Make it so that allow_js_access: false can be used with background pages created by window.open.

We want attempts to create those windows to succeed, but the window.open call
should still return null. This is accomplished by opening the background contents
in another process, in the same manner as r125180.

BUG=120446
R=creis@chromium.org

Review URL: http://codereview.chromium.org/9837074

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@129574 0039d316-1c4b-4281-b951-d872f2087c98

11 files changed, 43 insertions, 20 deletions

diff --git a/content/browser/mock_content_browser_client.cc b/content/browser/mock_content_browser_client.cc
index 8456785..1ce2fcd 100644
--- a/content/browser/mock_content_browser_client.cc
+++ b/content/browser/mock_content_browser_client.cc
@@ -248,7 +248,9 @@ bool MockContentBrowserClient::CanCreateWindow(
     const GURL& source_origin,
     WindowContainerType container_type,
     ResourceContext* context,
-    int render_process_id) {
+    int render_process_id,
+    bool* no_javascript_access) {
+  *no_javascript_access = false;
   return true;
 }
 
diff --git a/content/browser/mock_content_browser_client.h b/content/browser/mock_content_browser_client.h
index 5d68787..ff6d41b 100644
--- a/content/browser/mock_content_browser_client.h
+++ b/content/browser/mock_content_browser_client.h
@@ -138,7 +138,8 @@ class MockContentBrowserClient : public ContentBrowserClient {
       const GURL& source_origin,
       WindowContainerType container_type,
       ResourceContext* context,
-      int render_process_id) OVERRIDE;
+      int render_process_id,
+      bool* no_javascript_access) OVERRIDE;
   virtual std::string GetWorkerProcessTitle(const GURL& url,
                                             ResourceContext* context) OVERRIDE;
   virtual void ResourceDispatcherHostCreated() OVERRIDE;
diff --git a/content/browser/renderer_host/render_message_filter.cc b/content/browser/renderer_host/render_message_filter.cc
index fbbff99..a0dc2a3 100644
--- a/content/browser/renderer_host/render_message_filter.cc
+++ b/content/browser/renderer_host/render_message_filter.cc
@@ -403,10 +403,17 @@ void RenderMessageFilter::OnMsgCreateWindow(
     int* route_id,
     int* surface_id,
     int64* cloned_session_storage_namespace_id) {
-  if (!content::GetContentClient()->browser()->CanCreateWindow(
-          GURL(params.opener_url), GURL(params.opener_security_origin),
-          params.window_container_type, resource_context_,
-          render_process_id_)) {
+  bool no_javascript_access;
+  bool can_create_window =
+      content::GetContentClient()->browser()->CanCreateWindow(
+          GURL(params.opener_url),
+          GURL(params.opener_security_origin),
+          params.window_container_type,
+          resource_context_,
+          render_process_id_,
+          &no_javascript_access);
+
+  if (!can_create_window) {
     *route_id = MSG_ROUTING_NONE;
     *surface_id = 0;
     return;
@@ -428,6 +435,7 @@ void RenderMessageFilter::OnMsgCreateWindow(
 #endif
 
   render_widget_helper_->CreateNewWindow(params,
+                                         no_javascript_access,
                                          peer_handle(),
                                          route_id,
                                          surface_id);
diff --git a/content/browser/renderer_host/render_widget_helper.cc b/content/browser/renderer_host/render_widget_helper.cc
index e69ba49..a29babb 100644
--- a/content/browser/renderer_host/render_widget_helper.cc
+++ b/content/browser/renderer_host/render_widget_helper.cc
@@ -214,15 +214,16 @@ void RenderWidgetHelper::OnCrossSiteSwapOutACK(
 
 void RenderWidgetHelper::CreateNewWindow(
     const ViewHostMsg_CreateWindow_Params& params,
+    bool no_javascript_access,
     base::ProcessHandle render_process,
     int* route_id,
     int* surface_id) {
-  if (params.opener_suppressed) {
-    // If the opener is supppressed, we should open the window in a new
-    // BrowsingInstance, and thus a new process.  That means the current
-    // renderer process will not be able to route messages to it.  Because of
-    // this, we will immediately show and navigate the window in
-    // OnCreateWindowOnUI, using the params provided here.
+  if (params.opener_suppressed || no_javascript_access) {
+    // If the opener is supppressed or script access is disallowed, we should
+    // open the window in a new BrowsingInstance, and thus a new process. That
+    // means the current renderer process will not be able to route messages to
+    // it. Because of this, we will immediately show and navigate the window
+    // in OnCreateWindowOnUI, using the params provided here.
     *route_id = MSG_ROUTING_NONE;
     *surface_id = 0;
   } else {
diff --git a/content/browser/renderer_host/render_widget_helper.h b/content/browser/renderer_host/render_widget_helper.h
index f897984..ed20603 100644
--- a/content/browser/renderer_host/render_widget_helper.h
+++ b/content/browser/renderer_host/render_widget_helper.h
@@ -15,6 +15,7 @@
 #include "base/process.h"
 #include "base/synchronization/lock.h"
 #include "base/synchronization/waitable_event.h"
+#include "content/public/browser/content_browser_client.h"
 #include "content/public/common/window_container_type.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebPopupType.h"
 #include "ui/gfx/native_widget_types.h"
@@ -128,6 +129,7 @@ class RenderWidgetHelper
   void DidReceiveUpdateMsg(const IPC::Message& msg);
 
