Webview tag creation should be using storage partitions.

content/browser/browser_plugin/browser_plugin_embedder.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/browser_plugin/browser_plugin_embedder.h"
 
 #include "base/stl_util.h"
 #include "content/browser/browser_plugin/browser_plugin_embedder_helper.h"
 #include "content/browser/browser_plugin/browser_plugin_guest.h"
 #include "content/browser/browser_plugin/browser_plugin_host_factory.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/web_contents/web_contents_impl.h"
 #include "content/common/browser_plugin_messages.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_source.h"
 #include "content/public/browser/notification_types.h"
+#include "content/public/browser/user_metrics.h"
+#include "content/public/common/result_codes.h"
 #include "content/public/common/url_constants.h"
+#include "net/base/escape.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebInputEvent.h"
 #include "ui/gfx/size.h"
 
 namespace content {
 
 // static
 BrowserPluginHostFactory* BrowserPluginEmbedder::factory_ = NULL;
 
 BrowserPluginEmbedder::BrowserPluginEmbedder(
     WebContentsImpl* web_contents,
@@ skipping 44 matching lines @@
 }
 
 void BrowserPluginEmbedder::CreateGuest(
     RenderViewHost* render_view_host,
     int instance_id,
     const BrowserPluginHostMsg_CreateGuest_Params& params) {
   WebContentsImpl* guest_web_contents = NULL;
   BrowserPluginGuest* guest = GetGuestByInstanceID(instance_id);
   CHECK(!guest);
 
+  // Validate that the partition id coming from the renderer is valid UTF-8,
+  // since we depend on this in other parts of the code, such as FilePath
+  // creation. If the validation fails, treat it as a bad message and kill the
+  // renderer process.
+  if (!IsStringUTF8(params.storage_partition_id)) {
+    content::RecordAction(UserMetricsAction("BadMessageTerminate_BPE"));
+    base::KillProcess(render_view_host->GetProcess()->GetHandle(),
+                      content::RESULT_CODE_KILLED_BAD_MESSAGE, false);
+    return;
+  }
+
   const std::string& host =
       render_view_host->GetSiteInstance()->GetSiteURL().host();
+  std::string url_encoded_partition = net::EscapeQueryParamValue(
+      params.storage_partition_id, false);
+
+  // The SiteInstance of a given webview tag is based on the fact that it's a
+  // guest process in addition to which platform application the tag belongs to
+  // and what storage partition is in use, rather than the URL that the tag is
+  // being navigated to.
+  GURL guest_site(
+      base::StringPrintf("%s://%s/%s?%s", chrome::kGuestScheme,
+                         host.c_str(), params.persist_storage ? "persist" : "",
+                         url_encoded_partition.c_str()));
+  SiteInstance* guest_site_instance = SiteInstance::CreateForURL(
+      web_contents()->GetBrowserContext(), guest_site);
+
   guest_web_contents = WebContentsImpl::CreateGuest(
       web_contents()->GetBrowserContext(),
-      host,
+      guest_site_instance,
       instance_id,
       params);
 
   guest = guest_web_contents->GetBrowserPluginGuest();
   guest->set_embedder_web_contents(
       static_cast<WebContentsImpl*>(web_contents()));
 
   RendererPreferences* guest_renderer_prefs =
       guest_web_contents->GetMutableRendererPrefs();
   // Copy renderer preferences (and nothing else) from the embedder's
@@ skipping 177 matching lines @@
       bool visible = *Details<bool>(details).ptr();
       WebContentsVisibilityChanged(visible);
       break;
     }
     default:
       NOTREACHED() << "Unexpected notification type: " << type;
   }
 }
 
 }  // namespace content