The test ChildFrameCrashMetrics_ScrolledIntoView might fail if we wait
for WidgetHostMsg_WaitForNextFrameForTests_ACK, because it is sent
from compositor thread, almost independently from
FrameHostMsg_UpdateViewportIntersection, which is sent from main thread.
Problem can be reproduced deterministically if we put sleep in
RenderFrameProxy::UpdateRemoteViewportIntersection, to simulate preemption
by OS scheduler.
What we really want to wait for in this test is viewport intersection
update in UI thread. Only after that we can check histograms. If
we wait for lifecycle update, that will guarantee that all IPCs are
processed in browser, including FrameHostMsg_UpdateViewportIntersection.
Change-Id: I1ff2e6632b2f1391a3dee82b2bc6667bb20bf71d
Bug: 1115096
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2307373
Reviewed-by: danakj <danakj@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Stefan Zager <szager@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814114}
This patch adds enable-raster-side-dark-mode-for-images switch to
enable raster side dark mode for images and initial functionality
to enable RSDM for bitmap images. PaintFlags will carry the
|use_dark_mode_for_image_| bit for specifying whether the
compositor should use a dark mode filter when rasterizing images.
Bug: 1094005
Change-Id: I424c9397235733fb07df4f1cad7bb758399fded9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2445890
Reviewed-by: Philip Rogers <pdr@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Reviewed-by: Khushal <khushalsagar@chromium.org>
Commit-Queue: Prashant Nevase <prashant.n@samsung.com>
Cr-Commit-Position: refs/heads/master@{#814106}
This was propagated only on Android and not desktop because of tests that inadvertently depended on this.
-history test said it wanted no user gesture, but ui_test_utils::NavigateToURL always enabled it
-dice code was setting user gesture but this wasn't propagated so it wasn't necessary
-download tests: I'm unsure if the tests were correct or if there are bugs to fix in the production code. For now setting user_gesture to false to simulate old behavior before this change
-signin_view_controller: no-op change since this is a browser initiated navigation so the user_gesture was always ignored
Fixes:
Bug: 1132491
Change-Id: Ib3486090d4d18a66e0e76f9135b45a7abcbdaf1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2430451
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Min Qin <qinmin@chromium.org>
Reviewed-by: David Roger <droger@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814091}
This CL:
* Introduces an error code that indicates a mojo connection to the
storage is disconnected. This won't happen yet but could happen in
the future. It could happen due to a Storage Service crash after
ServiceWorkerStorage is migrated into the Storage Service, and the
Storage Service is hosted outside the browser process.
* Updates GetStorageUsageForOrigin() to make sure that the callback of
the method is always called. Currently it uses
WrapCallbackWithDefaultInvokeIfNotRun() but we may use the different
approach in the future.
Other methods in ServiceWorkerRegistry also need to be updated.
Subsequent CLs will do that.
* Sets a mojo disconnection handler. Currently it just resets the
remote. Subsequent CLs will implement crash recovery logic.
See [1] for the overall plan.
[1] https://docs.google.com/document/d/1RQgiuAZVbQZbYJeLOfmydBMwXTTfsL2RqZKx90yPT7U/edit?usp=sharing
Bug: 1133143
Change-Id: I28cef47d66c6f95b33d7a4a8b152e7d38d32e49f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2437082
Commit-Queue: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Makoto Shimazu <shimazu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814063}
PROBLEM: It is not possible to retrieve traces from swarming with
--gtest_repeat.
For a file to be retrievable from swarming, it must be placed in
${ISOLATED_OUTDIR} but specifying anything for --enable-tracing-output
disables the unique-filename-per-test behaviour.
With this change it becomes possible to do e.g.
tools/mb/mb.py run ... \
--gtest_filter=WebNavigationApiTest.Crash \
--gtest_repeat=100
--enable-tracing=*,disabled-by-default-toplevel.flow \
--enable-tracing-output='${ISOLATED_OUTDIR}/'
and have unique files for each test that are retrievable with swarming
collect.
Also drive-by fix typo in name of function.
BUG=1043616
Change-Id: Idd1bcbbdb6f18d297170f074e9409c61204fcacb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2445649
Commit-Queue: Fergal Daly <fergal@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814052}
HidConnectionImpl is self-owned and will self-destruct on
disconnection of the HidConnection or HidConnectionWatcher.
This CL modifies the FakeHidConnection used in tests so it
behaves the same way.
This is a reland of crrev.com/c/2441151 that applies the
same change to HidServiceTest.OpenAndNavigateCrossOrigin.
