diff options
| author | dcheng <dcheng@chromium.org> | 2016-03-01 11:15:51 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-01 19:17:50 +0000 |
| commit | 9e24bd35f58fff1562b0784be8ab2e612ece6408 (patch) | |
| tree | 981bb6a7b8e8a68ce34ce9232b461ad4fa8f8a6b | |
| parent | 372f7658f370076484322aed8e15756cea64ee53 (diff) | |
| download | chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.zip chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.gz chromium_src-9e24bd35f58fff1562b0784be8ab2e612ece6408.tar.bz2 | |
Plumb the correct owner document through DocumentInit::m_owner.
The current code tries to determine the security origin to inherit (if
any) too late in document initialization. This results in strange and
hard to understand behavior.
For example, opener is not set until /after/ the document's security
context is already initialized. To make this work, initSecurityContext()
has a heuristic: if it should have inherited a security origin (e.g. the
URL is about:blank) but there's nothing to inherit from, it initializes
the security origin as unique, but then marks initialization as failed.
When the opener is /actually/ set, it then calls initSecurityContext()
again. Since the security context hasn't been marked as initialized yet,
the reinitialization is allowed to proceed, and now the frame inherits
its opener's security origin.
Rather than going through this elaborate dance, this CL gets rid of it
and proactively plumbs through the correct owner document to use. With
these changes:
- A security context can never be reinitialized. This requires passing
the opener around when creating new windows, so that DocumentLoader
can initialize the owner document correctly.
- javascript: URLs have different inheritance rules: the loading
machinery can now just directly pass in the correct owner document.
- The exception for reusing a Window object when navigating from the
initial empty Document has been removed: now it strictly follows the
spec and reuses it iff it is same-origin to the new Document.
BUG=583445
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
Review URL: https://codereview.chromium.org/1685003002
Cr-Commit-Position: refs/heads/master@{#378508}
61 files changed, 380 insertions, 329 deletions
diff --git a/chrome/browser/apps/app_browsertest.cc b/chrome/browser/apps/app_browsertest.cc index 5dc839e..0a044d7 100644 --- a/chrome/browser/apps/app_browsertest.cc +++ b/chrome/browser/apps/app_browsertest.cc @@ -271,7 +271,7 @@ const char kTestFilePath[] = "platform_apps/launch_files/test.txt"; // ash, so we test that it works here. IN_PROC_BROWSER_TEST_F(PlatformAppBrowserTest, CreateAndCloseAppWindow) { const Extension* extension = LoadAndLaunchPlatformApp("minimal", "Launched"); - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); CloseAppWindow(window); } @@ -771,7 +771,7 @@ IN_PROC_BROWSER_TEST_F(PlatformAppBrowserTest, AppWindowAdjustBoundsToBeVisibleOnScreen) { const Extension* extension = LoadAndLaunchPlatformApp("minimal", "Launched"); - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); // The screen bounds didn't change, the cached bounds didn't need to adjust. gfx::Rect cached_bounds(80, 100, 400, 400); diff --git a/chrome/browser/apps/app_browsertest_util.cc b/chrome/browser/apps/app_browsertest_util.cc index ebd9e5b..bb19614 100644 --- a/chrome/browser/apps/app_browsertest_util.cc +++ b/chrome/browser/apps/app_browsertest_util.cc @@ -194,16 +194,24 @@ size_t PlatformAppBrowserTest::GetAppWindowCountForApp( .size(); } -AppWindow* PlatformAppBrowserTest::CreateAppWindow(const Extension* extension) { - return CreateAppWindowFromParams(extension, AppWindow::CreateParams()); +AppWindow* PlatformAppBrowserTest::CreateAppWindow( + content::BrowserContext* context, + const Extension* extension) { + return CreateAppWindowFromParams(context, extension, + AppWindow::CreateParams()); } AppWindow* PlatformAppBrowserTest::CreateAppWindowFromParams( + content::BrowserContext* context, const Extension* extension, const AppWindow::CreateParams& params) { AppWindow* window = new AppWindow(browser()->profile(), new ChromeAppDelegate(true), extension); - window->Init(GURL(std::string()), new AppWindowContentsImpl(window), params); + ProcessManager* process_manager = ProcessManager::Get(context); + ExtensionHost* background_host = + process_manager->GetBackgroundHostForExtension(extension->id()); + window->Init(GURL(std::string()), new AppWindowContentsImpl(window), + background_host->host_contents()->GetMainFrame(), params); return window; } diff --git a/chrome/browser/apps/app_browsertest_util.h b/chrome/browser/apps/app_browsertest_util.h index df758de..5730ce5 100644 --- a/chrome/browser/apps/app_browsertest_util.h +++ b/chrome/browser/apps/app_browsertest_util.h @@ -16,6 +16,7 @@ class CommandLine; } namespace content { +class BrowserContext; class WebContents; } @@ -90,9 +91,11 @@ class PlatformAppBrowserTest : public ExtensionApiTest { size_t GetAppWindowCountForApp(const std::string& app_id); // Creates an empty app window for |extension|. - AppWindow* CreateAppWindow(const Extension* extension); + AppWindow* CreateAppWindow(content::BrowserContext* context, + const Extension* extension); - AppWindow* CreateAppWindowFromParams(const Extension* extension, + AppWindow* CreateAppWindowFromParams(content::BrowserContext* context, + const Extension* extension, const AppWindow::CreateParams& params); // Closes |window| and waits until it's gone. diff --git a/chrome/browser/apps/guest_view/web_view_browsertest.cc b/chrome/browser/apps/guest_view/web_view_browsertest.cc index cbb969f..71f9bb4 100644 --- a/chrome/browser/apps/guest_view/web_view_browsertest.cc +++ b/chrome/browser/apps/guest_view/web_view_browsertest.cc @@ -2047,7 +2047,7 @@ IN_PROC_BROWSER_TEST_P(WebViewTest, MAYBE_TearDownTest) { LoadAndLaunchPlatformApp("web_view/simple", "WebViewTest.LAUNCHED"); extensions::AppWindow* window = NULL; if (!GetAppWindowCount()) - window = CreateAppWindow(extension); + window = CreateAppWindow(browser()->profile(), extension); else window = GetFirstAppWindow(); CloseAppWindow(window); diff --git a/chrome/browser/extensions/api/tabs/ash_panel_contents.cc b/chrome/browser/extensions/api/tabs/ash_panel_contents.cc index cefc769..4279baa 100644 --- a/chrome/browser/extensions/api/tabs/ash_panel_contents.cc +++ b/chrome/browser/extensions/api/tabs/ash_panel_contents.cc @@ -14,6 +14,8 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/sessions/session_tab_helper.h" #include "content/public/browser/browser_context.h" +#include "content/public/browser/render_frame_host.h" +#include "content/public/browser/render_process_host.h" #include "content/public/browser/site_instance.h" #include "content/public/browser/web_contents.h" #include "extensions/browser/app_window/native_app_window.h" @@ -33,12 +35,15 @@ AshPanelContents::~AshPanelContents() { } void AshPanelContents::Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, const GURL& url) { url_ = url; - web_contents_.reset( - content::WebContents::Create(content::WebContents::CreateParams( - context, content::SiteInstance::CreateForURL(context, url_)))); + content::WebContents::CreateParams create_params( + context, creator_frame->GetSiteInstance()); + create_params.opener_render_process_id = creator_frame->GetProcess()->GetID(); + create_params.opener_render_frame_id = creator_frame->GetRoutingID(); + web_contents_.reset(content::WebContents::Create(create_params)); // Needed to give the web contents a Window ID. Extension APIs expect web // contents to have a Window ID. Also required for FaviconDriver to correctly diff --git a/chrome/browser/extensions/api/tabs/ash_panel_contents.h b/chrome/browser/extensions/api/tabs/ash_panel_contents.h index e137962..e789e50 100644 --- a/chrome/browser/extensions/api/tabs/ash_panel_contents.h +++ b/chrome/browser/extensions/api/tabs/ash_panel_contents.h @@ -37,7 +37,9 @@ class AshPanelContents ~AshPanelContents() override; // extensions::AppWindowContents - void Initialize(content::BrowserContext* context, const GURL& url) override; + void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, + const GURL& url) override; void LoadContents(int32_t creator_process_id) override; void NativeWindowChanged( extensions::NativeAppWindow* native_app_window) override; diff --git a/chrome/browser/extensions/api/tabs/tabs_api.cc b/chrome/browser/extensions/api/tabs/tabs_api.cc index de58f03..170def8 100644 --- a/chrome/browser/extensions/api/tabs/tabs_api.cc +++ b/chrome/browser/extensions/api/tabs/tabs_api.cc @@ -593,7 +593,8 @@ bool WindowsCreateFunction::RunSync() { AppWindow* app_window = new AppWindow( window_profile, new ChromeAppDelegate(true), extension()); AshPanelContents* ash_panel_contents = new AshPanelContents(app_window); - app_window->Init(urls[0], ash_panel_contents, create_params); + app_window->Init(urls[0], ash_panel_contents, render_frame_host(), + create_params); WindowController* window_controller = WindowControllerList::GetInstance()->FindWindowById( app_window->session_id().id()); diff --git a/chrome/browser/ui/ash/accelerator_commands_browsertest.cc b/chrome/browser/ui/ash/accelerator_commands_browsertest.cc index 43f33971..7bc172e 100644 --- a/chrome/browser/ui/ash/accelerator_commands_browsertest.cc +++ b/chrome/browser/ui/ash/accelerator_commands_browsertest.cc @@ -280,7 +280,7 @@ IN_PROC_BROWSER_TEST_P(AcceleratorCommandsPlatformAppFullscreenBrowserTest, extensions::AppWindow::CreateParams params; params.frame = extensions::AppWindow::FRAME_CHROME; extensions::AppWindow* app_window = - CreateAppWindowFromParams(extension, params); + CreateAppWindowFromParams(browser()->profile(), extension, params); extensions::NativeAppWindow* native_app_window = app_window->GetBaseWindow(); SetToInitialShowState(app_window); @@ -305,7 +305,7 @@ IN_PROC_BROWSER_TEST_P(AcceleratorCommandsPlatformAppFullscreenBrowserTest, extensions::AppWindow::CreateParams params; params.frame = extensions::AppWindow::FRAME_NONE; extensions::AppWindow* app_window = - CreateAppWindowFromParams(extension, params); + CreateAppWindowFromParams(browser()->profile(), extension, params); extensions::NativeAppWindow* native_app_window = app_window->GetBaseWindow(); ASSERT_TRUE(app_window->GetBaseWindow()->IsActive()); diff --git a/chrome/browser/ui/ash/keyboard_controller_browsertest.cc b/chrome/browser/ui/ash/keyboard_controller_browsertest.cc index 8915a39..0ae2d72 100644 --- a/chrome/browser/ui/ash/keyboard_controller_browsertest.cc +++ b/chrome/browser/ui/ash/keyboard_controller_browsertest.cc @@ -6,6 +6,7 @@ #include "base/command_line.h" #include "base/macros.h" #include "chrome/browser/apps/app_browsertest_util.h" +#include "chrome/browser/extensions/extension_service.h" #include "chrome/browser/profiles/profile_manager.h" #include "chrome/test/base/in_process_browser_test.h" #include "content/public/browser/render_widget_host_view.h" @@ -162,13 +163,20 @@ IN_PROC_BROWSER_TEST_F(VirtualKeyboardAppWindowTest, .Set("name", "test extension") .Set("version", "1") .Set("manifest_version", 2) + .Set("background", + extensions::DictionaryBuilder() + .Set("scripts", extensions::ListBuilder() + .Append("background.js") + .Build()) + .Build()) .Build()) .Build(); + extension_service()->AddExtension(extension.get()); extensions::AppWindow::CreateParams non_ime_params; non_ime_params.frame = extensions::AppWindow::FRAME_NONE; - extensions::AppWindow* non_ime_app_window = - CreateAppWindowFromParams(extension.get(), non_ime_params); + extensions::AppWindow* non_ime_app_window = CreateAppWindowFromParams( + browser()->profile(), extension.get(), non_ime_params); int non_ime_window_visible_height = non_ime_app_window->web_contents() ->GetRenderWidgetHostView() ->GetVisibleViewportSize() @@ -177,8 +185,8 @@ IN_PROC_BROWSER_TEST_F(VirtualKeyboardAppWindowTest, extensions::AppWindow::CreateParams ime_params; ime_params.frame = extensions::AppWindow::FRAME_NONE; ime_params.is_ime_window = true; - extensions::AppWindow* ime_app_window = - CreateAppWindowFromParams(extension.get(), ime_params); + extensions::AppWindow* ime_app_window = CreateAppWindowFromParams( + browser()->profile(), extension.get(), ime_params); int