Allow huge data: URIs only via WebView.loadDataWithBaseUrl

This CL removes WebView hack for allowing 20MB URLs to
be passed via IPC.

To maintain compatibility with legacy apps, passing long
data: URIs is still allowed via WebView.loadDataWithBaseUrl,
which passes them as a string to circumvent the URL
length limit. Data URI only goes from the browser side
to the renderer side, but not back, because "history url"
(or "virtual url" in Chromium terms) is used for representing
the URL in other IPC messages.

BUG=525697

Review URL: https://codereview.chromium.org/1497743005

Cr-Commit-Position: refs/heads/master@{#365454}

5 files changed, 105 insertions, 13 deletions

diff --git a/android_webview/browser/aw_browser_main_parts.cc b/android_webview/browser/aw_browser_main_parts.cc
index 7bba301..d0fe336c 100644
--- a/android_webview/browser/aw_browser_main_parts.cc
+++ b/android_webview/browser/aw_browser_main_parts.cc
@@ -24,7 +24,6 @@
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/result_codes.h"
-#include "content/public/common/url_utils.h"
 #include "media/base/android/media_client_android.h"
 #include "net/android/network_change_notifier_factory_android.h"
 #include "net/base/network_change_notifier.h"
@@ -89,14 +88,6 @@ void AwBrowserMainParts::PreMainMessageLoopRun() {
       new AwMediaClientAndroid(AwResource::GetConfigKeySystemUuidMapping()));
 
   content::RenderFrameHost::AllowInjectingJavaScriptForAndroidWebView();
-
-  // This is needed for WebView Classic backwards compatibility
-  // See crbug.com/298495. Also see crbug.com/525697 on why it is currently
-  // for single process mode only.
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kSingleProcess)) {
-    content::SetMaxURLChars(20 * 1024 * 1024);
-  }
 }
 
 bool AwBrowserMainParts::MainMessageLoopRun(int* result_code) {
diff --git a/android_webview/java/src/org/chromium/android_webview/AwContents.java b/android_webview/java/src/org/chromium/android_webview/AwContents.java
index 451e3bc..8ecc734 100644
--- a/android_webview/java/src/org/chromium/android_webview/AwContents.java
+++ b/android_webview/java/src/org/chromium/android_webview/AwContents.java
@@ -1471,9 +1471,6 @@ public class AwContents implements SmartClipProvider,
                 Log.wtf(TAG, "Unable to load data string " + data, e);
                 return;
             }
-            // When loading data with a non-data: base URL, WebView must allow renderers
-            // to access file: URLs.
-            nativeGrantFileSchemeAccesstoChildProcess(mNativeAwContents);
         }
         loadUrl(loadUrlParams);
     }
@@ -1492,6 +1489,7 @@ public class AwContents implements SmartClipProvider,
             // file:///android_res/ URLs. If AwSettings.getAllowFileAccess permits, it will also
             // allow access to file:// URLs (subject to OS level permission checks).
             params.setCanLoadLocalResources(true);
+            nativeGrantFileSchemeAccesstoChildProcess(mNativeAwContents);
         }
 
         // If we are reloading the same url, then set transition type as reload.
diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
index 703db51..9318746 100644
--- a/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/LoadDataWithBaseUrlTest.java
@@ -349,4 +349,24 @@ public class LoadDataWithBaseUrlTest extends AwTestBase {
             if (!tempImage.delete()) throw new AssertionError();
         }
     }
+
+    @SmallTest
+    @Feature({"AndroidWebView"})
+    public void testLoadLargeData() throws Throwable {
+        // Chrome only allows URLs up to 2MB in IPC. Test something larger than this.
+        // Note that the real URI may be significantly large if it gets encoded into
+        // base64.
+        final int kDataLength = 5 * 1024 * 1024;
+        StringBuilder doc = new StringBuilder();
+        doc.append("<html><head></head><body><!-- ");
+        int i = doc.length();
+        doc.setLength(i + kDataLength);
+        while (i < doc.length()) doc.setCharAt(i++, 'A');
+        doc.append("--><script>window.gotToEndOfBody=true;</script></body></html>");
+
+        enableJavaScriptOnUiThread(mAwContents);
+        loadDataWithBaseUrlSync(doc.toString(), "text/html", false, null, null);
+        assertEquals("true", executeJavaScriptAndWaitForResult(mAwContents, mContentsClient,
+                        "window.gotToEndOfBody"));
+    }
 }
diff --git a/android_webview/native/state_serializer.cc b/android_webview/native/state_serializer.cc
index 22139a2..fc9cf9b 100644
--- a/android_webview/native/state_serializer.cc
+++ b/android_webview/native/state_serializer.cc
@@ -34,7 +34,7 @@ namespace {
 // Sanity check value that we are restoring from a valid pickle.
 // This can potentially used as an actual serialization version number in the
 // future if we ever decide to support restoring from older versions.
-const uint32 AW_STATE_VERSION = 20130814;
+const uint32 AW_STATE_VERSION = 20151204;
 
 }  // namespace
 
@@ -179,6 +179,20 @@ bool WriteNavigationEntryToPickle(const content::NavigationEntry& entry,
   if (!pickle->WriteString(entry.GetBaseURLForDataURL().spec()))
     return false;
 
