BaseUrlInheritanceIframeTest is parameterized to run both with the
new behavior, and the legacy behavior.
Once enable-isolated-sandboxed-iframes is enabled by default it
will force on the new base url behavior with it, which will
cause the legacy-behavior version of this test to fail.
This CL updates the test so the legacy version of the test forces
off enable-isolated-sandboxed-iframes so it can run the legacy
behavior properly.
Bug: 510122
Change-Id: I1d3718bcbba8aaf39343dc5b312560ac618e00b5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5008254
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: W. James Maclean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1220888}
Within content, other than this class' factory function, callers don't
need to dynamically allocate a NavigationEntryRestoreContextImpl. The
callers can have them on the stack.
We also move some of NavigationEntryRestoreContextImpl's implementation
out of the header file, remove an unused operator, and avoid a redundant
lookup.
Bug: 1211683
Change-Id: I6f90dcfc50ba50acf5fa9467015f6335d20d1ab5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4939480
Commit-Queue: Kevin McNee <mcnee@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1217844}
This CL removes the ability for either srcdoc iframes
to change another frame's url via document.write. That ability has
been shown to allow a mainframe to acquire a srcdoc url, which
causes problems in the codebase.
This CL also adds a test to make sure the document.write doesn't
give a srcdoc url to a mainframe, and modifies an existing test to
cover the about:blank url-writing case.
Bug: 1478463
Change-Id: I85895c1e16df6734c9e351ea798fd1800e0a4df7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4856149
Reviewed-by: Dominic Farolino <dom@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1205943}
ExplodedFrameState::initiator_base_url_string is absl::optional, when
the feature is off, and should never be empty when it's enabled, so
there's no need to store empty GURLs in session state. This CL
1) adds a comment in RecursivelyGenerateFrameState() to clarify that
we're not storing an empty GURL, and
2) adds a test to confirm that we don't save PageState with an empty
GURL in place of a nullopt.
Bug: 1356658
Change-Id: Idf8ee754dd51985f0a25ece6eb480b0ee71b9463
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4455088
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1150738}
Implement about:blank support when the feature
NewBaseUrlInheritanceBehavior is enabled.
This CL changes Chromium behavior so that about:blank frames,
be they popups or iframes, inherit their base url from the
initiator. Prior to this CL, popups didn't inherit base url
at all, and iframes inherited from the parent frame (if it's
same-origin), so the new behavior means about:blank will
inherit base url more often and more accurately (e.g. it might
inherit the base url from a sibling initiator frame instead of
a parent).
A followup CL will prevent the base URL from being inherited in sandboxed cases, matching Chrome's current default behavior.
Note that use of the initiator's base url here is slightly
different than that of FireFox and Safari, both of which use
the opener's base url instead.
The main change here is in render_frame_impl.cc's
FillNavigationParamsRequest, to expand the cases that send
initiator_base_url to include about:blank. However, to handle
the initial empty document case this CL plumbs a base url
value to LocalFrame::init() as well.
Also, this CL renames instances of fallback_srcdoc_base_url
in blink code to be simply fallback_base_url.
Change-Id: I7682b0b1aafbe9d0cd835803d2cbfa0b594b41be
Bug: 1356658, 751329
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4035455
Reviewed-by: Charlie Reis <creis@chromium.org>
Auto-Submit: James Maclean <wjmaclean@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1121490}
With RenderDocument, cross-document navigations will use new
RenderFrameHosts (and RenderViewHosts, RenderWidgetHosts, etc for
main frame navigations). This CL updates some tests in
content_browsertests that didn't expect those changes.
Bug: 936696
Change-Id: Ia43799aaae9f50b7ff9c3221982b622d76698d14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4349554
Reviewed-by: James Maclean <wjmaclean@chromium.org>
Commit-Queue: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1120489}
Some times tests need to replace the ContentBrowserClient. This
is often done by subclassing ContentBrowserClient and replacing
ContentBrowserClient during test execution. This is problematic
as certain things (such as RegisterBrowserInterfaceBindersForFrame)
are provided by ShellContentBrowserClient, and if not present
result in bad behavior (killing the renderer), which leads to flake.
To fix this problem this patch does the following:
. Moves ContentBrowserTestShellContentBrowserClient to its own
header and renames it to
ContentBrowserTestContentBrowserClient.
. makes SetBrowserClientForTesting() CHECK in content_browsertests.
. changes all browsertests to use
ContentBrowserTestContentBrowserClient.
. Changes ShellContentBrowserClient so that it sets the browser
client when called the second time (effectively what
SetBrowserClientForTesting() does).