ime_window_visible_height = ime_app_window->web_contents() ->GetRenderWidgetHostView() ->GetVisibleViewportSize() diff --git a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_browsertest.cc b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_browsertest.cc index 824f2dc..6c04d0a 100644 --- a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_browsertest.cc +++ b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_browsertest.cc @@ -381,7 +381,7 @@ class ShelfAppBrowserTestNoDefaultBrowser : public ShelfAppBrowserTest { IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, LaunchUnpinned) { int item_count = shelf_model()->item_count(); const Extension* extension = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item = GetLastLauncherItem(); @@ -409,7 +409,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, LaunchPinned) { EXPECT_EQ(ash::STATUS_CLOSED, item.status); // Open a window. Confirm the item is now running. - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); ash::wm::ActivateWindow(window->GetNativeWindow()); ASSERT_EQ(item_count, shelf_model()->item_count()); item = *shelf_model()->ItemByID(shortcut_id); @@ -428,7 +428,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, PinRunning) { // Run. int item_count = shelf_model()->item_count(); const Extension* extension = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item1 = GetLastLauncherItem(); @@ -486,7 +486,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, UnpinRunning) { shelf_model()->ItemIndexByID(foo_id)); // Open a window. Confirm the item is now running. - AppWindow* window = CreateAppWindow(extension); + AppWindow* window = CreateAppWindow(browser()->profile(), extension); ash::wm::ActivateWindow(window->GetNativeWindow()); ASSERT_EQ(item_count, shelf_model()->item_count()); item = *shelf_model()->ItemByID(shortcut_id); @@ -515,7 +515,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, MultipleWindows) { // First run app. const Extension* extension = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window1 = CreateAppWindow(extension); + AppWindow* window1 = CreateAppWindow(browser()->profile(), extension); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item1 = GetLastLauncherItem(); @@ -525,7 +525,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, MultipleWindows) { EXPECT_EQ(2, GetNumApplicationMenuItems(item1)); // Title + 1 window // Add second window. - AppWindow* window2 = CreateAppWindow(extension); + AppWindow* window2 = CreateAppWindow(browser()->profile(), extension); // Confirm item stays. ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item2 = *shelf_model()->ItemByID(item_id); @@ -552,7 +552,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, MultipleApps) { // First run app. const Extension* extension1 = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window1 = CreateAppWindow(extension1); + AppWindow* window1 = CreateAppWindow(browser()->profile(), extension1); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item1 = GetLastLauncherItem(); @@ -563,7 +563,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, MultipleApps) { // Then run second app. const Extension* extension2 = LoadAndLaunchPlatformApp("launch_2", "Launched"); - AppWindow* window2 = CreateAppWindow(extension2); + AppWindow* window2 = CreateAppWindow(browser()->profile(), extension2); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item2 = GetLastLauncherItem(); @@ -594,7 +594,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, WindowActivation) { // First run app. const Extension* extension1 = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window1 = CreateAppWindow(extension1); + AppWindow* window1 = CreateAppWindow(browser()->profile(), extension1); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item1 = GetLastLauncherItem(); @@ -605,7 +605,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, WindowActivation) { // Then run second app. const Extension* extension2 = LoadAndLaunchPlatformApp("launch_2", "Launched"); - AppWindow* window2 = CreateAppWindow(extension2); + AppWindow* window2 = CreateAppWindow(browser()->profile(), extension2); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item2 = GetLastLauncherItem(); @@ -631,7 +631,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, WindowActivation) { EXPECT_TRUE(ash::wm::IsActiveWindow(window2->GetNativeWindow())); // Add window for app1. This will activate it. - AppWindow* window1b = CreateAppWindow(extension1); + AppWindow* window1b = CreateAppWindow(browser()->profile(), extension1); ash::wm::ActivateWindow(window1b->GetNativeWindow()); EXPECT_FALSE(ash::wm::IsActiveWindow(window1->GetNativeWindow())); EXPECT_FALSE(ash::wm::IsActiveWindow(window2->GetNativeWindow())); @@ -675,7 +675,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, PackagedAppClickBehaviorInMinimizeMode) { // Launch one platform app and create a window for it. const Extension* extension1 = LoadAndLaunchPlatformApp("launch", "Launched"); - AppWindow* window1 = CreateAppWindow(extension1); + AppWindow* window1 = CreateAppWindow(browser()->profile(), extension1); EXPECT_TRUE(window1->GetNativeWindow()->IsVisible()); EXPECT_TRUE(window1->GetBaseWindow()->IsActive()); @@ -711,7 +711,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, // Creating a second window of the same type should change the behavior so // that a click does not change the activation state. - AppWindow* window1a = CreateAppWindow(extension1); + AppWindow* window1a = CreateAppWindow(browser()->profile(), extension1); EXPECT_TRUE(window1a->GetNativeWindow()->IsVisible()); EXPECT_TRUE(window1a->GetBaseWindow()->IsActive()); // The first click does nothing. @@ -738,7 +738,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, AppPanelClickBehavior) { AppWindow::CreateParams params; params.window_type = AppWindow::WINDOW_TYPE_PANEL; params.focused = false; - AppWindow* panel = CreateAppWindowFromParams(extension1, params); + AppWindow* panel = + CreateAppWindowFromParams(browser()->profile(), extension1, params); EXPECT_TRUE(panel->GetNativeWindow()->IsVisible()); // Panels should not be active by default. EXPECT_FALSE(panel->GetBaseWindow()->IsActive()); @@ -769,7 +770,7 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, BrowserActivation) { // First run app. const Extension* extension1 = LoadAndLaunchPlatformApp("launch", "Launched"); - CreateAppWindow(extension1); + CreateAppWindow(browser()->profile(), extension1); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item1 = GetLastLauncherItem(); @@ -1366,7 +1367,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, AltNumberAppsTabbing) { // First run app. const Extension* extension1 = LoadAndLaunchPlatformApp("launch", "Launched"); - ui::BaseWindow* window1 = CreateAppWindow(extension1)->GetBaseWindow(); + ui::BaseWindow* window1 = + CreateAppWindow(browser()->profile(), extension1)->GetBaseWindow(); const ash::ShelfItem& item1 = GetLastLauncherItem(); ash::ShelfID app_id = item1.id; int app_index = shelf_model()->ItemIndexByID(app_id); @@ -1376,7 +1378,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, const Extension* extension2 = LoadAndLaunchPlatformApp("launch_2", "Launched"); - ui::BaseWindow* window2 = CreateAppWindow(extension2)->GetBaseWindow(); + ui::BaseWindow* window2 = + CreateAppWindow(browser()->profile(), extension2)->GetBaseWindow(); // By now the browser should be active. Issue Alt keystrokes several times to // see that we stay on that application. @@ -1386,7 +1389,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, ActivateShelfItem(app_index); EXPECT_TRUE(window1->IsActive()); - ui::BaseWindow* window1a = CreateAppWindow(extension1)->GetBaseWindow(); + ui::BaseWindow* window1a = + CreateAppWindow(browser()->profile(), extension1)->GetBaseWindow(); EXPECT_TRUE(window1a->IsActive()); EXPECT_FALSE(window1->IsActive()); @@ -1403,7 +1407,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, LaunchPanelWindow) { AppWindow::CreateParams params; params.window_type = AppWindow::WINDOW_TYPE_PANEL; params.focused = false; - AppWindow* window = CreateAppWindowFromParams(extension, params); + AppWindow* window = + CreateAppWindowFromParams(browser()->profile(), extension, params); ++item_count; ASSERT_EQ(item_count, shelf_model()->item_count()); const ash::ShelfItem& item = GetLastLauncherPanelItem(); @@ -1423,12 +1428,14 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, HiddenAppWindows) { // Create a hidden window. params.hidden = true; - AppWindow* window_1 = CreateAppWindowFromParams(extension, params); + AppWindow* window_1 = + CreateAppWindowFromParams(browser()->profile(), extension, params); EXPECT_EQ(item_count, shelf_model()->item_count()); // Create a visible window. params.hidden = false; - AppWindow* window_2 = CreateAppWindowFromParams(extension, params); + AppWindow* window_2 = + CreateAppWindowFromParams(browser()->profile(), extension, params); ++item_count; EXPECT_EQ(item_count, shelf_model()->item_count()); @@ -1458,7 +1465,8 @@ IN_PROC_BROWSER_TEST_F(LauncherPlatformAppBrowserTest, WindowAttentionStatus) { AppWindow::CreateParams params; params.window_type = AppWindow::WINDOW_TYPE_PANEL; params.focused = false; - AppWindow* panel = CreateAppWindowFromParams(extension, params); + AppWindow* panel = + CreateAppWindowFromParams(browser()->profile(), extension, params); EXPECT_TRUE(panel->GetNativeWindow()->IsVisible()); // Panels should not be active by default. EXPECT_FALSE(panel->GetBaseWindow()->IsActive()); diff --git a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc index 3281f89..0025260 100644 --- a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc +++ b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc @@ -72,6 +72,7 @@ #include "components/user_manager/fake_user_manager.h" #include "content/public/browser/web_contents_observer.h" #include "content/public/test/test_utils.h" +#include "content/public/test/web_contents_tester.h" #include "extensions/browser/app_window/app_window_contents.h" #include "extensions/browser/app_window/app_window_registry.h" #include "extensions/browser/app_window/native_app_window.h" @@ -745,13 +746,21 @@ class V1App : public TestBrowserWindow { // Upon destruction it will properly close the application. class V2App { public: - V2App(Profile* profile, const extensions::Extension* extension) { + V2App(Profile* profile, const extensions::Extension* extension) + : creator_web_contents_( + content::WebContentsTester::CreateTestWebContents(profile, + nullptr)) { window_ = new extensions::AppWindow(profile, new ChromeAppDelegate(true), extension); extensions::AppWindow::CreateParams params = extensions::AppWindow::CreateParams(); + // Note: normally, the creator RFH is the background page of the + // app/extension + // calling chrome.app.window.create. For unit testing purposes, just passing + // in a random RenderFrameHost is Good Enoughâ„¢. window_->Init(GURL(std::string()), - new extensions::AppWindowContentsImpl(window_), params); + new extensions::AppWindowContentsImpl(window_), + creator_web_contents_->GetMainFrame(), params); } virtual ~V2App() { @@ -763,6 +772,8 @@ class V2App { extensions::AppWindow* window() { return window_; } private: + scoped_ptr<content::WebContents> creator_web_contents_; + // The app window which represents the application. Note that the window // deletes itself asynchronously after window_->GetBaseWindow()->Close() gets // called. diff --git a/chrome/browser/ui/cocoa/apps/app_shim_menu_controller_mac_interactive_uitest.mm b/chrome/browser/ui/cocoa/apps/app_shim_menu_controller_mac_interactive_uitest.mm index 19ab345..72f333e 100644 --- a/chrome/browser/ui/cocoa/apps/app_shim_menu_controller_mac_interactive_uitest.mm +++ b/chrome/browser/ui/cocoa/apps/app_shim_menu_controller_mac_interactive_uitest.mm @@ -46,7 +46,7 @@ class AppShimMenuControllerUITest : public extensions::PlatformAppBrowserTest { // windows activate, because the test binary has a default activation policy // of "prohibited". app1_ = GetFirstAppWindow(); - app2_ = CreateAppWindow(extension); + app2_ = CreateAppWindow(browser()->profile(), extension); browser1_ = browser()->window(); browser2_ = (new