events from Objective-C. To use as a
+// web::WebStateObserver, wrap in a web::WebStateObserverBridge.
+// NOTE: This is far from complete. Add new methods as needed.
+@protocol CRWWebStateObserver<NSObject>
+@optional
+
+// Page lifecycle methods. These are equivalent to the corresponding methods
+// in web::WebStateObserver.
+- (void)pageLoaded:(web::WebState*)webState;
+- (void)documentSubmitted:(web::WebState*)webState
+                 formName:(const std::string&)formName
+          userInteraction:(BOOL)userInteraction;
+- (void)formActivity:(web::WebState*)webState
+            formName:(const std::string&)formName
+           fieldName:(const std::string&)fieldName
+                type:(const std::string&)type
+               value:(const std::string&)value
+             keyCode:(int)keyCode
+               error:(BOOL)error;
+// Note: after |webStateDestroyed:| is invoked, the WebState being observed
+// is no longer valid.
+- (void)webStateDestroyed:(web::WebState*)webState;
+
+@end
+
+namespace web {
+
+class WebState;
+
+// Bridge to use an id<CRWWebStateObserver> as a web::WebStateObserver.
+// Will be added/removed as an observer of the underlying WebState during
+// construction/destruction. Instances should be owned by instances of the
+// class they're bridging.
+class WebStateObserverBridge : public web::WebStateObserver {
+ public:
+  WebStateObserverBridge(web::WebState* web_state,
+                         id<CRWWebStateObserver> observer);
+  ~WebStateObserverBridge() override;
+
+  // web::WebStateObserver:
+  // NOTE: This is far from complete. Add new methods as needed.
+  void PageLoaded(
+      web::PageLoadCompletionStatus load_completion_status) override;
+  void DocumentSubmitted(const std::string& form_name,
+                         bool user_interaction) override;
+  void FormActivityRegistered(const std::string& form_name,
+                              const std::string& field_name,
+                              const std::string& type,
+                              const std::string& value,
+                              int key_code,
+                              bool error) override;
+  void WebStateDestroyed() override;
+
+ private:
+  base::WeakNSProtocol<id<CRWWebStateObserver>> observer_;
+  DISALLOW_COPY_AND_ASSIGN(WebStateObserverBridge);
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_WEB_STATE_WEB_STATE_OBSERVER_BRIDGE_H_
diff --git a/ios/web/public/web_view_type.h b/ios/web/public/web_view_type.h
new file mode 100644
index 0000000..ba7ecf7
--- /dev/null
+++ b/ios/web/public/web_view_type.h
@@ -0,0 +1,20 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef IOS_WEB_PUBLIC_WEB_VIEW_TYPE_H_
+#define IOS_WEB_PUBLIC_WEB_VIEW_TYPE_H_
+
+namespace web {
+
+// Type of web view. Different web views may provide different capabilities.
+enum WebViewType {
+  // Web View is UIWebView.
+  UI_WEB_VIEW_TYPE = 1,
+  // Web View is WKWebView.
+  WK_WEB_VIEW_TYPE = 2,
+};
+
+}  // namespace web
+
+#endif  // IOS_WEB_PUBLIC_WEB_VIEW_TYPE_H_
diff --git a/ios/web/url_util.cc b/ios/web/url_util.cc
new file mode 100644
index 0000000..4bd2172
--- /dev/null
+++ b/ios/web/url_util.cc
@@ -0,0 +1,18 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/url_util.h"
+
+namespace web {
+
+GURL GURLByRemovingRefFromGURL(const GURL& full_url) {
+  if (!full_url.has_ref())
+    return full_url;
+
+  GURL::Replacements replacements;
+  replacements.ClearRef();
+  return full_url.ReplaceComponents(replacements);
+}
+
+}  // namespace web
diff --git a/ios/web/url_util_unittest.cc b/ios/web/url_util_unittest.cc
new file mode 100644
index 0000000..5dbf63e
--- /dev/null
+++ b/ios/web/url_util_unittest.cc
@@ -0,0 +1,16 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/url_util.h"
+
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace web {
+
+TEST(URLUtilTest, GURLByRemovingRefFromGURL) {
+  GURL url("http://foo.com/bar#baz");
+  EXPECT_EQ(GURL("http://foo.com/bar"), GURLByRemovingRefFromGURL(url));
+}
+
+}  // namespace web
diff --git a/ios/web/user_metrics.cc b/ios/web/user_metrics.cc
new file mode 100644
index 0000000..b6ac484
--- /dev/null
+++ b/ios/web/user_metrics.cc
@@ -0,0 +1,36 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ios/web/public/user_metrics.h"
+
+#include <vector>
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/metrics/user_metrics.h"
+#include "ios/web/public/web_thread.h"
+
+namespace web {
+
+void RecordAction(const base::UserMetricsAction& action) {
+  if (!WebThread::CurrentlyOn(WebThread::UI)) {
+    WebThread::PostTask(WebThread::UI, FROM_HERE,
+                        base::Bind(&web::RecordAction, action));
+    return;
+  }
+
+  base::RecordAction(action);
+}
+
+void RecordComputedAction(const std::string& action) {
+  if (!WebThread::CurrentlyOn(WebThread::UI)) {
+    WebThread::PostTask(WebThread::UI, FROM_HERE,
+                        base::Bind(&web::RecordComputedAction, action));
+    return;
+  }
+
+  base::RecordComputedAction(action);
+}
+
+}  // namespace web
diff --git a/ios/web/web_state/js/crw_js_injection_receiver.mm b/ios/web/web_state/js/crw_js_injection_receiver.mm
index 745fab8..0c03022 100644
--- a/ios/web/web_state/js/crw_js_injection_receiver.mm
+++ b/ios/web/web_state/js/crw_js_injection_receiver.mm
@@ -51,6 +51,10 @@
   [_evaluator injectScript:script forClass:jsInjectionManagerClass];
 }
 