Bug: 1406282
Change-Id: Ieaa7cfa09a53e9618b963d6cc4b931226d2c799e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4222392
Commit-Queue: Scott Violet <sky@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1102490}
The changes in this CL are guarded behind the NewBaseUrlInheritanceBehavior feature.
This CL (mostly) re-implements
https://chromium-review.googlesource.com/c/chromium/src/+/3792049
using the initiator_base_url framework landed in
https://chromium-review.googlesource.com/c/chromium/src/+/4026883.
One notable change is that if a srcdoc reloads itself using
location.reload(), this CL uses the base url of the srcdoc
frame instead of the parent's, since the srcdoc frame is itself the
initiator of the reload.
This CL also removes the machinery used to track each frame's
baseurl, introduced in CL 3792049. Instead, the initiator base url
for about:blank and about:srcdoc frames is stored on their
RenderFrameHostImpls in case it's needed later.
Change-Id: Ia774332d08d94f85d8c570ab03ad311d8018456d
Bug: 1356658, 751329
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4032246
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1096262}
This CL moves (temporarily) the kIsolateSandboxedIframes feature into
Blink. This is necessary to facilitate linking its use to a new feature,
tentatively named kNewBaseUrlInheritanceBehavior, to be introduced to
Blink in
https://chromium-review.googlesource.com/c/chromium/src/+/3938111.
We want to ensure that use of kIsolateSandboxedIframes will also force
enabling of kNewBaseUrlInheritanceBehavior, but at present there is no
mechanism in base::Feature to enforce this type of linking between
features. Instead, the follow-on CL will introduce a helper function
that looks at the value of both flags whenever a decision based on
kNewBaseUrlInheritanceBehavior needs to be made.
It is hoped that kNewBaseUrlInheritanceBehavior will be relatively
short-lived, and when it is removed this CL will be reverted in order
to move kIsolateSandboxedIframes back to content/.
Bug: 1356658
Change-Id: Icb063e65eb9cdec56b486a7a679117f4a1fcbcb3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3956476
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1059406}
This CL modifies the plumbing that sends 'srcdoc' attribute values
from the parent frame's renderer process to the child frame's
renderer process so that it also sends the parent's
Document::BaseURL() and makes it available in the child document's
FallbackURL(). The parent frames's RenderFrameHost maintains an
accurate view of each frame's base URL at all times, and this is
sent to a child frame if it navigates to srcdoc.
This is necessary so that srcdoc iframes that are sandboxed, which
put the child in a different renderer process, still have access to
the same BaseURL() as if it was in the same renderer process.
These changes presently only take effect when the
IsolateSandboxedIframes is enabled, in which case the base URL
behavior changes to proper snapshotting per Issue 1356658 (whether
it's out of process or not).
Bug: 1339824, 1343065, 1356658
Change-Id: I0d1d9ef05121bd603a3f60bcdc7181f65a37f77b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3792049
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1055296}
In per-origin mode for process-isolated sandboxed iframes, at present
a sandboxed srcdoc iframe will attempt to clone its parent's
SiteInstance, with the only difference being that the sandbox flag is
set. But the parent's SiteInstance will be using a site-based site-url,
and this will cause the child to attempt to load itself in a process
with a site-based, and not origin-based, site_url.
This CL revises the cloning process to take into account the parent's
origin (which the srcdoc frame will use), and creating a consistent
SiteInstance by recreating the SiteInfo via SiteInfo::Create. This will
use the same pathways for creation of the SiteInfo as if it had been
created for a navigation.
Bug: 1345491
Change-Id: I2870d01f3e916f28784b3d5adb749d9c58edacc2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3854030
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1047598}
This CL adds a "per-document" isolation grouping for isolation of
sandboxed iframes using the kIsolatedSandboxedIframes flag. This CL
parameterizes the flag to add "per-document", and when this new
parameter is present it creates a unique document identifier on every
SiteInfo associated with a sandboxed iframe in order to force each
document into its own process. This grouping is expected to be the most
granular option for isolated sandboxed iframes.
Bug: 510122
Change-Id: I217bf5c57f8e9badaa84c0fab9261c432e766fcb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3727308
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1029273}
This CL enables process-isolation for sandboxed iframes on Android.
Since not all sites get site isolation on Android, only isolate OOPSIFs
if they would not have ended up in a DefaultSiteInstance.
Bug: 510122
Change-Id: I8244b53d6a35a306685f0ef9c4c50bb00660a5b5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3730126
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1027917}
site_per_process_browsertest.cc is large and unweildy. Improve this
situation (slightly) by splitting out the sandboxed iframe (OOPSIF)
browsertests into a separate file.
Bug: 510122
Change-Id: I8c912dcefce0a81b84b10a2ea514fa804523dd5c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3778241
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1026443}