Browser(Browser::CreateParams(profile())))->window(); browser2_->Show(); diff --git a/chrome/renderer/chrome_render_view_observer.cc b/chrome/renderer/chrome_render_view_observer.cc index 55a1a56..fdee41f 100644 --- a/chrome/renderer/chrome_render_view_observer.cc +++ b/chrome/renderer/chrome_render_view_observer.cc @@ -159,13 +159,13 @@ void ChromeRenderViewObserver::OnSetVisuallyDeemphasized(bool deemphasized) { } #endif -void ChromeRenderViewObserver::DidStartLoading() { +void ChromeRenderViewObserver::DidCommitProvisionalLoad( + blink::WebLocalFrame* frame, + bool is_new_navigation) { if ((render_view()->GetEnabledBindings() & content::BINDINGS_POLICY_WEB_UI) && !webui_javascript_.empty()) { - for (size_t i = 0; i < webui_javascript_.size(); ++i) { - render_view()->GetMainRenderFrame()->ExecuteJavaScript( - webui_javascript_[i]); - } + for (const auto& script : webui_javascript_) + render_view()->GetMainRenderFrame()->ExecuteJavaScript(script); webui_javascript_.clear(); } } diff --git a/chrome/renderer/chrome_render_view_observer.h b/chrome/renderer/chrome_render_view_observer.h index cdc15f3..370ac31 100644 --- a/chrome/renderer/chrome_render_view_observer.h +++ b/chrome/renderer/chrome_render_view_observer.h @@ -42,7 +42,8 @@ class ChromeRenderViewObserver : public content::RenderViewObserver { private: // RenderViewObserver implementation. bool OnMessageReceived(const IPC::Message& message) override; - void DidStartLoading() override; + void DidCommitProvisionalLoad(blink::WebLocalFrame* frame, + bool is_new_navigation) override; void Navigate(const GURL& url) override; #if !defined(OS_ANDROID) diff --git a/chrome/third_party/chromevox/third_party/closure-library/closure/goog/base.js b/chrome/third_party/chromevox/third_party/closure-library/closure/goog/base.js index 469414c..d358a28 100644 --- a/chrome/third_party/chromevox/third_party/closure-library/closure/goog/base.js +++ b/chrome/third_party/chromevox/third_party/closure-library/closure/goog/base.js @@ -491,7 +491,7 @@ goog.global.CLOSURE_BASE_PATH; * Whether to write out Closure's deps file. By default, the deps are written. * @type {boolean|undefined} */ -goog.global.CLOSURE_NO_DEPS; +goog.global.CLOSURE_NO_DEPS = true; /** diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc index 9ce6b84..4aaa592 100644 --- a/content/renderer/render_frame_impl.cc +++ b/content/renderer/render_frame_impl.cc @@ -814,14 +814,15 @@ RenderFrameImpl* RenderFrameImpl::CreateMainFrame( int32_t widget_routing_id, bool hidden, const blink::WebScreenInfo& screen_info, - CompositorDependencies* compositor_deps) { + CompositorDependencies* compositor_deps, + blink::WebFrame* opener) { // A main frame RenderFrame must have a RenderWidget. DCHECK_NE(MSG_ROUTING_NONE, widget_routing_id); RenderFrameImpl* render_frame = RenderFrameImpl::Create(render_view, routing_id); - WebLocalFrame* web_frame = - WebLocalFrame::create(blink::WebTreeScopeType::Document, render_frame); + WebLocalFrame* web_frame = WebLocalFrame::create( + blink::WebTreeScopeType::Document, render_frame, opener); render_frame->BindToWebFrame(web_frame); render_view->webview()->setMainFrame(web_frame); render_frame->render_widget_ = RenderWidget::CreateForFrame( @@ -870,7 +871,8 @@ void RenderFrameImpl::CreateFrame( replicated_state.scope, WebString::fromUTF8(replicated_state.name), WebString::fromUTF8(replicated_state.unique_name), replicated_state.sandbox_flags, render_frame, - previous_sibling_web_frame, frame_owner_properties); + previous_sibling_web_frame, frame_owner_properties, + ResolveOpener(opener_routing_id, nullptr)); // The RenderFrame is created and inserted into the frame tree in the above // call to createLocalChild. @@ -894,9 +896,6 @@ void RenderFrameImpl::CreateFrame( render_frame->BindToWebFrame(web_frame); CHECK(parent_routing_id != MSG_ROUTING_NONE || !web_frame->parent()); - WebFrame* opener = ResolveOpener(opener_routing_id, nullptr); - web_frame->setOpener(opener); - if (widget_params.routing_id != MSG_ROUTING_NONE) { CHECK(!web_frame->parent() || SiteIsolationPolicy::AreCrossProcessFramesPossible()); diff --git a/content/renderer/render_frame_impl.h b/content/renderer/render_frame_impl.h index 8a122b7..a458db6 100644 --- a/content/renderer/render_frame_impl.h +++ b/content/renderer/render_frame_impl.h @@ -166,7 +166,8 @@ class CONTENT_EXPORT RenderFrameImpl int32_t widget_routing_id, bool hidden, const blink::WebScreenInfo& screen_info, - CompositorDependencies* compositor_deps); + CompositorDependencies* compositor_deps, + blink::WebFrame* opener); // Creates a new RenderFrame with |routing_id|. If |proxy_routing_id| is // MSG_ROUTING_NONE, it creates the Blink WebLocalFrame and inserts it into diff --git a/content/renderer/render_frame_proxy.cc b/content/renderer/render_frame_proxy.cc index 67f65e3..6a1286e 100644 --- a/content/renderer/render_frame_proxy.cc +++ b/content/renderer/render_frame_proxy.cc @@ -89,6 +89,9 @@ RenderFrameProxy* RenderFrameProxy::CreateFrameProxy( return nullptr; } + blink::WebFrame* opener = + RenderFrameImpl::ResolveOpener(opener_routing_id, nullptr); + scoped_ptr<RenderFrameProxy> proxy( new RenderFrameProxy(routing_id, MSG_ROUTING_NONE)); RenderViewImpl* render_view = nullptr; @@ -98,8 +101,8 @@ RenderFrameProxy* RenderFrameProxy::CreateFrameProxy( if (!parent) { // Create a top level WebRemoteFrame. render_view = RenderViewImpl::FromRoutingID(render_view_routing_id); - web_frame = - blink::WebRemoteFrame::create(replicated_state.scope, proxy.get()); + web_frame = blink::WebRemoteFrame::create(replicated_state.scope, + proxy.get(), opener); render_view->webview()->setMainFrame(web_frame); render_widget = render_view->GetWidget(); } else { @@ -111,15 +114,11 @@ RenderFrameProxy* RenderFrameProxy::CreateFrameProxy( replicated_state.scope, blink::WebString::fromUTF8(replicated_state.name), blink::WebString::fromUTF8(replicated_state.unique_name), - replicated_state.sandbox_flags, proxy.get()); + replicated_state.sandbox_flags, proxy.get(), opener); render_view = parent->render_view(); render_widget = parent->render_widget(); } - blink::WebFrame* opener = - RenderFrameImpl::ResolveOpener(opener_routing_id, nullptr); - web_frame->setOpener(opener); - proxy->Init(web_frame, render_view, render_widget); // Initialize proxy's WebRemoteFrame with the security origin and other diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc index e7b433b..6b7de27 100644 --- a/content/renderer/render_view_impl.cc +++ b/content/renderer/render_view_impl.cc @@ -687,7 +687,7 @@ void RenderViewImpl::Initialize(const ViewMsg_New_Params& params, if (params.main_frame_routing_id != MSG_ROUTING_NONE) { main_render_frame_ = RenderFrameImpl::CreateMainFrame( this, params.main_frame_routing_id, params.main_frame_widget_routing_id, - params.hidden, screen_info(), compositor_deps_); + params.hidden, screen_info(), compositor_deps_, opener_frame); } if (params.proxy_routing_id != MSG_ROUTING_NONE) { @@ -700,11 +700,9 @@ void RenderViewImpl::Initialize(const ViewMsg_New_Params& params, main_render_frame_->set_render_frame_proxy(proxy); } else { CHECK(SiteIsolationPolicy::IsSwappedOutStateForbidden()); - // Pass MSG_ROUTING_NONE for opener, since actual opener (if any) will be - // set separately below. - RenderFrameProxy::CreateFrameProxy(params.proxy_routing_id, routing_id(), - MSG_ROUTING_NONE, MSG_ROUTING_NONE, - params.replicated_frame_state); + RenderFrameProxy::CreateFrameProxy( + params.proxy_routing_id, routing_id(), params.opener_frame_route_id, + MSG_ROUTING_NONE, params.replicated_frame_state); } } @@ -806,18 +804,13 @@ void RenderViewImpl::Initialize(const ViewMsg_New_Params& params, GetContentClient()->renderer()->RenderViewCreated(this); - // If we have an opener_frame but we weren't created by a renderer, then it's - // the browser asking us to set our opener to another frame. - if (opener_frame && !was_created_by_renderer) { - webview()->mainFrame()->setOpener(opener_frame); - - // Ensure that sandbox flags are inherited from an opener in a different - // process. In that case, the browser process will set any inherited - // sandbox flags in |replicated_frame_state|, so apply them here. - if (webview()->mainFrame()->isWebLocalFrame()) { - webview()->mainFrame()->toWebLocalFrame()->forceSandboxFlags( - params.replicated_frame_state.sandbox_flags); - } + // Ensure that sandbox flags are inherited from an opener in a different + // process. In that case, the browser process will set any inherited sandbox + // flags in |replicated_frame_state|, so apply them here. + if (opener_frame && !was_created_by_renderer && + webview()->mainFrame()->isWebLocalFrame()) { + webview()->mainFrame()->toWebLocalFrame()->forceSandboxFlags( + params.replicated_frame_state.sandbox_flags); } // If we are initially swapped out, navigate to kSwappedOutURL. diff --git a/content/shell/renderer/layout_test/blink_test_runner.cc b/content/shell/renderer/layout_test/blink_test_runner.cc index a2243f0..a00060d 100644 --- a/content/shell/renderer/layout_test/blink_test_runner.cc +++ b/content/shell/renderer/layout_test/blink_test_runner.cc @@ -842,7 +842,7 @@ void BlinkTestRunner::DidFailProvisionalLoad(WebLocalFrame* frame, // Public methods - ----------------------------------------------------------- -void BlinkTestRunner::Reset() { +void BlinkTestRunner::Reset(bool for_new_test) { // The proxy_ is always non-NULL, it is set right after construction. proxy_->set_widget(render_view()->GetWebView()); proxy_->Reset(); @@ -852,9 +852,11 @@ void BlinkTestRunner::Reset() { current_entry_indexes_.clear(); render_view()->ClearEditCommands(); - if (render_view()->GetWebView()->mainFrame()->isWebLocalFrame()) - render_view()->GetWebView()->mainFrame()->setName(WebString()); - render_view()->GetWebView()->mainFrame()->clearOpener(); + if (for_new_test) { + if (render_view()->GetWebView()->mainFrame()->isWebLocalFrame()) + render_view()->GetWebView()->mainFrame()->setName(WebString()); + render_view()->GetWebView()->mainFrame()->clearOpener(); + } // Resetting the internals object also overrides the WebPreferences, so we // have to sync them to WebKit again. @@ -1002,7 +1004,7 @@ void BlinkTestRunner::OnSessionHistory( void BlinkTestRunner::OnReset() { LayoutTestRenderProcessObserver::GetInstance()->test_interfaces()->ResetAll(); - Reset(); + Reset(true /* for_new_test */); // Navigating to about:blank will make sure that no new loads are initiated // by the renderer. render_view()->GetWebView()->mainFrame()->loadRequest( diff --git a/content/shell/renderer/layout_test/blink_test_runner.h b/content/shell/renderer/layout_test/blink_test_runner.h index fc5fe51..b2598fe 100644 --- a/content/shell/renderer/layout_test/blink_test_runner.h +++ b/content/shell/renderer/layout_test/blink_test_runner.h @@ -157,7 +157,12 @@ class BlinkTestRunner : public RenderViewObserver, blink::WebPoint ConvertDIPToNative( const blink::WebPoint& point_in_dip) const override; - void Reset(); + // Resets a RenderView to a known state for layout tests. It is used both when + // a RenderView is created and when reusing an existing RenderView for the + // next test case. + // When reusing an existing RenderView, |for_new_test| should be true, which + // also resets additional state, like the main frame's name and opener. + void Reset(bool for_new_test); void set_proxy(test_runner::WebTestProxyBase* proxy) { proxy_ = proxy; } test_runner::WebTestProxyBase* proxy() const { return proxy_; } diff --git a/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc b/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc index 90a06a0..41ecc12 100644 --- a/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc +++ b/content/shell/renderer/layout_test/layout_test_content_renderer_client.cc @@ -69,7 +69,7 @@ void LayoutTestContentRendererClient::RenderViewCreated( new ShellRenderViewObserver(render_view); BlinkTestRunner* test_runner = BlinkTestRunner::Get(render_view); - test_runner->Reset(); + test_runner->Reset(false /* for_new_test */); render_view->GetWebView()->setSpellCheckClient( test_runner->proxy()->GetSpellCheckClient()); diff --git a/extensions/browser/api/app_window/app_window_api.cc b/extensions/browser/api/app_window/app_window_api.cc