Fixes for Safe Browsing with unrelated pending navigations.

chrome/browser/safe_browsing/threat_details.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Implementation of the ThreatDetails class.
 
 #include "chrome/browser/safe_browsing/threat_details.h"
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
@@ skipping 164 matching lines @@
 
 void ThreatDetails::StartCollection() {
   DVLOG(1) << "Starting to compute threat details.";
   report_.reset(new ClientSafeBrowsingReportRequest());
 
   if (IsReportableUrl(resource_.url)) {
     report_->set_url(resource_.url.spec());
     report_->set_type(GetReportTypeFromSBThreatType(resource_.threat_type));
   }
 
-  GURL page_url = web_contents()->GetURL();
+  NavigationEntry* nav_entry = resource_.GetNavigationEntryForResource();

[Nathan Parker, 2015/12/11 19:48:06]

Is there any case where web_contents_ would be different from that returned by
GetWebContentsByID(render_process_host_id, render_view_id)?

[mattm, 2015/12/15 01:42:25]

I don't think so. The web_contents_ is passed in from SafeBrowsingBlockingPage,
and SBBP gets it's web_contents_ from the same
GetWebContentsByID(unsafe_resource.render_process_host_id,unsafe_resource.render_view_id):

https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/saf...

+
+  GURL page_url = nav_entry->GetURL();
   if (IsReportableUrl(page_url))
     report_->set_page_url(page_url.spec());
 
-  GURL referrer_url;
-  NavigationEntry* nav_entry = web_contents()->GetController().GetActiveEntry();
-  if (nav_entry) {
-    referrer_url = nav_entry->GetReferrer().url;
-    if (IsReportableUrl(referrer_url)) {
-      report_->set_referrer_url(referrer_url.spec());
-    }
+  GURL referrer_url = nav_entry->GetReferrer().url;
+  if (IsReportableUrl(referrer_url)) {
+    report_->set_referrer_url(referrer_url.spec());
   }
 
   // Add the nodes, starting from the page url.
   AddUrl(page_url, GURL(), std::string(), NULL);
 
   // Add the resource_url and its original url, if non-empty and different.
   if (!resource_.original_url.is_empty() &&
       resource_.url != resource_.original_url) {
     // Add original_url, as the parent of resource_url.
     AddUrl(resource_.original_url, GURL(), std::string(), NULL);
@@ skipping 11 matching lines @@
   if (!resource_.original_url.is_empty())
     parent_url = resource_.original_url;
 
   // Set the previous redirect url as the parent of the next one
   for (size_t i = 0; i < resource_.redirect_urls.size(); ++i) {
     AddUrl(resource_.redirect_urls[i], parent_url, std::string(), NULL);
     parent_url = resource_.redirect_urls[i];
   }
 
   // Add the referrer url.
-  if (nav_entry && !referrer_url.is_empty())
+  if (!referrer_url.is_empty())
     AddUrl(referrer_url, GURL(), std::string(), NULL);
 
   if (!resource_.IsMainPageLoadBlocked()) {
     // Get URLs of frames, scripts etc from the DOM.
     // OnReceivedThreatDOMDetails will be called when the renderer replies.
     // TODO(mattm): In theory, if the user proceeds through the warning DOM
     // detail collection could be started once the page loads.
     content::RenderViewHost* view = web_contents()->GetRenderViewHost();
     view->Send(new SafeBrowsingMsg_GetThreatDOMDetails(view->GetRoutingID()));
   }
@@ skipping 101 matching lines @@
   // Send the report, using the SafeBrowsingService.
   std::string serialized;
   if (!report_->SerializeToString(&serialized)) {
     DLOG(ERROR) << "Unable to serialize the threat report.";
     return;
   }
   ui_manager_->SendSerializedThreatDetails(serialized);
 }
 
 }  // namespace safe_browsing