   void CreateNewWindow(const ViewHostMsg_CreateWindow_Params& params,
+                       bool no_javascript_access,
                        base::ProcessHandle render_process,
                        int* route_id,
                        int* surface_id);
diff --git a/content/browser/tab_contents/tab_contents_view_helper.cc b/content/browser/tab_contents/tab_contents_view_helper.cc
index beb9ca3..beaae80 100644
--- a/content/browser/tab_contents/tab_contents_view_helper.cc
+++ b/content/browser/tab_contents/tab_contents_view_helper.cc
@@ -56,7 +56,8 @@ TabContents* TabContentsViewHelper::CreateNewWindow(
         web_contents,
         route_id,
         params.window_container_type,
-        params.frame_name);
+        params.frame_name,
+        params.target_url);
   }
 
   if (!should_create)
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
index 9a3c5a5..b390748 100644
--- a/content/public/browser/content_browser_client.h
+++ b/content/public/browser/content_browser_client.h
@@ -336,14 +336,16 @@ class ContentBrowserClient {
       int notification_id) = 0;
 
   // Returns true if the given page is allowed to open a window of the given
-  // type.
+  // type. If true is returned, |no_javascript_access| will indicate whether
+  // the window that is created should be scriptable/in the same process.
   // This is called on the IO thread.
   virtual bool CanCreateWindow(
       const GURL& opener_url,
       const GURL& source_origin,
       WindowContainerType container_type,
       content::ResourceContext* context,
-      int render_process_id) = 0;
+      int render_process_id,
+      bool* no_javascript_access) = 0;
 
   // Returns a title string to use in the task manager for a process host with
   // the given URL, or the empty string to fall back to the default logic.
diff --git a/content/public/browser/web_contents_delegate.cc b/content/public/browser/web_contents_delegate.cc
index 0e24df0..72429a6 100644
--- a/content/public/browser/web_contents_delegate.cc
+++ b/content/public/browser/web_contents_delegate.cc
@@ -122,7 +122,8 @@ bool WebContentsDelegate::ShouldCreateWebContents(
     WebContents* web_contents,
     int route_id,
     WindowContainerType window_container_type,
-    const string16& frame_name) {
+    const string16& frame_name,
+    const GURL& target_url) {
   return true;
 }
 
diff --git a/content/public/browser/web_contents_delegate.h b/content/public/browser/web_contents_delegate.h
index 2d1669c..111e013 100644
--- a/content/public/browser/web_contents_delegate.h
+++ b/content/public/browser/web_contents_delegate.h
@@ -273,12 +273,14 @@ class CONTENT_EXPORT WebContentsDelegate {
   virtual gfx::NativeWindow GetFrameNativeWindow();
 
   // Allows delegate to control whether a WebContents will be created. Returns
-  // true to allow the creation. Default is to allow it.
+  // true to allow the creation. Default is to allow it. In cases where the
+  // delegate handles the creation/navigation itself, it will use |target_url|.
   virtual bool ShouldCreateWebContents(
       WebContents* web_contents,
       int route_id,
       WindowContainerType window_container_type,
-      const string16& frame_name);
+      const string16& frame_name,
+      const GURL& target_url);
 
   // Notifies the delegate about the creation of a new WebContents. This
   // typically happens when popups are created.
diff --git a/content/shell/shell_content_browser_client.cc b/content/shell/shell_content_browser_client.cc
index 632a5d7..588e002 100644
--- a/content/shell/shell_content_browser_client.cc
+++ b/content/shell/shell_content_browser_client.cc
@@ -257,7 +257,9 @@ bool ShellContentBrowserClient::CanCreateWindow(
     const GURL& origin,
     WindowContainerType container_type,
     content::ResourceContext* context,
-    int render_process_id) {
+    int render_process_id,
+    bool* no_javascript_access) {
+  *no_javascript_access = false;
   return true;
 }
 
diff --git a/content/shell/shell_content_browser_client.h b/content/shell/shell_content_browser_client.h
index 8b25e16..ac5e472 100644
--- a/content/shell/shell_content_browser_client.h
+++ b/content/shell/shell_content_browser_client.h
@@ -146,7 +146,8 @@ class ShellContentBrowserClient : public ContentBrowserClient {
       const GURL& origin,
       WindowContainerType container_type,
       content::ResourceContext* context,
-      int render_process_id) OVERRIDE;
+      int render_process_id,
+      bool* no_javascript_access) OVERRIDE;
   virtual std::string GetWorkerProcessTitle(
       const GURL& url, content::ResourceContext* context) OVERRIDE;
   virtual void ResourceDispatcherHostCreated() OVERRIDE;