Make createWindow (mostly) work with OOPIF

Source/core/page/CreateWindow.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 10 matching lines @@
  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "core/page/CreateWindow.h"
 
 #include "core/dom/Document.h"
+#include "core/frame/FrameClient.h"
 #include "core/frame/FrameHost.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/Settings.h"
 #include "core/inspector/ConsoleMessage.h"
 #include "core/loader/FrameLoadRequest.h"
 #include "core/page/Chrome.h"
 #include "core/page/ChromeClient.h"
 #include "core/page/FocusController.h"
 #include "core/page/Page.h"
 #include "core/page/WindowFeatures.h"
 #include "platform/UserGestureIndicator.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "public/platform/WebURLRequest.h"
 
 namespace blink {
 
-static LocalFrame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSendReferrer shouldSendReferrer, bool& created)
+static Frame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSendReferrer shouldSendReferrer)
 {
     ASSERT(!features.dialog || request.frameName().isEmpty());
     ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeAuxiliary);
 
     if (!request.frameName().isEmpty() && request.frameName() != "_blank" && policy == NavigationPolicyIgnore) {
         if (Frame* frame = lookupFrame.findFrameForNavigation(request.frameName(), openerFrame)) {
             if (request.frameName() != "_self") {
                 if (FrameHost* host = frame->host()) {
                     if (host == openerFrame.host())
                         frame->page()->focusController().setFocusedFrame(frame);
                     else
                         host->chrome().focus();
                 }
             }
-            created = false;
-            // FIXME: Make this work with RemoteFrames.
-            return frame->isLocalFrame() ? toLocalFrame(frame) : nullptr;
+            return frame;
         }
     }
 
     // Sandboxed frames cannot open new auxiliary browsing contexts.
     if (openerFrame.document()->isSandboxed(SandboxPopups)) {
         // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
         openerFrame.document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set."));
         return nullptr;
     }
 
-    if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows()) {
-        created = false;
-        if (!openerFrame.tree().top()->isLocalFrame())
-            return nullptr;
-        return toLocalFrame(openerFrame.tree().top());
-    }
+    if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows())
+        return openerFrame.tree().top();
 
-    Page* oldPage = openerFrame.page();
-    if (!oldPage)
+    FrameHost* oldHost = openerFrame.host();
+    if (!oldHost)
         return nullptr;
 
-    Page* page = oldPage->chrome().client().createWindow(&openerFrame, request, features, policy, shouldSendReferrer);
-    if (!page || !page->mainFrame()->isLocalFrame())
+    Page* page = oldHost->chrome().client().createWindow(&openerFrame, request, features, policy, shouldSendReferrer);
+    if (!page)
         return nullptr;
     FrameHost* host = &page->frameHost();
 
     ASSERT(page->mainFrame());
-    LocalFrame& frame = *page->deprecatedLocalMainFrame();
+    Frame& frame = *page->mainFrame();
 
     if (request.frameName() != "_blank")
         frame.tree().setName(request.frameName());
 
     host->chrome().setWindowFeatures(features);
 
     // 'x' and 'y' specify the location of the window, while 'width' and 'height'
     // specify the size of the viewport. We can only resize the window, so adjust
     // for the difference between the window size and the viewport size.
 
     IntRect windowRect = host->chrome().windowRect();
     IntSize viewportSize = host->chrome().pageRect().size();
 
     if (features.xSet)
         windowRect.setX(features.x);
     if (features.ySet)
         windowRect.setY(features.y);
     if (features.widthSet)
         windowRect.setWidth(features.width + (windowRect.width() - viewportSize.width()));
     if (features.heightSet)
         windowRect.setHeight(features.height + (windowRect.height() - viewportSize.height()));
 
-    // Ensure minimum size as well as being within valid screen area.
-    IntRect newWindowRect = LocalDOMWindow::adjustWindowRect(frame, windowRect);
-
-    host->chrome().setWindowRect(newWindowRect);
+    host->chrome().setWindowRect(windowRect);
     host->chrome().show(policy);
 
-    frame.loader().forceSandboxFlags(openerFrame.document()->sandboxFlags());
+    // TODO(japhet): There's currently no way to set sandbox flags on a RemoteFrame and have it propagate
+    // to the real frame in a different process. See crbug.com/483584.
+    if (frame.isLocalFrame())
+        toLocalFrame(&frame)->loader().forceSandboxFlags(openerFrame.document()->sandboxFlags());
 
-    created = true;
     return &frame;
 }
 
-LocalFrame* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures,
+Frame* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures,
     LocalDOMWindow& callingWindow, LocalFrame& firstFrame, LocalFrame& openerFrame)
 {
     LocalFrame* activeFrame = callingWindow.frame();
     ASSERT(activeFrame);
 
     KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame.document()->completeURL(urlString);
     if (!completedURL.isEmpty() && !completedURL.isValid()) {
         // Don't expose client code to invalid URLs.
         callingWindow.printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n");
         return nullptr;
     }
 
