At present, when running with kGuestViewMPArch enabled, opening a page
with a guest and then, in a new tab, opening chrome://process-internals,
will cause a DCHECK in RenderFrameHostToFrameInfo() to fail. This is
because the call to GetParentOrOuterDocument() will return null if it
encounters a GuestView. This CL modifies the call to return the
embedder if neither parent nor outer document is applicable.
Bug: 40202416
Change-Id: I208de469143b90517ddf07fcc7df22edc2eb4f18
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6343851
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1431450}
This change adds whether JavaScript optimizers are enabled or not to the
set of information that is presented for each frame that is shown on
chrome://process-internals/ FrameTrees page. This information will make
it easier to identify and debug the state of the JavaScript optimizer on
a given frame.
Screenshot: http://crbug.com/397465003#attachment63151339
Change-Id: Ifc4bdccd1e9c52d755934c2f71be9bf44f5c1bb0
Bug: 397465003
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6291965
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Javier Castro <jacastro@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1423510}
NOTREACHED() and NOTREACHED_IN_MIGRATION() are both CHECK-fatal now.
The former is [[noreturn]] so this CL also performs dead-code removal
after the NOTREACHED().
This CL does not attempt to do additional rewrites of any surrounding
code, like:
if (!foo) {
NOTREACHED();
}
to CHECK(foo);
Those transforms take a non-trivial amount of time (and there are
thousands of instances). Cleanup can be left as an exercise for the
reader.
This does clean up kCrashOnDanglingBrowserContext as both paths of the
kill switch are currently fatal. This has been rolled out for a long
time.
Bug: 40580068, 40062641
Change-Id: Ib88e710d003e2e48df3fc502ca54d2341d157a0e
Cq-Include-Trybots: luci.chromium.try:linux-dcheck-off-rel
Low-Coverage-Reason: OTHER Should-be-unreachable code
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5974816
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Peter Boström <pbos@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1376522}
Suppress unsafe buffer usage on a file-by-file basis. Out of
approximately 5850 .cc and .h files only roughly 160 files fail
compilation with the unsafe buffers warning.
Suppress only, by inserting boilerplate into affected files. Do not
re-write any code to work around the issues. Properly fixing each file
will be done in follow-up CLs.
//content/ is not removed from unsafe_bufers_paths.txt file and will be
also done as a follow-up, so it makes potential reverts simpler.
Bug: 342213636
Change-Id: I4a936e63dea95a78951f7bfae6d5487708ae3c0b
AX-Relnotes: n/a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5608913
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1312393}
This was generated by replacing " NOTREACHED()" with
" NOTREACHED_IN_MIGRATION()" and running git cl format.
This prepares for making NOTREACHED() [[noreturn]] alongside
NotReachedIsFatal migration of existing inventory.
Bug: 40580068
Change-Id: I3b48b89911ac5e9ffcb211622992f917f8f9e8d9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5539619
Auto-Submit: Peter Boström <pbos@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1301096}
The changes of this CL are made using the following script.