index 3e9f45f..4f5ffa5 100644 --- a/extensions/browser/api/app_window/app_window_api.cc +++ b/extensions/browser/api/app_window/app_window_api.cc @@ -340,7 +340,8 @@ bool AppWindowCreateFunction::RunAsync() { AppWindow* app_window = AppWindowClient::Get()->CreateAppWindow(browser_context(), extension()); - app_window->Init(url, new AppWindowContentsImpl(app_window), create_params); + app_window->Init(url, new AppWindowContentsImpl(app_window), + render_frame_host(), create_params); if (ExtensionsBrowserClient::Get()->IsRunningInForcedAppMode() && !app_window->is_ime_window()) { diff --git a/extensions/browser/app_window/app_window.cc b/extensions/browser/app_window/app_window.cc index 0c0a45b..7294d6f 100644 --- a/extensions/browser/app_window/app_window.cc +++ b/extensions/browser/app_window/app_window.cc @@ -261,10 +261,11 @@ AppWindow::AppWindow(BrowserContext* context, void AppWindow::Init(const GURL& url, AppWindowContents* app_window_contents, + content::RenderFrameHost* creator_frame, const CreateParams& params) { // Initialize the render interface and web contents app_window_contents_.reset(app_window_contents); - app_window_contents_->Initialize(browser_context(), url); + app_window_contents_->Initialize(browser_context(), creator_frame, url); initial_url_ = url; diff --git a/extensions/browser/app_window/app_window.h b/extensions/browser/app_window/app_window.h index 6917c4d..e41575d 100644 --- a/extensions/browser/app_window/app_window.h +++ b/extensions/browser/app_window/app_window.h @@ -34,6 +34,7 @@ class DictionaryValue; namespace content { class BrowserContext; +class RenderFrameHost; class WebContents; } @@ -58,6 +59,7 @@ class AppWindowContents { // Called to initialize the WebContents, before the app window is created. virtual void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, const GURL& url) = 0; // Called to load the contents, after the app window is created. @@ -219,6 +221,7 @@ class AppWindow : public content::WebContentsDelegate, // |app_window_contents| will become owned by AppWindow. void Init(const GURL& url, AppWindowContents* app_window_contents, + content::RenderFrameHost* creator_frame, const CreateParams& params); const std::string& window_key() const { return window_key_; } diff --git a/extensions/browser/app_window/app_window_contents.cc b/extensions/browser/app_window/app_window_contents.cc index 7f1a7a1..3cb0cb8 100644 --- a/extensions/browser/app_window/app_window_contents.cc +++ b/extensions/browser/app_window/app_window_contents.cc @@ -27,12 +27,15 @@ AppWindowContentsImpl::AppWindowContentsImpl(AppWindow* host) AppWindowContentsImpl::~AppWindowContentsImpl() {} void AppWindowContentsImpl::Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, const GURL& url) { url_ = url; - web_contents_.reset( - content::WebContents::Create(content::WebContents::CreateParams( - context, content::SiteInstance::CreateForURL(context, url_)))); + content::WebContents::CreateParams create_params( + context, creator_frame->GetSiteInstance()); + create_params.opener_render_process_id = creator_frame->GetProcess()->GetID(); + create_params.opener_render_frame_id = creator_frame->GetRoutingID(); + web_contents_.reset(content::WebContents::Create(create_params)); Observe(web_contents_.get()); web_contents_->GetMutableRendererPrefs()-> diff --git a/extensions/browser/app_window/app_window_contents.h b/extensions/browser/app_window/app_window_contents.h index 37a4027..732197c 100644 --- a/extensions/browser/app_window/app_window_contents.h +++ b/extensions/browser/app_window/app_window_contents.h @@ -32,7 +32,9 @@ class AppWindowContentsImpl : public AppWindowContents, ~AppWindowContentsImpl() override; // AppWindowContents - void Initialize(content::BrowserContext* context, const GURL& url) override; + void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, + const GURL& url) override; void LoadContents(int32_t creator_process_id) override; void NativeWindowChanged(NativeAppWindow* native_app_window) override; void NativeWindowClosed() override; diff --git a/extensions/browser/app_window/test_app_window_contents.cc b/extensions/browser/app_window/test_app_window_contents.cc index 8d3f227..5613a20 100644 --- a/extensions/browser/app_window/test_app_window_contents.cc +++ b/extensions/browser/app_window/test_app_window_contents.cc @@ -16,8 +16,8 @@ TestAppWindowContents::~TestAppWindowContents() { } void TestAppWindowContents::Initialize(content::BrowserContext* context, - const GURL& url) { -} + content::RenderFrameHost* creator_frame, + const GURL& url) {} void TestAppWindowContents::LoadContents(int32_t creator_process_id) {} diff --git a/extensions/browser/app_window/test_app_window_contents.h b/extensions/browser/app_window/test_app_window_contents.h index f93b682..c118fe6 100644 --- a/extensions/browser/app_window/test_app_window_contents.h +++ b/extensions/browser/app_window/test_app_window_contents.h @@ -24,7 +24,9 @@ class TestAppWindowContents : public AppWindowContents { ~TestAppWindowContents() override; // apps:AppWindowContents: - void Initialize(content::BrowserContext* context, const GURL& url) override; + void Initialize(content::BrowserContext* context, + content::RenderFrameHost* creator_frame, + const GURL& url) override; void LoadContents(int32_t creator_process_id) override; void NativeWindowChanged(NativeAppWindow* native_app_window) override; void NativeWindowClosed() override; diff --git a/extensions/renderer/app_window_custom_bindings.cc b/extensions/renderer/app_window_custom_bindings.cc index 02df633..492731d 100644 --- a/extensions/renderer/app_window_custom_bindings.cc +++ b/extensions/renderer/app_window_custom_bindings.cc @@ -51,25 +51,13 @@ void AppWindowCustomBindings::GetFrame( if (!app_frame) return; - // TODO(jeremya): it doesn't really make sense to set the opener here, but we - // need to make sure the security origin is set up before returning the DOM - // reference. A better way to do this would be to have the browser pass the - // opener through so opener_id is set in RenderViewImpl's constructor. - content::RenderFrame* context_render_frame = context()->GetRenderFrame(); - if (!context_render_frame) - return; - - blink::WebFrame* opener = context_render_frame->GetWebFrame(); - blink::WebLocalFrame* app_web_frame = app_frame->GetWebFrame(); - app_web_frame->setOpener(opener); - if (notify_browser) { content::RenderThread::Get()->Send(new ExtensionHostMsg_AppWindowReady( app_frame->GetRenderView()->GetRoutingID())); } v8::Local<v8::Value> window = - app_web_frame->mainWorldScriptContext()->Global(); + app_frame->GetWebFrame()->mainWorldScriptContext()->Global(); args.GetReturnValue().Set(window); } diff --git a/third_party/WebKit/LayoutTests/http/tests/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin-expected.txt new file mode 100644 index 0000000..1b23574 --- /dev/null +++ b/third_party/WebKit/LayoutTests/http/tests/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin-expected.txt @@ -0,0 +1,4 @@ +ALERT: http://127.0.0.1:8000/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin.html +This test passes if the alerted location is the same origin as the main frame. + + diff --git a/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html b/third_party/WebKit/LayoutTests/http/tests/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin.html index 470c620..7d2f0c7 100644 --- a/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html +++ b/third_party/WebKit/LayoutTests/http/tests/security/synchronous-frame-load-in-javascript-url-inherits-correct-origin.html @@ -20,12 +20,10 @@ window.onload = function() location = "javascript:(" + function() { a = document.createElement("a"); a.href = "about:blank"; - e = document.createEvent("MouseEvent"); - e.initMouseEvent("click"); - a.dispatchEvent(e); + a.click(); return "<script>(" + function() { - opener.location = "javascript:alert(document.body.innerHTML)"; + opener.location = "javascript:alert(location)"; if (window.testRunner) setTimeout("testRunner.notifyDone()", 0); @@ -37,6 +35,6 @@ window.onload = function() </script> </head> <body> -This test passes if there's no alert dialog. +<p>This test passes if the alerted location is the same origin as the main frame. </body> </html> diff --git a/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-expected.txt b/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-expected.txt deleted file mode 100644 index 633e044..0000000 --- a/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-expected.txt +++ /dev/null @@ -1,2 +0,0 @@ -CONSOLE ERROR: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8080". Protocols, domains, and ports must match. -This test passes if there's no alert dialog. diff --git a/third_party/WebKit/Source/bindings/core/v8/V8PagePopupControllerBinding.cpp b/third_party/WebKit/Source/bindings/core/v8/V8PagePopupControllerBinding.cpp index b2a88bd..bd3db2a 100644 --- a/third_party/WebKit/Source/bindings/core/v8/V8PagePopupControllerBinding.cpp +++ b/third_party/WebKit/Source/bindings/core/v8/V8PagePopupControllerBinding.cpp @@ -9,8 +9,8 @@ #include "core/dom/ContextFeatures.h" #include "core/dom/Document.h" #include "core/dom/ExecutionContext.h" -#include "core/page/DOMWindowPagePopup.h" #include "core/page/PagePopupController.h" +#include "core/page/PagePopupSupplement.h" #include "platform/TraceEvent.h" namespace blink { @@ -21,7 +21,7 @@ void pagePopupControllerAttributeGetter(const v8::PropertyCallbackInfo<v8::Value { v8::Local<v8::Object> holder = info.Holder(); DOMWindow* impl = V8Window::toImpl(holder); - RefPtrWillBeRawPtr<PagePopupController> cppValue(DOMWindowPagePopup::pagePopupController(*impl)); + RefPtrWillBeRawPtr<PagePopupController> cppValue(PagePopupSupplement::pagePopupController(*toLocalDOMWindow(impl)->frame())); v8SetReturnValue(info, toV8(cppValue.get(), holder, info.GetIsolate())); } diff --git a/third_party/WebKit/Source/core/core.gypi b/third_party/WebKit/Source/core/core.gypi index 652a075..8c3ed0a 100644 --- a/third_party/WebKit/Source/core/core.gypi +++ b/third_party/WebKit/Source/core/core.gypi @@ -1915,8 +1915,6 @@ 'page/CreateWindow.h', 'page/CustomContextMenuProvider.cpp', 'page/CustomContextMenuProvider.h', - 'page/DOMWindowPagePopup.cpp', - 'page/DOMWindowPagePopup.h', 'page/DragController.cpp', 'page/DragData.cpp', 'page/EventSource.cpp', @@ -1939,6 +1937,8 @@ 'page/PagePopupClient.h', 'page/PagePopupController.cpp', 'page/PagePopupController.h', + 'page/PagePopupSupplement.cpp', + 'page/PagePopupSupplement.h', 'page/PageVisibilityState.cpp', 'page/PointerLockController.cpp', 'page/PointerLockController.h', diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp index a46c278a..e7f7e344 100644 --- a/third_party/WebKit/Source/core/dom/Document.cpp +++ b/third_party/WebKit/Source/core/dom/Document.cpp @@ -2804,8 +2804,8 @@ void Document::dispatchUnloadEvents() return; // Don't remove event listeners from a transitional empty document (see https://bugs.webkit.org/show_bug.cgi?id=28716 for more information). - bool keepEventListeners = m_frame->loader().stateMachine()->isDisplayingInitialEmptyDocument() && m_frame->loader().provisionalDocumentLoader() - && isSecureTransitionTo(m_frame->loader().provisionalDocumentLoader()->url()); + bool keepEventListeners = m_frame->loader().provisionalDocumentLoader() + && m_frame->shouldReuseDefaultView(m_frame->loader().provisionalDocumentLoader()->url()); if (!keepEventListeners) removeAllEventListenersRecursively(); } @@ -4916,17 +4916,9 @@ bool Document::useSecureKeyboardEntryWhenActive() const return m_useSecureKeyboardEntryWhenActive; } -void Document::initSecurityContext() -{ - initSecurityContext(DocumentInit(m_url, m_frame, contextDocument(), m_importsController)); -} - void Document::initSecurityContext(const DocumentInit& initializer) { - if (haveInitializedSecurityOrigin()) { - ASSERT(securityOrigin()); - return; - } + ASSERT(!securityOrigin()); if (initializer.isHostedInReservedIPRange()) setHostedInReservedIPRange(); @@ -4942,7 +4934,6 @@ void Document::initSecurityContext(const DocumentInit& initializer) // In the common case, create the security context from the currently // loading URL with a fresh