Revert 195553 "Allow showing pending URL for new tab navigations..."

trunk/src/content/browser/web_contents/navigation_controller_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/web_contents/navigation_controller_impl.h"
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/file_util.h"
 #include "base/logging.h"
@@ skipping 274 matching lines @@
         NavigationEntryImpl::FromNavigationEntry(GetActiveEntry());
     if (!active_entry)
       return;
     LoadURL(active_entry->GetURL(),
             Referrer(),
             PAGE_TRANSITION_RELOAD,
             active_entry->extra_headers());
     return;
   }
 
-  NavigationEntryImpl* entry = NULL;
-  int current_index = -1;
-
-  // If we are reloading the initial navigation, just use the current
-  // pending entry.  Otherwise look up the current entry.
-  if (IsInitialNavigation() && pending_entry_) {
-    entry = pending_entry_;
-  } else {
-    DiscardNonCommittedEntriesInternal();
-    current_index = GetCurrentEntryIndex();
-    if (current_index != -1) {
-      entry = NavigationEntryImpl::FromNavigationEntry(
-          GetEntryAtIndex(current_index));
-    }
+  DiscardNonCommittedEntriesInternal();
+  int current_index = GetCurrentEntryIndex();
+  // If we are no where, then we can't reload.  TODO(darin): We should add a
+  // CanReload method.
+  if (current_index == -1) {
+    return;
   }
 
-  // If we are no where, then we can't reload.  TODO(darin): We should add a
-  // CanReload method.
-  if (!entry)
-    return;
-
   if (g_check_for_repost && check_for_repost &&
-      entry->GetHasPostData()) {
+      GetEntryAtIndex(current_index)->GetHasPostData()) {
     // The user is asking to reload a page with POST data. Prompt to make sure
     // they really want to do this. If they do, the dialog will call us back
     // with check_for_repost = false.
     web_contents_->NotifyBeforeFormRepostWarningShow();
 
     pending_reload_ = reload_type;
     web_contents_->Activate();
     web_contents_->GetDelegate()->ShowRepostFormWarningDialog(web_contents_);
   } else {
-    if (!IsInitialNavigation())
-      DiscardNonCommittedEntriesInternal();
+    DiscardNonCommittedEntriesInternal();
+
+    NavigationEntryImpl* entry = entries_[current_index].get();
+    SiteInstanceImpl* site_instance = entry->site_instance();
+    DCHECK(site_instance);
 
     // If we are reloading an entry that no longer belongs to the current
     // site instance (for example, refreshing a page for just installed app),
     // the reload must happen in a new process.
     // The new entry must have a new page_id and site instance, so it behaves
     // as new navigation (which happens to clear forward history).
     // Tabs that are discarded due to low memory conditions may not have a site
     // instance, and should not be treated as a cross-site reload.
-    SiteInstanceImpl* site_instance = entry->site_instance();
     if (site_instance &&
         site_instance->HasWrongProcessForURL(entry->GetURL())) {
       // Create a navigation entry that resembles the current one, but do not
       // copy page id, site instance, content state, or timestamp.
       NavigationEntryImpl* nav_entry = NavigationEntryImpl::FromNavigationEntry(
           CreateNavigationEntry(
               entry->GetURL(), entry->GetReferrer(), entry->GetTransitionType(),
               false, entry->extra_headers(), browser_context_));
 
       // Mark the reload type as NO_RELOAD, so navigation will not be considered
       // a reload in the renderer.
       reload_type = NavigationController::NO_RELOAD;
 
       nav_entry->set_should_replace_entry(true);
       pending_entry_ = nav_entry;
     } else {
-      pending_entry_ = entry;
       pending_entry_index_ = current_index;
 
       // The title of the page being reloaded might have been removed in the
       // meanwhile, so we need to revert to the default title upon reload and
       // invalidate the previously cached title (SetTitle will do both).
       // See Chromium issue 96041.
-      pending_entry_->SetTitle(string16());
+      entries_[pending_entry_index_]->SetTitle(string16());
 
-      pending_entry_->SetTransitionType(PAGE_TRANSITION_RELOAD);
+      entries_[pending_entry_index_]->SetTransitionType(PAGE_TRANSITION_RELOAD);
     }
 
     NavigateToPendingEntry(reload_type);
   }
 }
 
 void NavigationControllerImpl::CancelPendingReload() {
   DCHECK(pending_reload_ != NO_RELOAD);
   pending_reload_ = NO_RELOAD;
 }
@@ skipping 27 matching lines @@
       policy->IsDisabledScheme(entry->GetVirtualURL().scheme())) {
     VLOG(1) << "URL not loaded because the scheme is blocked by policy: "
             << entry->GetURL();
     delete entry;
     return;
   }
 
