Fixes for Safe Browsing with unrelated pending navigations.

chrome/browser/safe_browsing/ui_manager.cc

Index: chrome/browser/safe_browsing/ui_manager.cc
diff --git a/chrome/browser/safe_browsing/ui_manager.cc b/chrome/browser/safe_browsing/ui_manager.cc
index c6bb6d0d417e8b560ff4cb9ede3f2694cdb4000a..4d73eb9c2c8418c9fb894e5f9da7a60c848b3a91 100644
--- a/chrome/browser/safe_browsing/ui_manager.cc
+++ b/chrome/browser/safe_browsing/ui_manager.cc
@@ -88,6 +88,17 @@ bool SafeBrowsingUIManager::UnsafeResource::IsMainPageLoadBlocked() const {
   return true;
 }
 
+content::NavigationEntry*
+SafeBrowsingUIManager::UnsafeResource::GetNavigationEntryForResource() const {
+  WebContents* contents =
+      tab_util::GetWebContentsByID(render_process_host_id, render_view_id);
+  if (!contents)
+    return NULL;

[Charlie Reis, 2015/12/11 05:39:24]

nit: nullptr

[mattm, 2015/12/15 01:42:25]

Done.

+  if (IsMainPageLoadBlocked())
+    return contents->GetController().GetPendingEntry();
+  return contents->GetController().GetLastCommittedEntry();

[Charlie Reis, 2015/12/11 05:39:24]

This should have a comment explaining why we return the pending entry for the
main frame and the last committed for the subframe.

[mattm, 2015/12/15 01:42:25]

Done.

+}
+
 // SafeBrowsingUIManager -------------------------------------------------------
 
 SafeBrowsingUIManager::SafeBrowsingUIManager(
@@ -174,14 +185,13 @@ void SafeBrowsingUIManager::DisplayBlockingPage(
   if (resource.threat_type != SB_THREAT_TYPE_SAFE) {
     HitReport hit_report;
     hit_report.malicious_url = resource.url;
-    hit_report.page_url = web_contents->GetURL();
     hit_report.is_subresource = resource.is_subresource;
     hit_report.threat_type = resource.threat_type;
     hit_report.threat_source = resource.threat_source;
 
-    NavigationEntry* entry = web_contents->GetController().GetActiveEntry();
-    if (entry)
-      hit_report.referrer_url = entry->GetReferrer().url;
+    NavigationEntry* entry = resource.GetNavigationEntryForResource();
+    hit_report.page_url = entry->GetURL();
+    hit_report.referrer_url = entry->GetReferrer().url;
 
     // When the malicious url is on the main frame, and resource.original_url
     // is not the same as the resource.url, that means we have a redirect from
@@ -311,7 +321,8 @@ void SafeBrowsingUIManager::AddToWhitelist(const UnsafeResource& resource) {
     web_contents->SetUserData(kWhitelistKey, site_list);
   }
 
-  GURL whitelisted_url(resource.is_subresource ? web_contents->GetVisibleURL()
+  NavigationEntry* entry = resource.GetNavigationEntryForResource();
+  GURL whitelisted_url(resource.is_subresource ? entry->GetURL()
                                                : resource.url);
   site_list->Insert(whitelisted_url);
 }
@@ -323,8 +334,9 @@ bool SafeBrowsingUIManager::IsWhitelisted(const UnsafeResource& resource) {
   WebContents* web_contents = tab_util::GetWebContentsByID(
       resource.render_process_host_id, resource.render_view_id);
 
-  GURL maybe_whitelisted_url(
-      resource.is_subresource ? web_contents->GetVisibleURL() : resource.url);
+  NavigationEntry* entry = resource.GetNavigationEntryForResource();
+  GURL maybe_whitelisted_url(resource.is_subresource ? entry->GetURL()
+                                                     : resource.url);
   WhitelistUrlSet* site_list =
       static_cast<WhitelistUrlSet*>(web_contents->GetUserData(kWhitelistKey));
   if (!site_list)