content security policy. - m_cookieURL = m_url; enforceSandboxFlags(initializer.getSandboxFlags()); if (initializer.shouldEnforceStrictMixedContentChecking()) enforceStrictMixedContentChecking(); @@ -4951,7 +4942,25 @@ void Document::initSecurityContext(const DocumentInit& initializer) for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade()) addInsecureNavigationUpgrade(toUpgrade); } - setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url)); + + if (isSandboxed(SandboxOrigin)) { + m_cookieURL = m_url; + setSecurityOrigin(SecurityOrigin::createUnique()); + // If we're supposed to inherit our security origin from our owner, + // but we're also sandboxed, the only thing we inherit is the ability + // to load local resources. This lets about:blank iframes in file:// + // URL documents load images and other resources from the file system. + if (initializer.owner() && initializer.owner()->securityOrigin()->canLoadLocalResources()) + securityOrigin()->grantLoadLocalResources(); + } else if (initializer.owner()) { + m_cookieURL = initializer.owner()->cookieURL(); + // We alias the SecurityOrigins to match Firefox, see Bug 15313 + // https://bugs.webkit.org/show_bug.cgi?id=15313 + setSecurityOrigin(initializer.owner()->securityOrigin()); + } else { + m_cookieURL = m_url; + setSecurityOrigin(SecurityOrigin::create(m_url)); + } if (importsController()) { // If this document is an HTML import, grab a reference to it's master document's Content @@ -4983,32 +4992,6 @@ void Document::initSecurityContext(const DocumentInit& initializer) m_isSrcdocDocument = true; setBaseURLOverride(initializer.parentBaseURL()); } - - if (!shouldInheritSecurityOriginFromOwner(m_url)) - return; - - // If we do not obtain a meaningful origin from the URL, then we try to - // find one via the frame hierarchy. - - if (!initializer.owner()) { - didFailToInitializeSecurityOrigin(); - return; - } - - if (isSandboxed(SandboxOrigin)) { - // If we're supposed to inherit our security origin from our owner, - // but we're also sandboxed, the only thing we inherit is the ability - // to load local resources. This lets about:blank iframes in file:// - // URL documents load images and other resources from the file system. - if (initializer.owner()->securityOrigin()->canLoadLocalResources()) - securityOrigin()->grantLoadLocalResources(); - return; - } - - m_cookieURL = initializer.owner()->cookieURL(); - // We alias the SecurityOrigins to match Firefox, see Bug 15313 - // https://bugs.webkit.org/show_bug.cgi?id=15313 - setSecurityOrigin(initializer.owner()->securityOrigin()); } void Document::initContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityPolicy> csp) @@ -5027,6 +5010,12 @@ void Document::initContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityP contentSecurityPolicy()->bindToExecutionContext(this); } +bool Document::isSecureTransitionTo(const KURL& url) const +{ + RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); + return securityOrigin()->canAccess(other.get()); +} + bool Document::allowInlineEventHandlers(Node* node, EventListener* listener, const String& contextURL, const WTF::OrdinalNumber& contextLine) { bool allowedByHash = contentSecurityPolicy()->experimentalFeaturesEnabled() && contentSecurityPolicy()->allowScriptWithHash(listener->code()); diff --git a/third_party/WebKit/Source/core/dom/Document.h b/third_party/WebKit/Source/core/dom/Document.h index c28883b..74809e7 100644 --- a/third_party/WebKit/Source/core/dom/Document.h +++ b/third_party/WebKit/Source/core/dom/Document.h @@ -858,10 +858,10 @@ public: const SVGDocumentExtensions* svgExtensions(); SVGDocumentExtensions& accessSVGExtensions(); - void initSecurityContext(); - void initSecurityContext(const DocumentInit&); void initContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityPolicy> = nullptr); + bool isSecureTransitionTo(const KURL&) const; + bool allowInlineEventHandlers(Node*, EventListener*, const String& contextURL, const WTF::OrdinalNumber& contextLine); bool allowExecutingScripts(Node*); @@ -1089,6 +1089,7 @@ private: ScriptedAnimationController& ensureScriptedAnimationController(); ScriptedIdleTaskController& ensureScriptedIdleTaskController(); + void initSecurityContext(const DocumentInit&); SecurityContext& securityContext() final { return *this; } EventQueue* eventQueue() const final; diff --git a/third_party/WebKit/Source/core/dom/DocumentInit.cpp b/third_party/WebKit/Source/core/dom/DocumentInit.cpp index c75e302..0b86492 100644 --- a/third_party/WebKit/Source/core/dom/DocumentInit.cpp +++ b/third_party/WebKit/Source/core/dom/DocumentInit.cpp @@ -49,25 +49,16 @@ static Document* parentDocument(LocalFrame* frame) return &ownerElement->document(); } - -static Document* ownerDocument(LocalFrame* frame) +DocumentInit::DocumentInit(const KURL& url, LocalFrame* frame, WeakPtrWillBeRawPtr<Document> contextDocument, HTMLImportsController* importsController) + : DocumentInit(nullptr, url, frame, contextDocument, importsController) { - if (!frame) - return 0; - - Frame* ownerFrame = frame->tree().parent(); - if (!ownerFrame) - ownerFrame = frame->loader().opener(); - if (!ownerFrame || !ownerFrame->isLocalFrame()) - return 0; - return toLocalFrame(ownerFrame)->document(); } -DocumentInit::DocumentInit(const KURL& url, LocalFrame* frame, WeakPtrWillBeRawPtr<Document> contextDocument, HTMLImportsController* importsController) +DocumentInit::DocumentInit(PassRefPtrWillBeRawPtr<Document> ownerDocument, const KURL& url, LocalFrame* frame, WeakPtrWillBeRawPtr<Document> contextDocument, HTMLImportsController* importsController) : m_url(url) , m_frame(frame) , m_parent(parentDocument(frame)) - , m_owner(ownerDocument(frame)) + , m_owner(ownerDocument) , m_contextDocument(contextDocument) , m_importsController(importsController) , m_createNewRegistrationContext(false) diff --git a/third_party/WebKit/Source/core/dom/DocumentInit.h b/third_party/WebKit/Source/core/dom/DocumentInit.h index f166738..17f4910 100644 --- a/third_party/WebKit/Source/core/dom/DocumentInit.h +++ b/third_party/WebKit/Source/core/dom/DocumentInit.h @@ -48,7 +48,8 @@ class Settings; class CORE_EXPORT DocumentInit final { STACK_ALLOCATED(); public: - explicit DocumentInit(const KURL& = KURL(), LocalFrame* = 0, WeakPtrWillBeRawPtr<Document> = nullptr, HTMLImportsController* = 0); + DocumentInit(const KURL& = KURL(), LocalFrame* = nullptr, WeakPtrWillBeRawPtr<Document> contextDocument = nullptr, HTMLImportsController* = nullptr); + DocumentInit(PassRefPtrWillBeRawPtr<Document> ownerDocument, const KURL&, LocalFrame*, WeakPtrWillBeRawPtr<Document> contextDocument = nullptr, HTMLImportsController* = nullptr); DocumentInit(const DocumentInit&); ~DocumentInit(); diff --git a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp index eaa158d..669ea43 100644 --- a/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp +++ b/third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp @@ -14,7 +14,7 @@ RemoteSecurityContext::RemoteSecurityContext() { // RemoteSecurityContext's origin is expected to stay uninitialized until // we set it using replicated origin data from the browser process. - ASSERT(!haveInitializedSecurityOrigin()); + ASSERT(!securityOrigin()); // CSP will not be replicated for RemoteSecurityContexts, as it is moving // to the browser process. For now, initialize CSP to a default diff --git a/third_party/WebKit/Source/core/dom/SecurityContext.cpp b/third_party/WebKit/Source/core/dom/SecurityContext.cpp index a37ff6b..015f65d 100644 --- a/third_party/WebKit/Source/core/dom/SecurityContext.cpp +++ b/third_party/WebKit/Source/core/dom/SecurityContext.cpp @@ -32,8 +32,7 @@ namespace blink { SecurityContext::SecurityContext() - : m_haveInitializedSecurityOrigin(false) - , m_sandboxFlags(SandboxNone) + : m_sandboxFlags(SandboxNone) , m_hostedInReservedIPRange(false) , m_insecureRequestsPolicy(InsecureRequestsDoNotUpgrade) , m_enforceStrictMixedContentChecking(false) @@ -52,7 +51,6 @@ DEFINE_TRACE(SecurityContext) void SecurityContext::setSecurityOrigin(PassRefPtr<SecurityOrigin> securityOrigin) { m_securityOrigin = securityOrigin; - m_haveInitializedSecurityOrigin = true; } void SecurityContext::setContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityPolicy> contentSecurityPolicy) @@ -60,18 +58,6 @@ void SecurityContext::setContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSec m_contentSecurityPolicy = contentSecurityPolicy; } -bool SecurityContext::isSecureTransitionTo(const KURL& url) const -{ - // If we haven't initialized our security origin by now, this is probably - // a new window created via the API (i.e., that lacks an origin and lacks - // a place to inherit the origin from). - if (!haveInitializedSecurityOrigin()) - return true; - - RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); - return securityOrigin()->canAccess(other.get()); -} - void SecurityContext::enforceSandboxFlags(SandboxFlags mask) { m_sandboxFlags |= mask; diff --git a/third_party/WebKit/Source/core/dom/SecurityContext.h b/third_party/WebKit/Source/core/dom/SecurityContext.h index 1693b35..091d4a6 100644 --- a/third_party/WebKit/Source/core/dom/SecurityContext.h +++ b/third_party/WebKit/Source/core/dom/SecurityContext.h @@ -59,8 +59,6 @@ public: SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } ContentSecurityPolicy* contentSecurityPolicy() const { return m_contentSecurityPolicy.get(); } - bool isSecureTransitionTo(const KURL&) const; - // Explicitly override the security origin for this security context. // Note: It is dangerous to change the security origin of a script context // that already contains content. @@ -89,11 +87,7 @@ protected: void setContentSecurityPolicy(PassRefPtrWillBeRawPtr<ContentSecurityPolicy>); - void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; } - bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; } - private: - bool m_haveInitializedSecurityOrigin; RefPtr<SecurityOrigin> m_securityOrigin; RefPtrWillBeMember<ContentSecurityPolicy> m_contentSecurityPolicy; diff --git a/third_party/WebKit/Source/core/frame/LocalFrame.cpp b/third_party/WebKit/Source/core/frame/LocalFrame.cpp index 733d227..fa3f404 100644 --- a/third_party/WebKit/Source/core/frame/LocalFrame.cpp +++ b/third_party/WebKit/Source/core/frame/LocalFrame.cpp @@ -757,7 +757,12 @@ bool LocalFrame::isURLAllowed(const KURL& url) const bool LocalFrame::shouldReuseDefaultView(const KURL& url) const { - return loader().stateMachine()->isDisplayingInitialEmptyDocument() && document()->isSecureTransitionTo(url); + // Secure transitions can only happen when navigating from the initial empty + // document. + if (!loader().stateMachine()->isDisplayingInitialEmptyDocument()) + return false; + + return document()->isSecureTransitionTo(url); } void LocalFrame::removeSpellingMarkersUnderWords(const Vector<String>& words) diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp index 8868bda..4295483 100644 --- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp +++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp @@ -82,6 +82,19 @@ static bool isArchiveMIMEType(const String& mimeType) return equalIgnoringCase("multipart/related", mimeType); } +static bool shouldInheritSecurityOriginFromOwner(const KURL& url) +{ + // https://html.spec.whatwg.org/multipage/browsers.html#origin + // + // If a Document is the initial "about:blank" document + // The origin and effective script origin of the Document are those it + // was assigned when its browsing context was created. + // + // Note: We generalize this to all "blank" URLs and invalid URLs because we + // treat all of these URLs as about:blank. + return url.isEmpty() || url.protocolIsAbout(); +} + DocumentLoader::DocumentLoader(LocalFrame* frame, const ResourceRequest& req, const SubstituteData& substituteData) : m_frame(frame) , m_fetcher(FrameFetchContext::createContextAndFetcher(this)) @@ -458,7 +471,17 @@ void DocumentLoader::ensureWriter(const AtomicString& mimeType, const KURL& over // Prepare a DocumentInit before clearing the frame, because it may need to // inherit an aliased security context. - DocumentInit init(url(), m_frame); + Document* owner = nullptr; + // TODO(dcheng): This differs from the