```
target_directory="content/browser"
replace_string_in_files() {
old_string="$1"
new_string="$2"
find "$target_directory" -type f \( -name "*.cc" -o -name "*.h" \) \
-exec sed -i '' "s/$old_string/$new_string/g" {} +
}
delete_include() {
find "$target_directory" \( -name "*.h" -o -name "*.cc" \) -print0 | while IFS= read -r -d '' file; do
grep -v '#include "base/strings/string_piece.h"' "$file" > "$file.tmp" && mv "$file.tmp" "$file"
done
}
add_include() {
find "$target_directory" \( -name "*.h" -o -name "*.cc" \) -print0 | while IFS= read -r -d '' file; do
local include_added=false
local tempfile=$(mktemp)
if grep -qE 'std::(string|u16string)_view' "$file"; then
while IFS= read -r line; do
echo "$line" >> "$tempfile"
if [[ $line =~ ^\s*#include ]]; then
if ! $include_added; then
echo "#include <string_view>" >> "$tempfile"
include_added=true
fi
fi
done < "$file"
mv "$tempfile" "$file"
if $include_added; then
echo "Added #include <string_view> after the first include line in $file"
else
echo "No include line found in $file"
fi
else
echo "std::string_view not found in $file"
fi
done
}
replace_string_in_files "base::StringPiece16" "std::u16string_view"
replace_string_in_files "base::StringPiece" "std::string_view"
delete_include
add_include
```
Replaced base::StringPiece16 with std::u16string_view
Replaced base::StringPiece with std::string_view
Removed header "base/strings/string_piece.h"
Added header "<string_view>" where applicable
Bug: 40506050
Change-Id: I2bc22c79dd9a0c839745afe065123f7a53c4a5ca
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5401117
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1281746}
This is now the default for WebUI bindings, so setting true is
unnecessary. In this CL updating all uses within content/, docs/ and
ui/webui/examples/
Bug: 1002798
Change-Id: If2ab305c5b56524e5f2f4b4313c58ea664f9ad4b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5009906
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Commit-Queue: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1222665}
Introduces a RenderProcessHostImpl::GetProcessCount to make it possible
to show both the actual process count and the count used for the limit.
Also moves Site Isolation info to another tab on the page.
Bug: 850087
Change-Id: I43d3f0d622b94f429df576147df672109282cefd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4292643
Commit-Queue: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1111335}
Also fixing a minor issue in the TS enum template, where enums with
parents were named without including the parent's name in the type
(this type of enum was not used by any prior WebUI bindings).
Bug: 1002798
Change-Id: Idb8cfc394f6c599309219668622a4f19259660ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4195379
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Commit-Queue: Rebekah Potter <rbpotter@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1097627}
Using base::FunctionRef as the callable param for a visitor function
can significantly reduce the boilerplate required to use the visitor
function. It also avoids the heap allocation required to support
base::RepeatingCallback's strong ownership semantics.
The most common transformation in this CL is converting something
like:
rfh->ForEachRenderFrameHost(base::BindRepeating(
&MyClass::HandleRFH, base::Unretained(this)));
to simply using a lambda that captures `this`:
rfh->ForEachRenderFrameHost([this] (content::RenderFrameHost* rfh) {
HandleRFH(rfh);
});
An astute reader will note that the latter is one line longer; however,
many of these callbacks currently bind other arguments as additional
input parameters or as out parameters. Using lambda captures
significantly reduces the boilerplate, improving readability, and makes
it much easier to avoid unnecessary copies.
Bug: 1303103
Change-Id: I3aeb74a0988dbddb645faef2239e9541c9adac52
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3767487
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Owners-Override: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1039508}
Context:
Currently WebUI properties, e.g. CSPs, requesting schemes, host, mojo,
etc. are stored in WebUIControllers themselves or in separate lists
like IsWebUIAllowedToMakeNetworkRequests. The lifetime of a
WebUIController is bound to the frame, which makes it hard to use for
some use cases where the WebUIController hasn't been created yet. A
non-dynamically allocated class where clients could query a WebUI's
properties would be easier to use and audit.
WebUIConfig is a class that stores properties of WebUIs. For now the
properties are 1. the WebUI's origin, 2. if the WebUI is enabled,
and 3. GetURLDataSource() method for service worker initialization.
In the future this class could include information like CSPs, if we
should enable Mojo, if we should enable chrome.send(), if we should
allow network requests, URLDataSource, etc.