+  {
+    const char* data = nullptr;
+    size_t size = 0;
+    scoped_refptr<const base::RefCountedString> s = entry.GetDataURLAsString();
+    if (s) {
+      data = s->front_as<char>();
+      size = s->size();
+    }
+    // Even when |entry.GetDataForDataURL()| is null we still need to write a
+    // zero-length entry to ensure the fields all line up when read back in.
+    if (!pickle->WriteData(data, size))
+      return false;
+  }
+
   if (!pickle->WriteBool(static_cast<int>(entry.GetIsOverridingUserAgent())))
     return false;
 
@@ -261,6 +275,18 @@ bool RestoreNavigationEntryFromPickle(base::PickleIterator* iterator,
   }
 
   {
+    const char* data;
+    int size;
+    if (!iterator->ReadData(&data, &size))
+      return false;
+    if (size > 0) {
+      scoped_refptr<base::RefCountedString> ref = new base::RefCountedString();
+      ref->data().assign(data, size);
+      entry->SetDataURLAsString(ref);
+    }
+  }
+
+  {
     bool is_overriding_user_agent;
     if (!iterator->ReadBool(&is_overriding_user_agent))
       return false;
diff --git a/android_webview/native/state_serializer_unittest.cc b/android_webview/native/state_serializer_unittest.cc
index fd897d4..a9671c6 100644
--- a/android_webview/native/state_serializer_unittest.cc
+++ b/android_webview/native/state_serializer_unittest.cc
@@ -52,6 +52,7 @@ TEST(AndroidWebViewStateSerializerTest, TestNavigationEntrySerialization) {
   const bool has_post_data = true;
   const GURL original_request_url("http://original_request_url");
   const GURL base_url_for_data_url("http://base_url");
+  const string data_url_as_string("data:text/html;charset=utf-8;base64,");
   const bool is_overriding_user_agent = true;
   const base::Time timestamp = base::Time::FromInternalValue(12345);
   const int http_status_code = 404;
@@ -64,6 +65,11 @@ TEST(AndroidWebViewStateSerializerTest, TestNavigationEntrySerialization) {
   entry->SetHasPostData(has_post_data);
   entry->SetOriginalRequestURL(original_request_url);
   entry->SetBaseURLForDataURL(base_url_for_data_url);
+  {
+    scoped_refptr<base::RefCountedString> s = new base::RefCountedString();
+    s->data().assign(data_url_as_string);
+    entry->SetDataURLAsString(s);
+  }
   entry->SetIsOverridingUserAgent(is_overriding_user_agent);
   entry->SetTimestamp(timestamp);
   entry->SetHttpStatusCode(http_status_code);
@@ -86,9 +92,60 @@ TEST(AndroidWebViewStateSerializerTest, TestNavigationEntrySerialization) {
   EXPECT_EQ(has_post_data, copy->GetHasPostData());
   EXPECT_EQ(original_request_url, copy->GetOriginalRequestURL());
   EXPECT_EQ(base_url_for_data_url, copy->GetBaseURLForDataURL());
+  EXPECT_EQ(data_url_as_string, copy->GetDataURLAsString()->data());
   EXPECT_EQ(is_overriding_user_agent, copy->GetIsOverridingUserAgent());
   EXPECT_EQ(timestamp, copy->GetTimestamp());
   EXPECT_EQ(http_status_code, copy->GetHttpStatusCode());
 }
 
+TEST(AndroidWebViewStateSerializerTest, TestEmptyDataURLSerialization) {
+  // This is required for NavigationEntry::Create.
+  content::ContentClient content_client;
+  content::SetContentClient(&content_client);
+  content::ContentBrowserClient browser_client;
+  content::SetBrowserClientForTesting(&browser_client);
+
+  scoped_ptr<content::NavigationEntry> entry(
+      content::NavigationEntry::Create());
+  EXPECT_FALSE(entry->GetDataURLAsString());
+
+  base::Pickle pickle;
+  bool result = internal::WriteNavigationEntryToPickle(*entry, &pickle);
+  EXPECT_TRUE(result);
+
+  scoped_ptr<content::NavigationEntry> copy(content::NavigationEntry::Create());
+  base::PickleIterator iterator(pickle);
+  result = internal::RestoreNavigationEntryFromPickle(&iterator, copy.get());
+  EXPECT_TRUE(result);
+  EXPECT_FALSE(entry->GetDataURLAsString());
+}
+
+TEST(AndroidWebViewStateSerializerTest, TestHugeDataURLSerialization) {
+  // This is required for NavigationEntry::Create.
+  content::ContentClient content_client;
+  content::SetContentClient(&content_client);
+  content::ContentBrowserClient browser_client;
+  content::SetBrowserClientForTesting(&browser_client);
+
+  scoped_ptr<content::NavigationEntry> entry(
+      content::NavigationEntry::Create());
+  string huge_data_url(1024 * 1024 * 20 - 1, 'd');
+  huge_data_url.replace(0, strlen(url::kDataScheme), url::kDataScheme);
+  {
+    scoped_refptr<base::RefCountedString> s = new base::RefCountedString();
+    s->data().assign(huge_data_url);
+    entry->SetDataURLAsString(s);
+  }
+
+  base::Pickle pickle;
+  bool result = internal::WriteNavigationEntryToPickle(*entry, &pickle);
+  EXPECT_TRUE(result);
+
+  scoped_ptr<content::NavigationEntry> copy(content::NavigationEntry::Create());
+  base::PickleIterator iterator(pickle);
+  result = internal::RestoreNavigationEntryFromPickle(&iterator, copy.get());
+  EXPECT_TRUE(result);
+  EXPECT_EQ(huge_data_url, copy->GetDataURLAsString()->data());
+}
+
 }  // namespace android_webview