behavior of both IE and Firefox: the + // origin is inherited from the document that loaded the URL. + if (shouldInheritSecurityOriginFromOwner(url())) { + Frame* ownerFrame = m_frame->tree().parent(); + if (!ownerFrame) + ownerFrame = m_frame->loader().opener(); + if (ownerFrame && ownerFrame->isLocalFrame()) + owner = toLocalFrame(ownerFrame)->document(); + } + DocumentInit init(owner, url(), m_frame); init.withNewRegistrationContext(); m_frame->loader().clear(); ASSERT(m_frame->page()); @@ -467,7 +490,7 @@ void DocumentLoader::ensureWriter(const AtomicString& mimeType, const KURL& over if ((m_substituteData.isValid() && m_substituteData.forceSynchronousLoad()) || !Document::threadedParsingEnabledForTesting()) parsingPolicy = ForceSynchronousParsing; - m_writer = createWriterFor(0, init, mimeType, encoding, false, parsingPolicy); + m_writer = createWriterFor(init, mimeType, encoding, false, parsingPolicy); m_writer->setDocumentWasLoadedAsPartOfNavigation(); // This should be set before receivedFirstData(). @@ -732,7 +755,7 @@ void DocumentLoader::endWriting(DocumentWriter* writer) m_writer.clear(); } -PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const Document* ownerDocument, const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy parsingPolicy) +PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy parsingPolicy) { LocalFrame* frame = init.frame(); @@ -743,10 +766,6 @@ PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const Doc frame->setDOMWindow(LocalDOMWindow::create(*frame)); RefPtrWillBeRawPtr<Document> document = frame->localDOMWindow()->installNewDocument(mimeType, init); - if (ownerDocument) { - document->setCookieURL(ownerDocument->cookieURL()); - document->updateSecurityOrigin(ownerDocument->securityOrigin()); - } frame->loader().didBeginDocument(dispatch); @@ -761,9 +780,9 @@ const AtomicString& DocumentLoader::mimeType() const } // This is only called by FrameLoader::replaceDocumentWhileExecutingJavaScriptURL() -void DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit& init, const String& source, Document* ownerDocument) +void DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit& init, const String& source) { - m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_writer->encoding() : emptyAtom, true, ForceSynchronousParsing); + m_writer = createWriterFor(init, mimeType(), m_writer ? m_writer->encoding() : emptyAtom, true, ForceSynchronousParsing); if (!source.isNull()) m_writer->appendReplacingData(source); endWriting(m_writer.get()); diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.h b/third_party/WebKit/Source/core/loader/DocumentLoader.h index 3ef2733..132b3b1 100644 --- a/third_party/WebKit/Source/core/loader/DocumentLoader.h +++ b/third_party/WebKit/Source/core/loader/DocumentLoader.h @@ -73,7 +73,7 @@ public: unsigned long mainResourceIdentifier() const; - void replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit&, const String& source, Document*); + void replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit&, const String& source); const AtomicString& mimeType() const; @@ -153,7 +153,7 @@ protected: Vector<KURL> m_redirectChain; private: - static PassRefPtrWillBeRawPtr<DocumentWriter> createWriterFor(const Document* ownerDocument, const DocumentInit&, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy); + static PassRefPtrWillBeRawPtr<DocumentWriter> createWriterFor(const DocumentInit&, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy); void ensureWriter(const AtomicString& mimeType, const KURL& overridingURL = KURL()); void endWriting(DocumentWriter*); diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp index 39d15e7..12a6e1a 100644 --- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp +++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp @@ -330,7 +330,7 @@ void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc // Prepare a DocumentInit before clearing the frame, because it may need to // inherit an aliased security context. - DocumentInit init(m_frame->document()->url(), m_frame); + DocumentInit init(ownerDocument, m_frame->document()->url(), m_frame); init.withNewRegistrationContext(); stopAllLoaders(); @@ -348,7 +348,7 @@ void FrameLoader::replaceDocumentWhileExecutingJavaScriptURL(const String& sourc return; client()->transitionToCommittedForNewPage(); - documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source, ownerDocument); + documentLoader->replaceDocumentWhileExecutingJavaScriptURL(init, source); } void FrameLoader::receivedMainResourceRedirect(const KURL& newURL) diff --git a/third_party/WebKit/Source/core/page/CreateWindow.cpp b/third_party/WebKit/Source/core/page/CreateWindow.cpp index 9649f0f..1bebede 100644 --- a/third_party/WebKit/Source/core/page/CreateWindow.cpp +++ b/third_party/WebKit/Source/core/page/CreateWindow.cpp @@ -47,17 +47,11 @@ namespace blink { -static Frame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created) +static Frame* reuseExistingWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const AtomicString& frameName, NavigationPolicy policy) { - created = false; - - ASSERT(!features.dialog || request.frameName().isEmpty()); - ASSERT(request.resourceRequest().requestorOrigin() || openerFrame.document()->url().isEmpty()); - ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeAuxiliary); - - if (!request.frameName().isEmpty() && request.frameName() != "_blank" && policy == NavigationPolicyIgnore) { - if (Frame* frame = lookupFrame.findFrameForNavigation(request.frameName(), openerFrame)) { - if (request.frameName() != "_self") { + if (!frameName.isEmpty() && frameName != "_blank" && policy == NavigationPolicyIgnore) { + if (Frame* frame = lookupFrame.findFrameForNavigation(frameName, openerFrame)) { + if (frameName != "_self") { if (FrameHost* host = frame->host()) { if (host == openerFrame.host()) frame->page()->focusController().setFocusedFrame(frame); @@ -68,17 +62,11 @@ static Frame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, con return frame; } } + return nullptr; +} - // Sandboxed frames cannot open new auxiliary browsing contexts. - if (openerFrame.document()->isSandboxed(SandboxPopups)) { - // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. - openerFrame.document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.")); - return nullptr; - } - - if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows()) - return openerFrame.tree().top(); - +static Frame* createNewWindow(LocalFrame& openerFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created) +{ FrameHost* oldHost = openerFrame.host(); if (!oldHost) return nullptr; @@ -124,6 +112,37 @@ static Frame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, con return &frame; } +static Frame* createWindowHelper(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created) +{ + ASSERT(!features.dialog || request.frameName().isEmpty()); + ASSERT(request.resourceRequest().requestorOrigin() || openerFrame.document()->url().isEmpty()); + ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeAuxiliary); + + created = false; + + Frame* window = reuseExistingWindow(openerFrame, lookupFrame, request.frameName(), policy); + + if (!window) { + // Sandboxed frames cannot open new auxiliary browsing contexts. + if (openerFrame.document()->isSandboxed(SandboxPopups)) { + // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists. + openerFrame.document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.")); + return nullptr; + } + + if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows()) + window = openerFrame.tree().top(); + } + + if (window) { + if (shouldSetOpener == MaybeSetOpener) + window->client()->setOpener(&openerFrame); + return window; + } + + return createNewWindow(openerFrame, request, features, policy, shouldSetOpener, created); +} + DOMWindow* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures, LocalDOMWindow& callingWindow, LocalFrame& firstFrame, LocalFrame& openerFrame) { @@ -156,13 +175,10 @@ DOMWindow* createWindow(const String& urlString, const AtomicString& frameName, // the opener frame, and the name references a frame relative to the opener frame. bool created; ShouldSetOpener opener = windowFeatures.noopener ? NeverSetOpener : MaybeSetOpener; - Frame* newFrame = createWindow(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, opener, created); + Frame* newFrame = createWindowHelper(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, opener, created); if (!newFrame) return nullptr; - if (!windowFeatures.noopener) - newFrame->client()->setOpener(&openerFrame); - if (!newFrame->domWindow()->isInsecureScriptAccess(callingWindow, completedURL)) { if (!urlString.isEmpty() || created) newFrame->navigate(*callingWindow.document(), completedURL, false, hasUserGesture ? UserGestureStatus::Active : UserGestureStatus::None); @@ -188,11 +204,9 @@ void createWindowForRequest(const FrameLoadRequest& request, LocalFrame& openerF WindowFeatures features; bool created; - Frame* newFrame = createWindow(openerFrame, openerFrame, request, features, policy, shouldSetOpener, created); + Frame* newFrame = createWindowHelper(openerFrame, openerFrame, request, features, policy, shouldSetOpener, created); if (!newFrame) return; - if (shouldSetOpener == MaybeSetOpener) - newFrame->client()->setOpener(&openerFrame); if (shouldSendReferrer == MaybeSendReferrer) { // TODO(japhet): Does ReferrerPolicy need to be proagated for RemoteFrames? if (newFrame->isLocalFrame()) diff --git a/third_party/WebKit/Source/core/page/DOMWindowPagePopup.cpp b/third_party/WebKit/Source/core/page/PagePopupSupplement.cpp index 6fe0de5..59022be 100644 --- a/third_party/WebKit/Source/core/page/DOMWindowPagePopup.cpp +++ b/third_party/WebKit/Source/core/page/PagePopupSupplement.cpp @@ -28,49 +28,48 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "core/page/DOMWindowPagePopup.h" +#include "core/page/PagePopupSupplement.h" -#include "core/frame/LocalDOMWindow.h" #include "core/page/PagePopupController.h" namespace blink { -DOMWindowPagePopup::DOMWindowPagePopup(PagePopup& popup, PagePopupClient* popupClient) +PagePopupSupplement::PagePopupSupplement(PagePopup& popup, PagePopupClient* popupClient) : m_controller(PagePopupController::create(popup, popupClient)) { ASSERT(popupClient); } -DEFINE_EMPTY_DESTRUCTOR_WILL_BE_REMOVED(DOMWindowPagePopup); +DEFINE_EMPTY_DESTRUCTOR_WILL_BE_REMOVED(PagePopupSupplement); -const char* DOMWindowPagePopup::supplementName() +const char* PagePopupSupplement::supplementName() { - return "DOMWindowPagePopup"; + return "PagePopupSupplement"; } -PagePopupController* DOMWindowPagePopup::pagePopupController(DOMWindow& window) +PagePopupController* PagePopupSupplement::pagePopupController(LocalFrame& frame) { - DOMWindowPagePopup* supplement = static_cast<DOMWindowPagePopup*>(from(&toLocalDOMWindow(window), supplementName())); + PagePopupSupplement* supplement = static_cast<PagePopupSupplement*>(from(&frame, supplementName())); ASSERT(supplement); return supplement->m_controller.get(); } -void DOMWindowPagePopup::install(LocalDOMWindow& window, PagePopup& popup, PagePopupClient* popupClient) +void PagePopupSupplement::install(LocalFrame& frame, PagePopup& popup, PagePopupClient* popupClient) { ASSERT(popupClient); - provideTo(window, supplementName(), adoptPtrWillBeNoop(new DOMWindowPagePopup(popup, popupClient))); + provideTo(frame, supplementName(), adoptPtrWillBeNoop(new PagePopupSupplement(popup, popupClient))); } -void DOMWindowPagePopup::uninstall(LocalDOMWindow& window) +void PagePopupSupplement::uninstall(LocalFrame& frame) { - pagePopupController(window)->clearPagePopupClient(); - window.removeSupplement(supplementName()); + pagePopupController(frame)->clearPagePopupClient(); + frame.removeSupplement(supplementName()); } -DEFINE_TRACE(DOMWindowPagePopup) +DEFINE_TRACE(PagePopupSupplement) { visitor->trace(m_controller); - WillBeHeapSupplement<LocalDOMWindow>::trace(visitor); + WillBeHeapSupplement<LocalFrame>::trace(visitor); } } // namespace blink diff --git a/third_party/WebKit/Source/core/page/DOMWindowPagePopup.h b/third_party/WebKit/Source/core/page/PagePopupSupplement.h index b80d00a..a04f3b4 100644 --- a/third_party/WebKit/Source/core/page/DOMWindowPagePopup.h +++ b/third_party/WebKit/Source/core/page/PagePopupSupplement.h @@ -28,11 +28,11 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef DOMWindowPagePopup_h -#define DOMWindowPagePopup_h +#ifndef PagePopupSupplement_h +#define PagePopupSupplement_h #include "core/CoreExport.h" -#include "core/frame/LocalDOMWindow.h" +#include "core/frame/LocalFrame.h" #include "platform/Supplementable.h" #include "platform/heap/Handle.h" @@ -42,19 +42,20 @@ class PagePopup; class PagePopupClient; class PagePopupController; -class CORE_EXPORT DOMWindowPagePopup final : public NoBaseWillBeGarbageCollected<DOMWindowPagePopup>, public WillBeHeapSupplement<LocalDOMWindow> { - WILL_BE_USING_GARBAGE_COLLECTED_MIXIN(DOMWindowPagePopup); - USING_FAST_MALLOC_WILL_BE_REMOVED(DOMWindowPagePopup); +class CORE_EXPORT PagePopupSupplement final : public NoBaseWillBeGarbageCollected<PagePopupSupplement>, public WillBeHeapSupplement<LocalFrame> { + WILL_BE_USING_GARBAGE_COLLECTED_MIXIN(PagePopupSupplement); + USING_FAST_MALLOC_WILL_BE_REMOVED(PagePopupSupplement); + public: - static PagePopupController* pagePopupController(DOMWindow&); - static void install(LocalDOMWindow&, PagePopup&, PagePopupClient*); - static void uninstall(LocalDOMWindow&); - DECLARE_EMPTY_VIRTUAL_DESTRUCTOR_WILL_BE_REMOVED(DOMWindowPagePopup); + static PagePopupController* pagePopupController(LocalFrame&); + static void install(LocalFrame&, PagePopup&, PagePopupClient*); + static void uninstall(LocalFrame&); + DECLARE_EMPTY_VIRTUAL_DESTRUCTOR_WILL_BE_REMOVED(PagePopupSupplement); DECLARE_TRACE(); private: - DOMWindowPagePopup(PagePopup&, PagePopupClient*); + PagePopupSupplement(PagePopup&, PagePopupClient*); static const char* supplementName(); RefPtrWillBeMember<PagePopupController> m_controller; diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp index 771fe2c0..0528bfb 100644 --- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp +++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp @@ -680,16 +680,6 @@ WebView* WebLocalFrameImpl::view() const return viewImpl(); } -void WebLocalFrameImpl::setOpener(WebFrame* opener) -{ - WebFrame::setOpener(opener); - - // TODO(alexmos,dcheng): This should ASSERT(m_frame) once we no longer have - // provisional local frames. - if (m_frame && m_frame->document()) - m_frame->document()->initSecurityContext(); -} - WebDocument WebLocalFrameImpl::document() const { if (!frame() || !frame()->document()) @@ -1419,9 +1409,9 @@ WebString WebLocalFrameImpl::layerTreeAsText(bool showDebugInfo) const // WebLocalFrameImpl public --------------------------------------------------------- -WebLocalFrame* WebLocalFrame::create(WebTreeScopeType scope, WebFrameClient* client) +WebLocalFrame* WebLocalFrame::create(WebTreeScopeType scope, WebFrameClient* client, WebFrame* opener) { - return WebLocalFrameImpl::create(scope, client); + return WebLocalFrameImpl::create(scope, client, opener); } WebLocalFrame* WebLocalFrame::createProvisional(WebFrameClient* client, WebRemoteFrame* oldWebFrame, WebSandboxFlags flags, const WebFrameOwnerProperties& frameOwnerProperties) @@ -1429,9 +1419,10 @@ WebLocalFrame* WebLocalFrame::createProvisional(WebFrameClient* client, WebRemot return WebLocalFrameImpl::createProvisional(client, oldWebFrame, flags, frameOwnerProperties); } -WebLocalFrameImpl* WebLocalFrameImpl::create(WebTreeScopeType scope, WebFrameClient* client) +WebLocalFrameImpl* WebLocalFrameImpl::create(WebTreeScopeType scope, WebFrameClient* client, WebFrame* opener) { WebLocalFrameImpl* frame = new WebLocalFrameImpl(scope, client); + frame->setOpener(opener); #if ENABLE(OILPAN) return frame; #else diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.h b/third_party/WebKit/Source/web/WebLocalFrameImpl.h index 2e7a368..99b53e2 100644 --- a/third_party/WebKit/Source/web/WebLocalFrameImpl.h +++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.h @@ -92,7 +92,6 @@ public: bool hasHorizontalScrollbar() const override; bool hasVerticalScrollbar() const override; WebView* view() const override; - void setOpener(WebFrame*) override; WebDocument document() const override; WebPerformance performance() const override; bool dispatchBeforeUnloadEvent() override; @@ -261,7 +260,7 @@ public: void willBeDetached(); void willDetachParent(); - static WebLocalFrameImpl* create(WebTreeScopeType, WebFrameClient*); + static WebLocalFrameImpl* create(WebTreeScopeType, WebFrameClient*, WebFrame* opener); static WebLocalFrameImpl* createProvisional(WebFrameClient*, WebRemoteFrame*, WebSandboxFlags, const WebFrameOwnerProperties&); ~WebLocalFrameImpl() override; diff --git a/third_party/WebKit/Source/web/WebPagePopupImpl.cpp b/third_party/WebKit/Source/web/WebPagePopupImpl.cpp index e24b8b7..6b1faad 100644 --- a/third_party/WebKit/Source/web/WebPagePopupImpl.cpp +++ b/third_party/WebKit/Source/web/WebPagePopupImpl.cpp @@ -41,10 +41,10 @@ #include "core/layout/LayoutView.h" #include "core/loader/EmptyClients.h" #include "core/loader/FrameLoadRequest.h" -#include "core/page/DOMWindowPagePopup.h" #include "core/page/FocusController.h" #include "core/page/Page.h" #include "core/page/PagePopupClient.h" +#include "core/page/PagePopupSupplement.h" #include "modules/accessibility/AXObject.h" #include "modules/accessibility/AXObjectCacheImpl.h" #include "platform/EventDispatchForbiddenScope.h" @@ -294,7 +294,7 @@ bool WebPagePopupImpl::initializePage() cache->childrenChanged(&m_popupClient->ownerElement()); ASSERT(frame->localDOMWindow()); - DOMWindowPagePopup::install(*frame->localDOMWindow(), *this, m_popupClient); + PagePopupSupplement::install(*frame, *this, m_popupClient); ASSERT(m_popupClient->ownerElement().document().existingAXObjectCache() == frame->document()->existingAXObjectCache()); RefPtr<SharedBuffer> data = SharedBuffer::create(); @@ -514,8 +514,7 @@ void WebPagePopupImpl::closePopup() if (m_page) { toLocalFrame(m_page->mainFrame())->loader().stopAllLoaders(); - ASSERT(m_page->deprecatedLocalMainFrame()->localDOMWindow()); - DOMWindowPagePopup::uninstall(*m_page->deprecatedLocalMainFrame()->localDOMWindow()); + PagePopupSupplement::uninstall(*toLocalFrame(m_page->mainFrame())); } m_closing = true; diff --git a/third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp b/third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp index b39e219..4fc20e1 100644 --- a/third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp +++ b/third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp @@ -23,14 +23,15 @@ namespace blink { -WebRemoteFrame* WebRemoteFrame::create(WebTreeScopeType scope, WebRemoteFrameClient* client) +WebRemoteFrame* WebRemoteFrame::create(WebTreeScopeType scope, WebRemoteFrameClient* client, WebFrame* opener) { - return WebRemoteFrameImpl::create(scope, client); + return WebRemoteFrameImpl::create(scope, client, opener); } -WebRemoteFrameImpl* WebRemoteFrameImpl::create(WebTreeScopeType scope, WebRemoteFrameClient* client) +WebRemoteFrameImpl* WebRemoteFrameImpl::create(WebTreeScopeType scope, WebRemoteFrameClient* client, WebFrame* opener) { WebRemoteFrameImpl* frame = new WebRemoteFrameImpl(scope, client); + frame->setOpener(opener); #if ENABLE(OILPAN) return frame; #else @@ -600,9 +601,9 @@ WebString WebRemoteFrameImpl::layerTreeAsText(bool showDebugInfo) const return WebString(); } -WebLocalFrame* WebRemoteFrameImpl::createLocalChild(WebTreeScopeType scope, const WebString& name, const WebString& uniqueName, WebSandboxFlags sandboxFlags, WebFrameClient* client, WebFrame* previousSibling, const WebFrameOwnerProperties& frameOwnerProperties) +WebLocalFrame* WebRemoteFrameImpl::createLocalChild(WebTreeScopeType scope, const WebString& name, const WebString& uniqueName, WebSandboxFlags sandboxFlags, WebFrameClient* client, WebFrame* previousSibling, const WebFrameOwnerProperties& frameOwnerProperties, WebFrame* opener) { - WebLocalFrameImpl* child = toWebLocalFrameImpl(WebLocalFrame::create(scope, client)); + WebLocalFrameImpl* child = WebLocalFrameImpl::create(scope, client, opener); WillBeHeapHashMap<WebFrame*, OwnPtrWillBeMember<FrameOwner>>::AddResult result = m_ownersForChildren.add(child, RemoteBridgeFrameOwner::create(child, static_cast<SandboxFlags>(sandboxFlags), frameOwnerProperties)); insertAfter(child, previousSibling); @@ -624,9 +625,9 @@ void WebRemoteFrameImpl::initializeCoreFrame(FrameHost* host, FrameOwner* owner, m_frame->tree().setPrecalculatedName(name, uniqueName); } -WebRemoteFrame* WebRemoteFrameImpl::createRemoteChild(WebTreeScopeType scope, const WebString& name, const WebString& uniqueName, WebSandboxFlags sandboxFlags, WebRemoteFrameClient* client) +WebRemoteFrame* WebRemoteFrameImpl::createRemoteChild(WebTreeScopeType scope, const WebString& name, const WebString& uniqueName, WebSandboxFlags sandboxFlags, WebRemoteFrameClient* client, WebFrame* opener) { - WebRemoteFrameImpl* child = toWebRemoteFrameImpl(WebRemoteFrame::create(scope, client)); + WebRemoteFrameImpl* child = WebRemoteFrameImpl::create(scope, client, opener); WillBeHeapHashMap<WebFrame*, OwnPtrWillBeMember<FrameOwner>>::AddResult result = m_ownersForChildren.add(child, RemoteBridgeFrameOwner::create(nullptr, static_cast<SandboxFlags>(sandboxFlags), WebFrameOwnerProperties())); appendChild(child); diff --git a/third_party/WebKit/Source/web/WebRemoteFrameImpl.h b/third_party/WebKit/Source/web/WebRemoteFrameImpl.h index 6b7930a..15948b0 100644 --- a/third_party/WebKit/Source/web/WebRemoteFrameImpl.h +++ b/third_party/WebKit/Source/web/WebRemoteFrameImpl.h @@ -23,7 +23,7 @@ class RemoteFrame; class WebRemoteFrameImpl final : public WebFrameImplBase, public WebRemoteFrame { public: - static WebRemoteFrameImpl* create(WebTreeScopeType, WebRemoteFrameClient*); + static WebRemoteFrameImpl* create(WebTreeScopeType, WebRemoteFrameClient*, WebFrame* opener); ~WebRemoteFrameImpl() override; // WebFrame methods: @@ -152,8 +152,8 @@ public: static WebRemoteFrameImpl* fromFrame(RemoteFrame&); // WebRemoteFrame methods: - WebLocalFrame* createLocalChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebFrameClient*, WebFrame* previousSibling, const WebFrameOwnerProperties&) override; - WebRemoteFrame* createRemoteChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebRemoteFrameClient*) override; + WebLocalFrame* createLocalChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebFrameClient*, WebFrame* previousSibling, const WebFrameOwnerProperties&, WebFrame* opener) override; + WebRemoteFrame* createRemoteChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebRemoteFrameClient*, WebFrame* opener) override; void initializeFromFrame(WebLocalFrame*) const override; diff --git a/third_party/WebKit/Source/web/tests/FrameTestHelpers.cpp b/third_party/WebKit/Source/web/tests/FrameTestHelpers.cpp index 7ab13dc..cf2bf9a 100644 --- a/third_party/WebKit/Source/web/tests/FrameTestHelpers.cpp +++ b/third_party/WebKit/Source/web/tests/FrameTestHelpers.cpp @@ -102,6 +102,19 @@ TestWebViewClient* defaultWebViewClient() return &client; } +// |uniqueName| is normally calculated in a somewhat complicated way by the +// FrameTree class, but for test purposes the approximation below should be +// close enough. +String nameToUniqueName(const String& name) +{ + static int uniqueNameCounter = 0; + StringBuilder uniqueName; + uniqueName.append(name); + uniqueName.append(" "); + uniqueName.appendNumber(uniqueNameCounter++); + return uniqueName.toString(); +} + } // namespace void loadFrame(WebFrame* frame, const std::string& url) @@ -147,15 +160,12 @@ WebLocalFrame* createLocalChild(WebRemoteFrame* parent, const WebString& name, W if (!client) client = defaultWebFrameClient(); - // |uniqueName| is normally calculated in a somewhat complicated way by the - // FrameTree class, but for test purposes the approximation below should be - // close enough. - static int uniqueNameCounter = 0; - StringBuilder uniqueName; - uniqueName.append(name); - uniqueName.appendNumber(uniqueNameCounter++); + return parent->createLocalChild(WebTreeScopeType::Document, name, nameToUniqueName(name), WebSandboxFlags::None, client, previousSibling, properties, nullptr); +} - return