BUG=1126689
Change-Id: I9761d08b7d44dbe850d56708623878baac028a14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2446537
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Auto-Submit: Matt Reynolds <mattreynolds@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814050}
Similar to allowing requestFullscreen on screen orientation changes.
Allows sites to requestFullscreen when the user changes screen config
(e.g. when the user connects an external display to a laptop)
Add TransientAllowFullscreen for async support like UserActivationState.
(ScopedAllowFullscreen only supports sync, stack-allocation scopes)
Add a basic unit test for the new class, and an integration test.
Bug: 1077402
Test: window.onscreenschange = async () => { element.requestFullscreen({screen:(await getScreens())[1]}); };
Change-Id: Iffc5bb419e2b016704b923bd8454cb422672b5e7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2429967
Commit-Queue: Michael Wasserman <msw@chromium.org>
Auto-Submit: Michael Wasserman <msw@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814036}
This replaces the previous mojo interface parameter for specifying the
priority of a tracing session with an equivalent setting in the Perfetto
trace config. This patch doesn't change the effective priority of existing
tracing sessions; only the redundant parallel setting is removed.
Bug: 1058632
Change-Id: I0f71edcf65c564df286191be4634555a09f93473
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2414253
Auto-Submit: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Leonard Grey <lgrey@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: ssid <ssid@chromium.org>
Commit-Queue: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#814014}
This is a reland of c64eed0668
The difference from the original change is that this CL updates the
color-picker-show-eye-dropper.html test to provide user activation.
Original change's description:
> Add security mitigations for eye dropper IPC.
>
> As discussed on the security review this CL adds the following mitigations:
> - require a transient user activation on the browser side, and consume
> it when showing the eye dropper for the renderer (this will prevent a
> compromised renderer to repeatedly ask for a color)
> - require the eye dropper UI to be visible for a minimum amount of time
> before color selection is allowed in order to ensure the user has a
> chance to see the UI.
>
> There is also a fix for the popup not correctly updating the user
> activation state. This happens because it is using a
> EmptyLocalFrameClient and its frame is not related to the
> owner element's frame.
>
> Bug: 992297
> Change-Id: Ia5d2aead0be153ce4b49048552062de3a6c72e63
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442132
> Reviewed-by: Kent Tamura <tkent@chromium.org>
> Reviewed-by: Mason Freed <masonfreed@chromium.org>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Commit-Queue: Mason Freed <masonfreed@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#812847}
TBR=avi@chromium.org,tkent@chromium.org,masonfreed@chromium.org
Bug: 992297
Change-Id: Icecebf941b277790e12a12d06bca5b20da404ff1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2450731
Reviewed-by: Ionel Popescu <iopopesc@microsoft.com>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Mason Freed <masonfreed@chromium.org>
Commit-Queue: Ionel Popescu <iopopesc@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#814008}
This CL moves ui/ozone/ozone.gni to build/config/ui.gni because a few
args in ui/ozone/ozone.gni will be used by toolchain files under
build/, and the reason is that in a LaCrOS build, ozone_platform is set
to use Wayland, and meanwhile, we build an ash-chrome in an alternate
toolchain, which requires re-setting the ozone_platform back to empty.
For more details, please see:
https://chromium-review.googlesource.com/c/chromium/src/+/2416999
Bug: 1129223
Change-Id: I8c1e94c568165de2a5c26ca103fa84a60eb68b21
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2427423
Commit-Queue: Yuke Liao <liaoyuke@chromium.org>
Reviewed-by: Michael Spang <spang@chromium.org>
Reviewed-by: Dirk Pranke <dpranke@google.com>
Cr-Commit-Position: refs/heads/master@{#814006}
This reverts commit 6a69beb22f.
Reason for revert: Failing content_browsertests on linux-trusty-rel
https://ci.chromium.org/p/chromium/builders/ci/linux-trusty-rel/16561
Original change's description:
> Avoid illegal serializations with aria-owns and unincluded nodes
>
> When adding children, make sure we only add aria-owned children to the
> owning nodes. This avoids a common crash in chrome://bookmarks that
> has a confusing crash stack. In order to do this, when
> ComputeAccessibilityIsIgnored() is called, the relation cache
> must already be updated with the knowledge that the object is owned.
>
> Do not ever allow owned objects to ever have a "not included in tree"
> parent. Therefore, they can never be added as second line children
> via the recursion in InsertChild().
>
> Also re-remove WalkAllDescendants(), which was it was recently
> re-added as a band-aid for the chrome://bookmarks crashes.
> Without this change, removing WalkAllDescendants() causes assertions
> in AXTreeSerializer, when aria-owns points to an unincluded node,
> that the same object is being added twice.
