Add opener frame id, url, and target url to CreateWindow message.

Add opener frame id, url, and target url to CreateWindow message.

BUG=none
TEST=none

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=72116

[jochen (gone - plz use gerrit), 2011-01-15 21:14:43]

please review

opener frame id, and target url is required for the web navigation api

opener url and target url is required for the popup blocker

[Johnny(Jianning) Ding, 2011-01-17 09:41:15]

http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
File chrome/common/render_messages_params.h (right):

http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
chrome/common/render_messages_params.h:788: // The URL of the frameinitiating
the open.
need a space between frame and initiating

http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc
File chrome/renderer/render_view.cc (right):

http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc#...
chrome/renderer/render_view.cc:2077: params.opener_url = creator->url();
line 2107 uses creator->securityOrigin() to generate the URL of creator.
Any idea for difference? which is better url() or securityOrigin()?

[jochen (gone - plz use gerrit), 2011-01-17 12:11:08]

http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
File chrome/common/render_messages_params.h (right):

http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
chrome/common/render_messages_params.h:788: // The URL of the frameinitiating
the open.
On 2011/01/17 09:41:15, Johnny(Jianning) Ding wrote:
> need a space between frame and initiating

Done.

http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc
File chrome/renderer/render_view.cc (right):

http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc#...
chrome/renderer/render_view.cc:2077: params.opener_url = creator->url();
On 2011/01/17 09:41:15, Johnny(Jianning) Ding wrote:
> line 2107 uses creator->securityOrigin() to generate the URL of creator.
> Any idea for difference? which is better url() or securityOrigin()?

I think creator_url in line 2107 is a bad choice of variable name, as a security
origin is different from an url.

Anyway, for the webNavigation API, I need the full URL of the frame.

[Johnny(Jianning) Ding, 2011-01-17 13:40:54]

LGTM.

Using WebFrame::url() is OK for me since a page can't spawn popups until its
load commits. When we reach here, the creator must return a valid URL from
url(). But you may want to ask for Darin's opinion.

On 2011/01/17 12:11:08, jochen wrote:
>
http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
> File chrome/common/render_messages_params.h (right):
> 
>
http://codereview.chromium.org/6293007/diff/1/chrome/common/render_messages_p...
> chrome/common/render_messages_params.h:788: // The URL of the frameinitiating
> the open.
> On 2011/01/17 09:41:15, Johnny(Jianning) Ding wrote:
> > need a space between frame and initiating
> 
> Done.
> 
> http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc
> File chrome/renderer/render_view.cc (right):
> 
>
http://codereview.chromium.org/6293007/diff/1/chrome/renderer/render_view.cc#...
> chrome/renderer/render_view.cc:2077: params.opener_url = creator->url();
> On 2011/01/17 09:41:15, Johnny(Jianning) Ding wrote:
> > line 2107 uses creator->securityOrigin() to generate the URL of creator.
> > Any idea for difference? which is better url() or securityOrigin()?
> 
> I think creator_url in line 2107 is a bad choice of variable name, as a
security
> origin is different from an url.
> 
> Anyway, for the webNavigation API, I need the full URL of the frame.

[jochen (gone - plz use gerrit), 2011-01-20 22:14:33]

On 2011/01/17 13:40:54, Johnny(Jianning) Ding wrote:
> LGTM.
> 
> Using WebFrame::url() is OK for me since a page can't spawn popups until its
> load commits. When we reach here, the creator must return a valid URL from
> url(). But you may want to ask for Darin's opinion.

A page A could open about:blank, and inject a script into it invoking
window.open. In that case, the url would be about:blank but the security origin
would be the one of A.

So I think we need both. For the popup blocker, you should definitely use the
security origin.

please review once more

[Johnny(Jianning) Ding, 2011-01-21 06:35:35]

LGTM.

Thanks for follow-up of security origin:)

On 2011/01/20 22:14:33, jochen wrote:
> On 2011/01/17 13:40:54, Johnny(Jianning) Ding wrote:
> > LGTM.
> > 
> > Using WebFrame::url() is OK for me since a page can't spawn popups until its
> > load commits. When we reach here, the creator must return a valid URL from
> > url(). But you may want to ask for Darin's opinion.
> 
> A page A could open about:blank, and inject a script into it invoking
> window.open. In that case, the url would be about:blank but the security
origin
> would be the one of A.
> 
> So I think we need both. For the popup blocker, you should definitely use the
> security origin.
> 
> please review once more