parent->createLocalChild(WebTreeScopeType::Document, name, uniqueName.toString(), WebSandboxFlags::None, client, previousSibling, properties); +WebRemoteFrame* createRemoteChild(WebRemoteFrame* parent, WebRemoteFrameClient* client, const WebString& name) +{ + return parent->createRemoteChild(WebTreeScopeType::Document, name, nameToUniqueName(name), WebSandboxFlags::None, client, nullptr); } WebViewHelper::WebViewHelper(SettingOverrider* settingOverrider) @@ -170,7 +180,7 @@ WebViewHelper::~WebViewHelper() reset(); } -WebViewImpl* WebViewHelper::initialize(bool enableJavascript, TestWebFrameClient* webFrameClient, TestWebViewClient* webViewClient, void (*updateSettingsFunc)(WebSettings*)) +WebViewImpl* WebViewHelper::initializeWithOpener(WebFrame* opener, bool enableJavascript, TestWebFrameClient* webFrameClient, TestWebViewClient* webViewClient, void (*updateSettingsFunc)(WebSettings*)) { reset(); @@ -195,7 +205,7 @@ WebViewImpl* WebViewHelper::initialize(bool enableJavascript, TestWebFrameClient m_settingOverrider->overrideSettings(m_webView->settings()); m_webView->setDeviceScaleFactor(webViewClient->screenInfo().deviceScaleFactor); m_webView->setDefaultPageScaleLimits(1, 4); - WebLocalFrame* frame = WebLocalFrameImpl::create(WebTreeScopeType::Document, webFrameClient); + WebLocalFrame* frame = WebLocalFrameImpl::create(WebTreeScopeType::Document, webFrameClient, opener); m_webView->setMainFrame(frame); // TODO(dcheng): The main frame widget currently has a special case. // Eliminate this once WebView is no longer a WebWidget. @@ -206,6 +216,11 @@ WebViewImpl* WebViewHelper::initialize(bool enableJavascript, TestWebFrameClient return m_webView; } +WebViewImpl* WebViewHelper::initialize(bool enableJavascript, TestWebFrameClient* webFrameClient, TestWebViewClient* webViewClient, void (*updateSettingsFunc)(WebSettings*)) +{ + return initializeWithOpener(nullptr, enableJavascript, webFrameClient, webViewClient, updateSettingsFunc); +} + WebViewImpl* WebViewHelper::initializeAndLoad(const std::string& url, bool enableJavascript, TestWebFrameClient* webFrameClient, TestWebViewClient* webViewClient, void (*updateSettingsFunc)(WebSettings*)) { initialize(enableJavascript, webFrameClient, webViewClient, updateSettingsFunc); @@ -282,7 +297,7 @@ void TestWebFrameClient::waitForLoadToComplete() } TestWebRemoteFrameClient::TestWebRemoteFrameClient() - : m_frame(WebRemoteFrameImpl::create(WebTreeScopeType::Document, this)) + : m_frame(WebRemoteFrameImpl::create(WebTreeScopeType::Document, this, nullptr)) { } diff --git a/third_party/WebKit/Source/web/tests/FrameTestHelpers.h b/third_party/WebKit/Source/web/tests/FrameTestHelpers.h index 7314d44..adf93ec 100644 --- a/third_party/WebKit/Source/web/tests/FrameTestHelpers.h +++ b/third_party/WebKit/Source/web/tests/FrameTestHelpers.h @@ -78,7 +78,8 @@ void pumpPendingRequestsDoNotUse(WebFrame*); // Calls WebRemoteFrame::createLocalChild, but with some arguments prefilled // with default test values (i.e. with a default |client| or |properties| and/or // with a precalculated |uniqueName|). -WebLocalFrame* createLocalChild(WebRemoteFrame* parent, const WebString& name = WebString::fromUTF8("frameName"), WebFrameClient* = nullptr, WebFrame* previousSibling = nullptr, const WebFrameOwnerProperties& = WebFrameOwnerProperties()); +WebLocalFrame* createLocalChild(WebRemoteFrame* parent, const WebString& name = WebString(), WebFrameClient* = nullptr, WebFrame* previousSibling = nullptr, const WebFrameOwnerProperties& = WebFrameOwnerProperties()); +WebRemoteFrame* createRemoteChild(WebRemoteFrame* parent, WebRemoteFrameClient*, const WebString& name = WebString()); class SettingOverrider { public: @@ -135,9 +136,12 @@ public: WebViewHelper(SettingOverrider* = 0); ~WebViewHelper(); - // Creates and initializes the WebView. Implicitly calls reset() first. IF a - // WebFrameClient or a WebViewClient are passed in, they must outlive the + // Creates and initializes the WebView. Implicitly calls reset() first. If + // a WebFrameClient or a WebViewClient are passed in, they must outlive the // WebViewHelper. + WebViewImpl* initializeWithOpener(WebFrame* opener, bool enableJavascript = false, TestWebFrameClient* = nullptr, TestWebViewClient* = nullptr, void (*updateSettingsFunc)(WebSettings*) = nullptr); + + // Same as initializeWithOpener(), but always sets the opener to null. WebViewImpl* initialize(bool enableJavascript = false, TestWebFrameClient* = 0, TestWebViewClient* = 0, void (*updateSettingsFunc)(WebSettings*) = 0); // Same as initialize() but also performs the initial load of the url. Only diff --git a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp index 3b3b2a1..20c47ea 100644 --- a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp +++ b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp @@ -5541,8 +5541,7 @@ TEST_P(ParameterizedWebFrameTest, DidAccessInitialDocumentBody) // Create another window that will try to access it. FrameTestHelpers::WebViewHelper newWebViewHelper(this); - WebView* newView = newWebViewHelper.initialize(true); - newView->mainFrame()->setOpener(webViewHelper.webView()->mainFrame()); + WebView* newView = newWebViewHelper.initializeWithOpener(webViewHelper.webView()->mainFrame(), true); runPendingTasks(); EXPECT_FALSE(webFrameClient.m_didAccessInitialDocument); @@ -5573,8 +5572,7 @@ TEST_P(ParameterizedWebFrameTest, DidAccessInitialDocumentNavigator) // Create another window that will try to access it. FrameTestHelpers::WebViewHelper newWebViewHelper(this); - WebView* newView = newWebViewHelper.initialize(true); - newView->mainFrame()->setOpener(webViewHelper.webView()->mainFrame()); + WebView* newView = newWebViewHelper.initializeWithOpener(webViewHelper.webView()->mainFrame(), true); runPendingTasks(); EXPECT_FALSE(webFrameClient.m_didAccessInitialDocument); @@ -5617,8 +5615,7 @@ TEST_P(ParameterizedWebFrameTest, DidAccessInitialDocumentBodyBeforeModalDialog) // Create another window that will try to access it. FrameTestHelpers::WebViewHelper newWebViewHelper(this); - WebView* newView = newWebViewHelper.initialize(true); - newView->mainFrame()->setOpener(webViewHelper.webView()->mainFrame()); + WebView* newView = newWebViewHelper.initializeWithOpener(webViewHelper.webView()->mainFrame(), true); runPendingTasks(); EXPECT_FALSE(webFrameClient.m_didAccessInitialDocument); @@ -5657,8 +5654,7 @@ TEST_P(ParameterizedWebFrameTest, DidWriteToInitialDocumentBeforeModalDialog) // Create another window that will try to access it. FrameTestHelpers::WebViewHelper newWebViewHelper(this); - WebView* newView = newWebViewHelper.initialize(true); - newView->mainFrame()->setOpener(webViewHelper.webView()->mainFrame()); + WebView* newView = newWebViewHelper.initializeWithOpener(webViewHelper.webView()->mainFrame(), true); runPendingTasks(); EXPECT_FALSE(webFrameClient.m_didAccessInitialDocument); @@ -7276,7 +7272,7 @@ TEST_F(WebFrameSwapTest, SwapParentShouldDetachChildren) // Create child frames in the target frame before testing the swap. FrameTestHelpers::TestWebRemoteFrameClient remoteFrameClient2; - WebRemoteFrame* childRemoteFrame = remoteFrame->createRemoteChild(WebTreeScopeType::Document, "", "uniqueName0", WebSandboxFlags::None, &remoteFrameClient2); + WebRemoteFrame* childRemoteFrame = FrameTestHelpers::createRemoteChild(remoteFrame, &remoteFrameClient2); FrameTestHelpers::TestWebFrameClient client; WebLocalFrame* localFrame = WebLocalFrame::createProvisional(&client, remoteFrame, WebSandboxFlags::None, WebFrameOwnerProperties()); @@ -7859,7 +7855,7 @@ TEST_P(ParameterizedWebFrameTest, DetachRemoteFrame) WebView* view = WebView::create(&viewClient); view->setMainFrame(remoteClient.frame()); FrameTestHelpers::TestWebRemoteFrameClient childFrameClient; - WebRemoteFrame* childFrame = view->mainFrame()->toWebRemoteFrame()->createRemoteChild(WebTreeScopeType::Document, "", "uniqueName1", WebSandboxFlags::None, &childFrameClient); + WebRemoteFrame* childFrame = FrameTestHelpers::createRemoteChild(view->mainFrame()->toWebRemoteFrame(), &childFrameClient); childFrame->detach(); view->close(); childFrame->close(); diff --git a/third_party/WebKit/Source/web/tests/WebViewTest.cpp b/third_party/WebKit/Source/web/tests/WebViewTest.cpp index 791db5b..1fcdd78 100644 --- a/third_party/WebKit/Source/web/tests/WebViewTest.cpp +++ b/third_party/WebKit/Source/web/tests/WebViewTest.cpp @@ -541,7 +541,7 @@ TEST_F(WebViewTest, SetBaseBackgroundColorBeforeMainFrame) // webView does not have a frame yet, but we should still be able to set the background color. webView->setBaseBackgroundColor(kBlue); EXPECT_EQ(kBlue, webView->backgroundColor()); - WebLocalFrameImpl* frame = WebLocalFrameImpl::create(WebTreeScopeType::Document, nullptr); + WebLocalFrame* frame = WebLocalFrame::create(WebTreeScopeType::Document, nullptr); webView->setMainFrame(frame); webView->close(); frame->close(); @@ -1910,9 +1910,9 @@ public: } // WebViewClient methods - WebView* createView(WebLocalFrame*, const WebURLRequest&, const WebWindowFeatures&, const WebString& name, WebNavigationPolicy, bool) override + WebView* createView(WebLocalFrame* opener, const WebURLRequest&, const WebWindowFeatures&, const WebString& name, WebNavigationPolicy, bool) override { - return m_webViewHelper.initialize(true, 0, 0); + return m_webViewHelper.initializeWithOpener(opener, true); } // WebWidgetClient methods diff --git a/third_party/WebKit/public/web/WebFrame.h b/third_party/WebKit/public/web/WebFrame.h index 9c32018..4a1e5c7c 100644 --- a/third_party/WebKit/public/web/WebFrame.h +++ b/third_party/WebKit/public/web/WebFrame.h @@ -203,7 +203,7 @@ public: BLINK_EXPORT WebFrame* opener() const; // Sets the frame that opened this one or 0 if there is none. - virtual void setOpener(WebFrame*); + BLINK_EXPORT void setOpener(WebFrame*); // Reset the frame that opened this frame to 0. // This is executed between layout tests runs diff --git a/third_party/WebKit/public/web/WebLocalFrame.h b/third_party/WebKit/public/web/WebLocalFrame.h index 17cba72..dae559c 100644 --- a/third_party/WebKit/public/web/WebLocalFrame.h +++ b/third_party/WebKit/public/web/WebLocalFrame.h @@ -31,7 +31,7 @@ class WebLocalFrame : public WebFrame { public: // Creates a WebFrame. Delete this WebFrame by calling WebFrame::close(). // It is valid to pass a null client pointer. - BLINK_EXPORT static WebLocalFrame* create(WebTreeScopeType, WebFrameClient*); + BLINK_EXPORT static WebLocalFrame* create(WebTreeScopeType, WebFrameClient*, WebFrame* opener = nullptr); // Used to create a provisional local frame in prepration for replacing a // remote frame if the load commits. The returned frame is only partially diff --git a/third_party/WebKit/public/web/WebRemoteFrame.h b/third_party/WebKit/public/web/WebRemoteFrame.h index 5ff2aaa..3cef63c 100644 --- a/third_party/WebKit/public/web/WebRemoteFrame.h +++ b/third_party/WebKit/public/web/WebRemoteFrame.h @@ -16,16 +16,16 @@ class WebRemoteFrameClient; class WebRemoteFrame : public WebFrame { public: - BLINK_EXPORT static WebRemoteFrame* create(WebTreeScopeType, WebRemoteFrameClient*); + BLINK_EXPORT static WebRemoteFrame* create(WebTreeScopeType, WebRemoteFrameClient*, WebFrame* opener = nullptr); // Functions for the embedder replicate the frame tree between processes. // TODO(dcheng): The embedder currently does not replicate local frames in // insertion order, so the local child version takes a previous sibling to // ensure that it is inserted into the correct location in the list of // children. - virtual WebLocalFrame* createLocalChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebFrameClient*, WebFrame* previousSibling, const WebFrameOwnerProperties&) = 0; + virtual WebLocalFrame* createLocalChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebFrameClient*, WebFrame* previousSibling, const WebFrameOwnerProperties&, WebFrame* opener) = 0; - virtual WebRemoteFrame* createRemoteChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebRemoteFrameClient*) = 0; + virtual WebRemoteFrame* createRemoteChild(WebTreeScopeType, const WebString& name, const WebString& uniqueName, WebSandboxFlags, WebRemoteFrameClient*, WebFrame* opener) = 0; // Transfer initial drawing parameters from a local frame. virtual void initializeFromFrame(WebLocalFrame*) const = 0; |