>
> Finally, add better logging and DCHECKs that will help diagnose issues
> more quickly.
>
> Bug: 1100968, 1131848
> Change-Id: I3bb5d069814e144d426b5c3de0991bc41123206f
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2446200
> Commit-Queue: Aaron Leventhal <aleventhal@chromium.org>
> Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#813955}
TBR=dmazzoni@chromium.org,aleventhal@chromium.org
Change-Id: Icdc657185e51265e1939d32bd4508bf6cc0b307c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 1100968
Bug: 1131848
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2451509
Reviewed-by: Kristi Park <kristipark@chromium.org>
Commit-Queue: Kristi Park <kristipark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813982}
When adding children, make sure we only add aria-owned children to the
owning nodes. This avoids a common crash in chrome://bookmarks that
has a confusing crash stack. In order to do this, when
ComputeAccessibilityIsIgnored() is called, the relation cache
must already be updated with the knowledge that the object is owned.
Do not ever allow owned objects to ever have a "not included in tree"
parent. Therefore, they can never be added as second line children
via the recursion in InsertChild().
Also re-remove WalkAllDescendants(), which was it was recently
re-added as a band-aid for the chrome://bookmarks crashes.
Without this change, removing WalkAllDescendants() causes assertions
in AXTreeSerializer, when aria-owns points to an unincluded node,
that the same object is being added twice.
Finally, add better logging and DCHECKs that will help diagnose issues
more quickly.
Bug: 1100968, 1131848
Change-Id: I3bb5d069814e144d426b5c3de0991bc41123206f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2446200
Commit-Queue: Aaron Leventhal <aleventhal@chromium.org>
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813955}
This change was split out of the following CL after it was reverted :
https://chromium-review.googlesource.com/c/chromium/src/+/2346933
Reland "Fix Role::kButton name invalidation when descendant text is modified"
This change wraps inserting into memoized sets in
BrowserAccessibilityManagerWin with a method and adds DCHECKs to ensure
the sets are only inserted within the scope of OnAccessibilityEvents.
- FireUiaTextContainerEvent made it possible to fire text events more
than once for a given text provider so it has been removed.
- Instead, populate a set |text_changed_events_| which contains the
text providers via |GetUiaTextPatternProvider| and fire the UIA text
events in BrowserAccessibilityManagerWin::FinalizeAccessibilityEvents
- |text_selection_changed_events_| could also potentially end up with
the same double-event problem, so it uses GetUiaTextPatternProvider
now as well.
- Removing usage of std::unordered_set based on the guidance in
base/containers/README.md. In general these sets shouldn't grow large
enough to benefit from being unordered.
Bug: none
Change-Id: Ic41ced4dede40c4597d5f79aa4b7f36a7d0c994a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2391766
Commit-Queue: Adam Ettenberger <Adam.Ettenberger@microsoft.com>
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Reviewed-by: Ian Prest <iapres@microsoft.com>
Reviewed-by: Kurt Catti-Schmidt <kschmi@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#813935}
After a recent migration (ending with https://crrev.com/c/2443398)
factories are never put into the
NonNetworkURLLoaderFactoryDeprecatedMap, except in a handful of tests.
This CL removes these remaining uses in the test code (in
DownloadTestContentBrowserClient, NavigationUrlRewriteBrowserTest,
FirstPartySchemeContentBrowserClient) and proceeds to entirely remove
the NonNetworkURLLoaderFactoryDeprecatedMap type alias from
ContentBrowserClient.
This also allows removing the following things:
- |uniquely_owned_factories| parameter from
RegisterNonNetworkNavigationURLLoaderFactories and
RegisterNonNetworkSubresourceURLLoaderFactories methods
- Code processing |uniquely_owned_factories| in callers of
the two Register...Factories methods above (e.g. in
DownloadManagerImpl::BeginResourceDownloadOnChecksComplete,
EmbeddedWorkerInstance::CreateFactoryBundleOnUI,
WorkerScriptFetchInitiator::CreateFactoryBundle)
- Fields that (unsuccessfully/incorrectly) attempted to extend
the lifetime of the factories in: NavigationURLLoaderImpl
and RenderFrameHostImpl.