+- (web::WebViewType)webViewType {
+  return [_evaluator webViewType];
+}
+
 - (CRWJSInjectionManager*)instanceOfClass:(Class)jsInjectionManagerClass {
   DCHECK(_managers);
   CRWJSInjectionManager* manager =
diff --git a/ios/web/web_state/web_state_observer.cc b/ios/web/web_state/web_state_observer.cc
index f6d5053..8e01065 100644
--- a/ios/web/web_state/web_state_observer.cc
+++ b/ios/web/web_state/web_state_observer.cc
@@ -9,6 +9,8 @@
 
 namespace web {
 
+int WebStateObserver::kInvalidFormKeyCode = -1;
+
 WebStateObserver::WebStateObserver(WebState* web_state) : web_state_(nullptr) {
   Observe(web_state);
 }
diff --git a/ios/web/web_state/web_state_observer_bridge.mm b/ios/web/web_state/web_state_observer_bridge.mm
new file mode 100644
index 0000000..c0b2db4
--- /dev/null
+++ b/ios/web/web_state/web_state_observer_bridge.mm
@@ -0,0 +1,63 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#import "ios/web/public/web_state/web_state_observer_bridge.h"
+
+namespace web {
+
+WebStateObserverBridge::WebStateObserverBridge(web::WebState* webState,
+                                               id<CRWWebStateObserver> observer)
+    : web::WebStateObserver(webState), observer_(observer) {
+}
+
+WebStateObserverBridge::~WebStateObserverBridge() {
+}
+
+void WebStateObserverBridge::PageLoaded(
+    web::PageLoadCompletionStatus load_completion_status) {
+  SEL selector = @selector(pageLoaded:);
+  if ([observer_ respondsToSelector:selector])
+    [observer_ pageLoaded:web_state()];
+}
+
+void WebStateObserverBridge::DocumentSubmitted(
+    const std::string& form_name, bool user_interaction) {
+  SEL selector = @selector(documentSubmitted:formName:userInteraction:);
+  if ([observer_ respondsToSelector:selector]) {
+    [observer_ documentSubmitted:web_state()
+                        formName:form_name
+                 userInteraction:user_interaction];
+  }
+}
+
+void WebStateObserverBridge::FormActivityRegistered(
+    const std::string& form_name,
+    const std::string& field_name,
+    const std::string& type,
+    const std::string& value,
+    int key_code,
+    bool error) {
+  SEL selector =
+      @selector(formActivity:formName:fieldName:type:value:keyCode:error:);
+  if ([observer_ respondsToSelector:selector]) {
+    [observer_ formActivity:web_state()
+                   formName:form_name
+                  fieldName:field_name
+                       type:type
+                      value:value
+                    keyCode:key_code
+                      error:error];
+  }
+}
+
+void WebStateObserverBridge::WebStateDestroyed() {
+  SEL selector = @selector(webStateDestroyed:);
+  if ([observer_ respondsToSelector:selector]) {
+    // |webStateDestroyed:| may delete |this|, so don't expect |this| to be
+    // valid afterwards.
+    [observer_ webStateDestroyed:web_state()];
+  }
+}
+
+}  // namespace web