     FrameLoadRequest frameRequest(callingWindow.document(), completedURL, frameName);
     frameRequest.resourceRequest().setFrameType(WebURLRequest::FrameTypeAuxiliary);
 
     // Normally, FrameLoader would take care of setting the referrer for a navigation that is
     // triggered from javascript. However, creating a window goes through sufficient processing
     // that it eventually enters FrameLoader as an embedder-initiated navigation. FrameLoader
     // assumes no responsibility for generating an embedder-initiated navigation's referrer,
     // so we need to ensure the proper referrer is set now.
     frameRequest.resourceRequest().setHTTPReferrer(SecurityPolicy::generateReferrer(activeFrame->document()->referrerPolicy(), completedURL, activeFrame->document()->outgoingReferrer()));
 
-    bool hasUserGesture = UserGestureIndicator::processingUserGesture();

[dcheng, 2015/05/04 17:38:11]

I think this might be plumbed through into a few places in Chrome. I looked at
where
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...
was called, and traced several locations through. One example of where it
appears to get used is
https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/fr...

[Nate Chapin, 2015/05/04 18:09:13]

FrameLoader::load() will call setHasUserGesture() and should catch all
same-process cases. It's not clear to me what to do about user gestures for
RemoteFrames.

[dcheng, 2015/05/05 21:54:45]

Hmm... I guess as long as it gets set on the ResourceRequest that the embedder
eventually processes, and we correctly persist this on process swaps, we should
be fine.

Do you happen to know if this path is covered by layout tests?

-
     // We pass the opener frame for the lookupFrame in case the active frame is different from
     // the opener frame, and the name references a frame relative to the opener frame.
-    bool created;
-    LocalFrame* newFrame = createWindow(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, MaybeSendReferrer, created);
+    Frame* newFrame = createWindow(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, MaybeSendReferrer);
     if (!newFrame)
         return nullptr;
 
-    newFrame->loader().setOpener(&openerFrame);
+    newFrame->client()->setOpener(&openerFrame);
 
-    if (newFrame->localDOMWindow()->isInsecureScriptAccess(callingWindow, completedURL))
+    if (newFrame->domWindow()->isInsecureScriptAccess(callingWindow, completedURL))
         return newFrame;
 
-    if (created) {
-        FrameLoadRequest request(callingWindow.document(), completedURL);
-        request.resourceRequest().setHasUserGesture(hasUserGesture);
-        newFrame->loader().load(request);
-    } else if (!urlString.isEmpty()) {
+    // TODO(dcheng): Special case for window.open("about:blank") to ensure it loads synchronously into
+    // a new window. This is our historical behavior, and it's consistent with the creation of
+    // a new iframe with src="about:blank". Perhaps we could get rid of this if we started reporting
+    // the initial empty document's url as about:blank? See crbug.com/471239.
+    if (newFrame->isLocalFrame() && newFrame->isMainFrame() && !toLocalFrame(newFrame)->loader().stateMachine()->committedFirstRealDocumentLoad() && (completedURL.isEmpty() || completedURL.isAboutBlankURL()))
+        toLocalFrame(newFrame)->loader().load(FrameLoadRequest(callingWindow.document(), completedURL));
+    else
         newFrame->navigate(*callingWindow.document(), completedURL, false);
-    }
     return newFrame;
 }
 
 void createWindowForRequest(const FrameLoadRequest& request, LocalFrame& openerFrame, NavigationPolicy policy, ShouldSendReferrer shouldSendReferrer)
 {
     if (openerFrame.document()->pageDismissalEventBeingDispatched() != Document::NoDismissal)
         return;
 
     if (openerFrame.document() && openerFrame.document()->isSandboxed(SandboxPopups))
         return;
 
     if (!LocalDOMWindow::allowPopUp(openerFrame))
         return;
 
     if (policy == NavigationPolicyCurrentTab)
         policy = NavigationPolicyNewForegroundTab;
 
     WindowFeatures features;
-    bool created;
-    LocalFrame* newFrame = createWindow(openerFrame, openerFrame, request, features, policy, shouldSendReferrer, created);
+    Frame* newFrame = createWindow(openerFrame, openerFrame, request, features, policy, shouldSendReferrer);
     if (!newFrame)
         return;
-    if (shouldSendReferrer == MaybeSendReferrer) {
-        newFrame->loader().setOpener(&openerFrame);
-        newFrame->document()->setReferrerPolicy(openerFrame.document()->referrerPolicy());
-    }
+    if (shouldSendReferrer == MaybeSendReferrer)
+        newFrame->client()->setOpener(&openerFrame);
+
+    // TODO(japhet): Form submissions on RemoteFrames don't work yet.
     FrameLoadRequest newRequest(0, request.resourceRequest());
     newRequest.setFormState(request.formState());
-    newFrame->loader().load(newRequest);
+    if (newFrame->isLocalFrame())
+        toLocalFrame(newFrame)->loader().load(newRequest);
 }
 
 } // namespace blink