Fixed: 1106995
Tbr: kmarshall@chromium.org for //fuchsia/engine
Tbr: karandeepb@chromium.org for //extensions/shell
Tbr: boliu@chromium.org for //android_webview
Tbr: seantopping@chromium.org for //chromecast/browser
Change-Id: Id1a0b8c91d07a68df3b7c907ed6315242fce8141
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2359402
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813910}
This create some issues in some tests, they fail with the following
stack trace:
BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x56400bd836c9 base::debug::CollectStackTrace()
#1 0x56400bcb90c3 base::debug::StackTrace::StackTrace()
#2 0x56400b74b5e6 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#3 0x7fdc5b8c84c0 (/lib/x86_64-linux-gnu/libc-2.23.so+0x354bf)
#4 0x564010b453b0 __llvm_profile_merge_from_buffer
#5 0x564010b43705 writeFile
#6 0x564010b43547 __llvm_profile_write_file
#7 0x564010b43874 __llvm_profile_dump
#8 0x56400bda6373 base::WriteClangProfilingProfile()
#9 0x56400d8cb484 content::ChildProcess::~ChildProcess()
#10 0x564010780118 content::RenderProcessImpl::~RenderProcessImpl()
#11 0x564010688274 content::InProcessRendererThread::CleanUp()
#12 0x56400bd6c2b8 base::Thread::ThreadMain()
#13 0x56400bd9a8d9 base::(anonymous namespace)::ThreadFunc()
#14 0x7fdc60fa16ba start_thread
#15 0x7fdc5b99a4dd clone
This call to base::WriteClangProfilingProfile has been recently[1] added
to ChildProcess::~ChildProcess to ensure that the child utility
processes properly flushed their profiling data at shutdown. This was an
issue when running the PGO profiling scenarios as some child processes
were terminated too aggressively and sometime didn't had a chance to
fully write their profiling data. It doesn't seem to affect the coverage
data (and this change brings the coverage build back to the state it was
in before [1]).
We should ideally also look at this crash and understand why it's
happening, this CL really just prevent this crash from happening by not
calling the problematic function when it's not needed.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/2378272
Bug: 1065485
Change-Id: I051ab0993216a887a38863070b554e02ba60bb77
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2450332
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: Sébastien Marchand <sebmarchand@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813907}
This feature launched to 100% on windows, mac, and android in M80. It
was just enabled by default on ChromeOS in ToT after an extended period
investigating performance regressions.
Bug: 960012
Change-Id: I6e1edacd5f3c180f64a024cb948022aeaf130d1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2450495
Reviewed-by: Steven Holte <holte@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813905}
Clamped the values in |ConvertRectToScreen| to avoid integer overflow
while calculating the width/height of the rectangle.
Bug: 1134463
Change-Id: Ic53a8513be7393b0e58ee9d3b2019a0b71c9d703
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2450920
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Anupam Snigdha <snianu@microsoft.com>
Cr-Commit-Position: refs/heads/master@{#813890}
Create new location for accessibility tree formatters and event
recorders in ui/accessibility/platform/inspect, which is appropriate
place for code used project wide.
Bug: 1133330
Change-Id: Iaa6918e9af1041044ae7e9c21be19e9529d09b7e
AX-Relnotes: n/a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2438591
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Dominic Mazzoni <dmazzoni@chromium.org>
Commit-Queue: Alexander Surkov <asurkov@igalia.com>
Cr-Commit-Position: refs/heads/master@{#813874}
With flash removal happening in M88, remove RenderWidgetFullscreenPepper
which was used to implement the Flash Fullscreen setting. Note this
is different that the PPAPI Fullscreen which uses the normal blink
fullscreen request via the WebContainer::RequestFullscreen call.
BUG=1134674
Change-Id: I166596f6f5a677cc1028aed02f74297e0c458696
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2446593
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Bill Budge <bbudge@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813822}
Fix one remaining tiny test failure, all others should now be fixed.
We should leave this flag around for at least one milestone just in
case, but if there are no issues then we can remove the flag and
hard-code it this way.
This is a big step towards getting rid of the "ignored and not
included in the tree" state.
Bug: 1063155
Change-Id: I92241af7ec752dc537919740ef96c7e149d460e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2448656
Reviewed-by: Aaron Leventhal <aleventhal@chromium.org>
Commit-Queue: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813794}
This test incorrectly allows overscroll actions like gesture-navigation
which would interfere with the reported overscroll delta. This CL
disables overscroll actions with |overscroll-behavior:none|; however,
Chrome has a bug where it consumes overscroll delta, even when
overscroll-behavior is set to none.
Because of this bug, this test uses very approximate values for
expectations and were right on the edge of what was frequently being
seen. However, due to the nature of the bug a timing change here nudged
it below the thresholds so I've loosened these.
Bug: 1112183
Change-Id: If4ecf7a263385ddc3211f7776aca21eb8ec3aa95
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442152
Reviewed-by: Liviu Tinta <liviutinta@chromium.org>
Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Commit-Queue: David Bokan <bokan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813770}
content_shell uses ui.policy.Presenter API to present UI. The API wasn't
listed in content_shell.cmx, so it was failing to connect to the
presenter.
