| Index: content/browser/web_contents/render_view_host_manager.cc
|
| diff --git a/content/browser/web_contents/render_view_host_manager.cc b/content/browser/web_contents/render_view_host_manager.cc
|
| index 648664a1bcfe9655366da81aac3fa7c46c2089f4..1e64288510450bfd8515641da9a7cb3dc724fccf 100644
|
| --- a/content/browser/web_contents/render_view_host_manager.cc
|
| +++ b/content/browser/web_contents/render_view_host_manager.cc
|
| @@ -429,33 +429,40 @@ bool RenderViewHostManager::ShouldSwapProcessesForNavigation(
|
| // Check for reasons to swap processes even if we are in a process model that
|
| // doesn't usually swap (e.g., process-per-tab).
|
|
|
| - // For security, we should transition between processes when one is a Web UI
|
| - // page and one isn't. If there's no curr_entry, check the current RVH's
|
| - // site, which might already be committed to a Web UI URL (such as the NTP).
|
| - const GURL& current_url = (curr_entry) ? curr_entry->GetURL() :
|
| - render_view_host_->GetSiteInstance()->GetSiteURL();
|
| + // We use the effective URL here, since that's what is used in the
|
| + // SiteInstance's site and when we later call IsSameWebSite. If there's no
|
| + // curr_entry, check the current SiteInstance's site, which might already be
|
| + // committed to a Web UI URL (such as the NTP).
|
| BrowserContext* browser_context =
|
| delegate_->GetControllerForRenderManager().GetBrowserContext();
|
| + const GURL& current_url = (curr_entry) ?
|
| + SiteInstanceImpl::GetEffectiveURL(browser_context, curr_entry->GetURL()) :
|
| + render_view_host_->GetSiteInstance()->GetSiteURL();
|
| + const GURL& new_url = SiteInstanceImpl::GetEffectiveURL(browser_context,
|
| + new_entry->GetURL());
|
| +
|
| + // For security, we should transition between processes when one is a Web UI
|
| + // page and one isn't.
|
| if (WebUIControllerFactoryRegistry::GetInstance()->UseWebUIForURL(
|
| browser_context, current_url)) {
|
| // Force swap if it's not an acceptable URL for Web UI.
|
| // Here, data URLs are never allowed.
|
| if (!WebUIControllerFactoryRegistry::GetInstance()->IsURLAcceptableForWebUI(
|
| - browser_context, new_entry->GetURL(), false)) {
|
| + browser_context, new_url, false)) {
|
| return true;
|
| }
|
| } else {
|
| // Force swap if it's a Web UI URL.
|
| if (WebUIControllerFactoryRegistry::GetInstance()->UseWebUIForURL(
|
| - browser_context, new_entry->GetURL())) {
|
| + browser_context, new_url)) {
|
| return true;
|
| }
|
| }
|
|
|
| + // Check with the content client as well. Important to pass current_url here,
|
| + // which uses the SiteInstance's site if there is no curr_entry.
|
| if (GetContentClient()->browser()->ShouldSwapProcessesForNavigation(
|
| - render_view_host_->GetSiteInstance(),
|
| - curr_entry ? curr_entry->GetURL() : GURL(),
|
| - new_entry->GetURL())) {
|
| + render_view_host_->GetSiteInstance(), current_url, new_url)) {
|
| return true;
|
| }
|
|
|
| @@ -648,6 +655,10 @@ int RenderViewHostManager::CreateRenderView(
|
| bool swapped_out) {
|
| CHECK(instance);
|
|
|
| + // We are creating a pending or swapped out RVH here. We should never create
|
| + // it in the same SiteInstance as our current RVH.
|
| + CHECK_NE(render_view_host_->GetSiteInstance(), instance);
|
| +
|
| // Check if we've already created an RVH for this SiteInstance. If so, try
|
| // to re-use the existing one, which has already been initialized. We'll
|
| // remove it from the list of swapped out hosts if it commits.
|
|
|
Chromium Code Reviews
Issue 19021004:
Prevent creating a swapped out RVH in the same SiteInstance as the current one. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src