   // When navigating to a new page, we don't know for sure if we will actually
   // end up leaving the current page.  The new page load could for example
   // result in a download or a 'no content' response (e.g., a mailto: URL).
-  SetPendingEntry(entry);
-  NavigateToPendingEntry(NO_RELOAD);
-}
-
-void NavigationControllerImpl::SetPendingEntry(NavigationEntryImpl* entry) {
   DiscardNonCommittedEntriesInternal();
   pending_entry_ = entry;
   NotificationService::current()->Notify(
       NOTIFICATION_NAV_ENTRY_PENDING,
       Source<NavigationController>(this),
       Details<NavigationEntry>(entry));
+  NavigateToPendingEntry(NO_RELOAD);
 }
 
 NavigationEntry* NavigationControllerImpl::GetActiveEntry() const {
   if (transient_entry_index_ != -1)
     return entries_[transient_entry_index_].get();
   if (pending_entry_)
     return pending_entry_;
   return GetLastCommittedEntry();
 }
 
 NavigationEntry* NavigationControllerImpl::GetVisibleEntry() const {
   if (transient_entry_index_ != -1)
     return entries_[transient_entry_index_].get();
-  // The pending entry is safe to return for new (non-history), browser-
-  // initiated navigations.  Most renderer-initiated navigations should not
-  // show the pending entry, to prevent URL spoof attacks.
-  //
-  // We make an exception for renderer-initiated navigations in new tabs, as
-  // long as no other page has tried to access the initial empty document in
-  // the new tab.  If another page modifies this blank page, a URL spoof is
-  // possible, so we must stop showing the pending entry.
-  RenderViewHostImpl* rvh = static_cast<RenderViewHostImpl*>(
-      web_contents_->GetRenderViewHost());
-  bool safe_to_show_pending =
-      pending_entry_ &&
-      // Require a new navigation.
+  // Only return the pending_entry for new (non-history), browser-initiated
+  // navigations, in order to prevent URL spoof attacks.
+  // Ideally we would also show the pending entry's URL for new renderer-
+  // initiated navigations with no last committed entry (e.g., a link opening
+  // in a new tab), but an attacker can insert content into the about:blank
+  // page while the pending URL loads in that case.
+  if (pending_entry_ &&
       pending_entry_->GetPageID() == -1 &&
-      // Require either browser-initiated or an unmodified new tab.
-      (!pending_entry_->is_renderer_initiated() ||
-       (IsInitialNavigation() &&
-        !GetLastCommittedEntry() &&
-        !rvh->has_accessed_initial_document()));
-
-  // Also allow showing the pending entry for history navigations in a new tab,
-  // such as Ctrl+Back.  In this case, no existing page is visible and no one
-  // can script the new tab before it commits.
-  if (!safe_to_show_pending &&
-      pending_entry_ &&
-      pending_entry_->GetPageID() != -1 &&
-      IsInitialNavigation() &&
       !pending_entry_->is_renderer_initiated())
-    safe_to_show_pending = true;
-
-  if (safe_to_show_pending)
     return pending_entry_;
   return GetLastCommittedEntry();
 }
 
 int NavigationControllerImpl::GetCurrentEntryIndex() const {
   if (transient_entry_index_ != -1)
     return transient_entry_index_;
   if (pending_entry_index_ != -1)
     return pending_entry_index_;
   return last_committed_entry_index_;
@@ skipping 609 matching lines @@
   if (!PageTransitionIsMainFrame(params.transition)) {
     // All manual subframes would get new IDs and were handled above, so we
     // know this is auto. Since the current page was found in the navigation
     // entry list, we're guaranteed to have a last committed entry.
     DCHECK(GetLastCommittedEntry());
     return NAVIGATION_TYPE_AUTO_SUBFRAME;
   }
 
   // Anything below here we know is a main frame navigation.
   if (pending_entry_ &&
-      !pending_entry_->is_renderer_initiated() &&
       existing_entry != pending_entry_ &&
       pending_entry_->GetPageID() == -1 &&
       existing_entry == GetLastCommittedEntry()) {
     // In this case, we have a pending entry for a URL but WebCore didn't do a
     // new navigation. This happens when you press enter in the URL bar to
     // reload. We will create a pending entry, but WebKit will convert it to
     // a reload since it's the same page and not create a new entry for it
     // (the user doesn't want to have a new back/forward entry when they do
     // this). If this matches the last committed entry, we want to just ignore
     // the pending entry and go back to where we were (the "existing entry").
@@ skipping 757 matching lines @@
     const base::Callback<base::Time()>& get_timestamp_callback) {
   get_timestamp_callback_ = get_timestamp_callback;
 }
 
 void NavigationControllerImpl::SetTakeScreenshotCallbackForTest(
     const base::Callback<void(RenderViewHost*)>& take_screenshot_callback) {
   take_screenshot_callback_ = take_screenshot_callback;
 }
 
 }  // namespace content