Bug: 1317510
Change-Id: Ic9d4481e12be16f120a65437c06c15f541ac0ee1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3657709
Reviewed-by: Stephen Nusko <nuskos@chromium.org>
Commit-Queue: Giovanni Ortuno Urquidi <ortuno@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1007223}
Prior to <webview> site isolation, guests looked like this on
chrome://process-internals:
SI:8, site:chrome-guest://edggnmnajhcbhlnpjnogkjpghaikidaa/?foo#ondiskfallback | url: https://www.google.com/?gws_rd=ssl
With <webview> site isolation, guests became indistinguishable from
regular frames:
SI:8, locked, site:https://google.com/ | url: https://www.google.com/?gws_rd=ssl
This CL restores the guest information that was previously conveyed
through the site URL, including whether the SiteInstance is for a
guest and a string representation of its StoragePartition:
SI:8, locked, site:https://google.com/, guest, partition:edggnmnajhcbhlnpjnogkjpghaikidaa/foo | url: https://www.google.com/?gws_rd=ssl
Bug: 1267977
Change-Id: I467ec38cf983127fade665d02ffc58fe43f0c1f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3643024
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1002914}
This CL refactors previously added MojoJSFileSystemAccess Web IDL
feature to into a ContextEnabled feature, and add methods to WebUI
infrastructure to enable it.
This is more aligned with WebUI's design expectation that WebUI is a
per-frame concept (hence their feature should be ContextEnabled),
instead of a per-process concept (previously used RuntimeEnabled
feature).
WebUIs wishing to enable these extra features should call
EnableMojoJsBindings with the extra features they need.
Bug: 1288174
Change-Id: I94d7445ef62dfd5afb9c0ef204f3b57d96c892bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3546210
Reviewed-by: Giovanni Ortuno Urquidi <ortuno@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#987764}
Previously the iteration was based on children of a RenderFrameHost.
This did not traverse FencedFrame trees so convert this to
ForEachRenderFrameHost. Avoid traversing into inner WebContents since
that is already covered in the GetAllWebContents.
BUG=1263574
Change-Id: Iab54fa243d49cdc8ecb4ded2d491880dd0b29860
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3511087
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Kevin McNee <mcnee@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#979297}
Almost all WebUIDataSource::Create() users do no try to take ownership
of the WebUIDataSource. The returned pointer always be passed to
WebUIDataSource::Add() and it eventually passes the pointer down to
URLDataManagerBackend. Inside WebUIDataSource::CreateAndAdd(), it calls
WebUIDataSource::Add() to internalize its ownership. It provides right
ownership semantics, and abstracts away the URLDataSourceImpl is
refcounted details.
Bug: 1206140
Change-Id: I89fd2e03b2a782b5c8ff00d1912d1adf78ef2218
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3406435
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#968119}
As a followup to introducing RenderProcessHost::GetProcessLock, update
call sites that use ChildProcessSecurityPolicy.
There are also some sites that update SiteInstanceImpl::GetProcessLock
to RenderProcessHost::GetProcessLock, where it is more accurate to get
the ProcessLock for the process.
Bug: 1261963
Test: Updated browsertests
Change-Id: I27823e5c584cde9dcd03e661d4f6f272d483cbd0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3307505
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Sharon Yang <yangsharon@chromium.org>
Cr-Commit-Position: refs/heads/main@{#946768}
This CL refactors the code that tracks OAC (OriginAgentCluster)
isolation opt-ins to allow for having both origin-keyed OAC processes
and non-origin-keyed OAC processes present at the same time.
The map in ChildProcessSecurityPolicyImpl that tracks OAC opt-ins is
|origin_isolation_by_browsing_instance_|. Prior to this CL it just
tracks a list of origins, with the assumption being that any origin
in the list is opted in for whatever OAC mechanism is currently being
used.
The two mechanisms are origin_keyed, in which each origin is assigned
its own process, and non-origin_keyed, in which each origin is logically
isolated in the renderer process, but may share a renderer process with
other origins. At present, only one of these mechanisms is active for
a given browser session.
In this CL we modify |origin_isolation_by_browsing_instance_| to track
which mechanism to use for each origin, thus allowing both mechanisms
to be active at once.
This CL also enhances the UrlInfo::OriginIsolationRequest flags to
allow us (in some future CL) to control which mechanism to register at
opt-in time.
Bug: 1259920
Change-Id: Id6a9c396f2cf94264aab171b80d72c7f4917a2f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3244802
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: W. James MacLean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#941698}
This replaces DISALLOW_COPY_AND_ASSIGN with explicit constructor deletes
where a local script is able to detect its insertion place (~Foo() is
public => insert before this line).
