Webview tag creation should be using storage partitions.

content/browser/browser_plugin/browser_plugin_embedder.cc

Index: content/browser/browser_plugin/browser_plugin_embedder.cc
diff --git a/content/browser/browser_plugin/browser_plugin_embedder.cc b/content/browser/browser_plugin/browser_plugin_embedder.cc
index 1f4b64ba3657a4fd283fb7fd1e5c8f125e467336..deebf6357224b51700f8b1f542e55f13841d7eb5 100644
--- a/content/browser/browser_plugin/browser_plugin_embedder.cc
+++ b/content/browser/browser_plugin/browser_plugin_embedder.cc
@@ -16,6 +16,7 @@
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/common/url_constants.h"
+#include "net/base/escape.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebInputEvent.h"
 #include "ui/gfx/size.h"
 
@@ -80,11 +81,39 @@ void BrowserPluginEmbedder::CreateGuest(
   BrowserPluginGuest* guest = GetGuestByInstanceID(instance_id);
   CHECK(!guest);
 
+  std::string url_encoded_partition;
+  bool persist_storage = params.persist_storage;
+
+  // Validate that the partition id coming from the renderer is valid UTF-8,
+  // since we depend on this in other parts of the code, such as FilePath
+  // creation.
+  if (IsStringUTF8(params.storage_partition_id)) {
+    url_encoded_partition = net::EscapeQueryParamValue(
+        params.storage_partition_id, false);
+  } else {
+    // Since the partition id is not valid UTF-8, fallback to the default
+    // in-memory partition.

[awong, 2012/11/07 01:14:11]

Not sure how I feel about this.  It's okay, but killing the renderer actually
feels better...

[awong, 2012/11/07 01:14:11]

Not sure how I feel about this. If the renderer is misbehaving, shouldn't we
kill it rather than use fallback behavior which might mask the bug?

[Charlie Reis, 2012/11/07 02:36:34]

I don't know if we have access to BrowserMessageFilter::BadMessageReceived here
or just want to do something similar, but that's one way to kill the renderer
when it does something unexpected like this.

[nasko, 2012/11/07 17:47:01]

As Charlie pointed in offline discussion, FilterURL already has similar behavior
of not killing renderer, but masking the value and letting it continue.

[nasko, 2012/11/07 17:47:01]

BadMessageReceived is a MessageFilter method that cannot be invoked without
having a filter object. It only does a KillProcess, so I've just done that.

+    url_encoded_partition.clear();
+    persist_storage = false;
+  }
+
   const std::string& host =
       render_view_host->GetSiteInstance()->GetSiteURL().host();
+
+  // The SiteInstance of a given webview tag is based on the fact that it's a
+  // guest process in addition to which platform application the tag belongs to
+  // and what storage partition is in use, rather than the URL that the tag is
+  // being navigated to.
+  GURL guest_site(
+      base::StringPrintf("%s://%s/%s?%s", chrome::kGuestScheme,
+                         host.c_str(), persist_storage ? "persist" : "",
+                         url_encoded_partition.c_str()));
+  SiteInstance* guest_site_instance = SiteInstance::CreateForURL(
+      web_contents()->GetBrowserContext(), guest_site);
+
   guest_web_contents = WebContentsImpl::CreateGuest(
       web_contents()->GetBrowserContext(),
-      host,
+      guest_site_instance,
       instance_id,
       params);