Plumb the correct owner document through DocumentInit::m_owner.

third_party/WebKit/Source/core/page/CreateWindow.cpp

 /*
  * Copyright (C) 2006, 2007, 2008, 2010 Apple Inc. All rights reserved.
  * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
@@ skipping 29 matching lines @@
 #include "core/page/WindowFeatures.h"
 #include "platform/UserGestureIndicator.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "platform/weborigin/SecurityPolicy.h"
 #include "public/platform/WebURLRequest.h"
 
 namespace blink {
 
-static Frame* createWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created)
+static Frame* reuseExistingWindow(LocalFrame& openerFrame, LocalFrame& lookupFrame, const AtomicString& frameName, NavigationPolicy policy)
 {
-    created = false;
-
-    ASSERT(!features.dialog || request.frameName().isEmpty());
-    ASSERT(request.resourceRequest().requestorOrigin() || openerFrame.document()->url().isEmpty());
-    ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeAuxiliary);
-
-    if (!request.frameName().isEmpty() && request.frameName() != "_blank" && policy == NavigationPolicyIgnore) {
-        if (Frame* frame = lookupFrame.findFrameForNavigation(request.frameName(), openerFrame)) {
-            if (request.frameName() != "_self") {
+    if (!frameName.isEmpty() && frameName != "_blank" && policy == NavigationPolicyIgnore) {
+        if (Frame* frame = lookupFrame.findFrameForNavigation(frameName, openerFrame)) {
+            if (frameName != "_self") {
                 if (FrameHost* host = frame->host()) {
                     if (host == openerFrame.host())
                         frame->page()->focusController().setFocusedFrame(frame);
                     else
                         host->chromeClient().focus();
                 }
             }
             return frame;
         }
     }
+    return nullptr;
+}
 
-    // Sandboxed frames cannot open new auxiliary browsing contexts.
-    if (openerFrame.document()->isSandboxed(SandboxPopups)) {
-        // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
-        openerFrame.document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set."));
-        return nullptr;
-    }
-
-    if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows())
-        return openerFrame.tree().top();
-
+static Frame* createNewWindow(LocalFrame& openerFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created)
+{
     FrameHost* oldHost = openerFrame.host();
     if (!oldHost)
         return nullptr;
 
     Page* page = oldHost->chromeClient().createWindow(&openerFrame, request, features, policy, shouldSetOpener);
     if (!page)
         return nullptr;
     FrameHost* host = &page->frameHost();
 
     ASSERT(page->mainFrame());
@@ skipping 25 matching lines @@
 
     if (openerFrame.document()->isSandboxed(SandboxPropagatesToAuxiliaryBrowsingContexts))
         frame.loader().forceSandboxFlags(openerFrame.securityContext()->getSandboxFlags());
 
     // This call may suspend the execution by running nested message loop.
     InspectorInstrumentation::windowCreated(&openerFrame, &frame);
     created = true;
     return &frame;
 }
 
+static Frame* createWindowHelper(LocalFrame& openerFrame, LocalFrame& lookupFrame, const FrameLoadRequest& request, const WindowFeatures& features, NavigationPolicy policy, ShouldSetOpener shouldSetOpener, bool& created)
+{
+    ASSERT(!features.dialog || request.frameName().isEmpty());
+    ASSERT(request.resourceRequest().requestorOrigin() || openerFrame.document()->url().isEmpty());
+    ASSERT(request.resourceRequest().frameType() == WebURLRequest::FrameTypeAuxiliary);
+
+    created = false;
+
+    Frame* window = reuseExistingWindow(openerFrame, lookupFrame, request.frameName(), policy);
+
+    if (!window) {
+        // Sandboxed frames cannot open new auxiliary browsing contexts.
+        if (openerFrame.document()->isSandboxed(SandboxPopups)) {
+            // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
+            openerFrame.document()->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked opening '" + request.resourceRequest().url().elidedString() + "' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set."));
+            return nullptr;
+        }
+
+        if (openerFrame.settings() && !openerFrame.settings()->supportsMultipleWindows())
+            window = openerFrame.tree().top();
+    }
+
+    if (window) {
+        if (shouldSetOpener == MaybeSetOpener)
+            window->client()->setOpener(&openerFrame);
+        return window;
+    }
+
+    return createNewWindow(openerFrame, request, features, policy, shouldSetOpener, created);
+}
+
 DOMWindow* createWindow(const String& urlString, const AtomicString& frameName, const WindowFeatures& windowFeatures,
     LocalDOMWindow& callingWindow, LocalFrame& firstFrame, LocalFrame& openerFrame)
 {
     LocalFrame* activeFrame = callingWindow.frame();
     ASSERT(activeFrame);
 
     KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame.document()->completeURL(urlString);
     if (!completedURL.isEmpty() && !completedURL.isValid()) {
         // Don't expose client code to invalid URLs.
         callingWindow.printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n");
@@ skipping 12 matching lines @@
     frameRequest.resourceRequest().setHTTPReferrer(SecurityPolicy::generateReferrer(activeFrame->document()->getReferrerPolicy(), completedURL, activeFrame->document()->outgoingReferrer()));
 
     // Records HasUserGesture before the value is invalidated inside createWindow(LocalFrame& openerFrame, ...).
     // This value will be set in ResourceRequest loaded in a new LocalFrame.
     bool hasUserGesture = UserGestureIndicator::processingUserGesture();
 
     // We pass the opener frame for the lookupFrame in case the active frame is different from
     // the opener frame, and the name references a frame relative to the opener frame.
     bool created;
     ShouldSetOpener opener = windowFeatures.noopener ? NeverSetOpener : MaybeSetOpener;
-    Frame* newFrame = createWindow(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, opener, created);
+    Frame* newFrame = createWindowHelper(*activeFrame, openerFrame, frameRequest, windowFeatures, NavigationPolicyIgnore, opener, created);
     if (!newFrame)
         return nullptr;
 
-    if (!windowFeatures.noopener)
-        newFrame->client()->setOpener(&openerFrame);
-
     if (!newFrame->domWindow()->isInsecureScriptAccess(callingWindow, completedURL)) {
         if (!urlString.isEmpty() || created)
             newFrame->navigate(*callingWindow.document(), completedURL, false, hasUserGesture ? UserGestureStatus::Active : UserGestureStatus::None);
     }
     return newFrame->domWindow();
 }
 
 void createWindowForRequest(const FrameLoadRequest& request, LocalFrame& openerFrame, NavigationPolicy policy, ShouldSendReferrer shouldSendReferrer, ShouldSetOpener shouldSetOpener)
 {
     ASSERT(request.resourceRequest().requestorOrigin() || (openerFrame.document() && openerFrame.document()->url().isEmpty()));
 
     if (openerFrame.document()->pageDismissalEventBeingDispatched() != Document::NoDismissal)
         return;
 
     if (openerFrame.document() && openerFrame.document()->isSandboxed(SandboxPopups))
         return;
 
     if (!LocalDOMWindow::allowPopUp(openerFrame))
         return;
 
     if (policy == NavigationPolicyCurrentTab)
         policy = NavigationPolicyNewForegroundTab;
 
     WindowFeatures features;
     bool created;
-    Frame* newFrame = createWindow(openerFrame, openerFrame, request, features, policy, shouldSetOpener, created);
+    Frame* newFrame = createWindowHelper(openerFrame, openerFrame, request, features, policy, shouldSetOpener, created);
     if (!newFrame)
         return;
-    if (shouldSetOpener == MaybeSetOpener)
-        newFrame->client()->setOpener(&openerFrame);
     if (shouldSendReferrer == MaybeSendReferrer) {
         // TODO(japhet): Does ReferrerPolicy need to be proagated for RemoteFrames?
         if (newFrame->isLocalFrame())
             toLocalFrame(newFrame)->document()->setReferrerPolicy(openerFrame.document()->getReferrerPolicy());
     }
 
     // TODO(japhet): Form submissions on RemoteFrames don't work yet.
     FrameLoadRequest newRequest(0, request.resourceRequest());
     newRequest.setForm(request.form());
     if (newFrame->isLocalFrame())
         toLocalFrame(newFrame)->loader().load(newRequest);
 }
 
 } // namespace blink