This is incomplete as not all classes have a public ~Foo() declared, so
not all DISALLOW_COPY_AND_ASSIGN occurrences are replaced.
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: Iea478401b7580682c7b9f195f7af9cbbdb6ce315
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167292
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923194}
This CL refactors BackForwardCacheImpl::Entry so that it is bfcache
specific. Now prerendering uses BackForwardCacheImpl::StoredPage.
BackForwardCacheImpl::Entry now owns StoredPage.
Bug: 1181263,1228611, 1183523
Change-Id: Ie51f79913177dcf2d144a734f292c0c7b3646121
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3034509
Commit-Queue: Yuzu Saijo <yuzus@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#905599}
There are classes that extend both WebUIController and
WebContentsObserver, but both interfaces have a function called
RenderFrameCreated, which is confusing and risky as a result.
* Rename WebUIController::RenderFrameCreated to WebUIRenderFrameCreated
* Clean up macros
Bug: 1225704
Change-Id: I8d1b6333c3a2d937558ea7488a721a321aa2687e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2999042
Commit-Queue: Sharon Yang <yangsharon@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Owners-Override: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#897882}
This CL implements support for saving COOP-isolated sites to user
prefs. This allows them to survive restarts. Persistent isolation is
triggered by visiting a COOP site and then interacting with it (i.e.,
via user activation). Persistence is used when
kSiteIsolationForCrossOriginOpenerPolicy is enabled (intended for
Android, since desktop already has full site isolation), and it may
also be turned off by a field trial param.
The implementation is similar to how we save/restore
password-triggered isolated sites, with additional restrictions on the
saved COOP site list. Namely, we limit the list to at most 100
entries (controllable via a field trial param) and evict older sites
when this limit is exceeded. To do the latter, we store a last-access
timestamp along with each isolated site. A followup CL will further
restrict the stored isolated sites to not be loaded if they're more
than a week old.
A new user pref is added for web-triggered isolated origins and used
for storing COOP-isolated sites (and possibly other kinds of sites
that trigger site isolation with site-specified mechanisms
in the future). This complements the user-triggered isolated origins
pref (used for password sites) and is managed in
//components/site_isolation, allowing this whole mechanism to also
work in weblayer.
As before, persistence is not supported in incognito, and a browser
test is added to verify this.
The saved COOP sites are cleared via the same clear-browsing-data
triggers as password-isolated sites (namely, either history or cookies
and other site settings). The existing unit test we had for that is
updated to also employ the COOP pref.
For more details, see
https://docs.google.com/document/d/122niZuMrub8vu4PJRGQrU_bG02tPPcjqWpsj3GJ1Uq0/edit#
Bug: 1018656
Change-Id: Iea4fe0b41a2521a92ab267c44bf615ca420609cd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2898148
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Caitlin Fischer <caitlinfischer@google.com>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#884196}
This CL makes two tweaks to chrome://process-internals for the new
Android site isolation modes:
- add ability to show COOP and OAuth isolation in the list of site
isolation modes.
- display currently isolated COOP sites. Currently, these are active
for the remainder of the browser session and cleared after a restart.
Once we add persistence, we'll want to come back and update the
description here.
Bug: 1018656, 960888
Change-Id: Ie97df36b7d5b30fe90e73ca240bb900e0458b026
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2872254
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#879193}
This change removes calls to base::ASCIIToUTF16 in //content and //ui
with a single-line string literal and replaces them with a u"..."
literal instead. Files where this change would cause compilation errors
were not changed.
This is a mechanical change:
$ git grep -lw ASCIIToUTF16 content ui | xargs \
sed -i 's/\(base::\)\?ASCIIToUTF16(\("\(\\.\|[^\\"]\)*"\))/u\2/g'
$ git cl format
Bug: 1189439
Change-Id: I0d5601dc15324c43012b8d26260405f1efdca07e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780265
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jan Wilken Dörrie <jdoerrie@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865766}