Also added content/shell/fuchsia/OWNERS file (required by presubmit
checks for all cmx files).
Bug: 1067477
Change-Id: I477644a28549f9314e9ffd007d1da9abcc6c8b72
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2443449
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Auto-Submit: Sergey Ulanov <sergeyu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813763}
This reverts commit c64eed0668.
Reason for revert: Broke virtual/eye-dropper/color-picker-show-eye-dropper.html on WebKit Linux MSAN
Original change's description:
> Add security mitigations for eye dropper IPC.
>
> As discussed on the security review this CL adds the following mitigations:
> - require a transient user activation on the browser side, and consume
> it when showing the eye dropper for the renderer (this will prevent a
> compromised renderer to repeatedly ask for a color)
> - require the eye dropper UI to be visible for a minimum amount of time
> before color selection is allowed in order to ensure the user has a
> chance to see the UI.
>
> There is also a fix for the popup not correctly updating the user
> activation state. This happens because it is using a
> EmptyLocalFrameClient and its frame is not related to the
> owner element's frame.
>
> Bug: 992297
> Change-Id: Ia5d2aead0be153ce4b49048552062de3a6c72e63
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442132
> Reviewed-by: Kent Tamura <tkent@chromium.org>
> Reviewed-by: Mason Freed <masonfreed@chromium.org>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Commit-Queue: Mason Freed <masonfreed@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#812847}
TBR=avi@chromium.org,danakj@chromium.org,tkent@chromium.org,masonfreed@chromium.org,iopopesc@microsoft.com
NOTRY=true
Bug: 992297
Change-Id: If16db478fb59c4caa6f4fd90190adb72ce38e68a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2448054
Commit-Queue: Chris Sharp <csharp@chromium.org>
Reviewed-by: Chris Sharp <csharp@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813723}
The DomSerializerTest are executing browser-side and renderer-side code
in the same process. This was written 10 years ago. The renderer is no
more expected to load new documents without requesting navigations from
the browser process.
This patch updates the DomSerializerTest.
Now the browser process is free to kill more renderer when they try to
commit unexpected navigation.
This patch looks big, but it isn't. This patch consists of:
1. Update LoadContent to use regular navigations. It is now called from
the browser process instead of the renderer.
2. For every test:
Replace the callback (executed by the renderer process) by a
lambda expression. Split the lambda around every call to
LoadContent. It is now executed from the browser process.
3. Update GetRenderView(). The navigation can now happens in a different
RenderView[Host], this wasn't the case previously. The value returned
can now change.
Bug: 1133115
Change-Id: I683149fbe353cf19fe1db96cda803eab079d8f96
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2435350
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813648}
The specific event was fired from Blink but never used anywhere else
in the code, because the event can be implicitly generated. Replace it
with a call to MarkDirty and update web tests.
Bug: 699438
AX-Relnotes: N/A
Change-Id: Ic1d3649da6ee4bcf8e8a0935276e7a95f5ea9671
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2440588
Reviewed-by: Aaron Leventhal <aleventhal@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Dominic Mazzoni <dmazzoni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813633}
This enumerates all known denials encountered with local testing and
makes unknown denials fatal. This will enable crash data collection to
identify resources that we do not know about. It also turns on sandbox
logging to make it easier to identify issues.
Also allows reading the SubmitDiagInfo search tree in /System/Library
because the file in /Library is already allowed.
Change-Id: If14054b213c65064d971f717089731ad6e3c2bb2
Bug: 1126350
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2398915
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Greg Kerr <kerrnel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813591}
This CL make us check for blocklisted features in
CanStoreRenderFrameHostLater, which is called when determining whether
we should do a proactive BrowsingInstance swap or not.
We don't currently have support for knowing that a blocklisted API is no
longer used after pagehide. This means if a blocklisted feature before
navigation, it will always be ineligible for bfcache. We should not try
to do a BrowsingInstance swap, etc. in this case.
In the future, as we add support for blocklisted APIs to be deemed
as no longer used after it was torn down in pagehide, we can move the
check for the newly supported APIs one by one to
CanStoreRenderFrameHostNow.
More context: https://groups.google.com/a/google.com/g/chrome-bfcache/c/L-ZreZDY4n0/m/8cBbBGB5CQAJ
Bug: 1129331
Change-Id: Ic1756d8c8460036dc97603b38b4251fb7894f9fc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2442397
Commit-Queue: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Yuzu Saijo <yuzus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#813505}