Kill renderer if it changes the main frame's origin on subframe commits.

Kill renderer if it changes the main frame's origin on subframe commits.

This is hopefully safe after the fix for 597322.  It's a useful second
line of defense against URL spoofs.

BUG=486916, 597322
TEST=No NC_AUTO_SUBFRAME kills
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Committed: https://crrev.com/fb6eeb6dde866fbe9b48b62311eb6cc48771fc70
Cr-Commit-Position: refs/heads/master@{#392666}

[Charlie Reis, 2016-05-09 06:04:33]

Description was changed from

==========
Kill renderer if it changes the main frame's origin on subframe commits.

This is hopefully safe after the fix for 597322.  It's a useful second
line of defense against URL spoofs.

BUG=486916, 597322
TEST=No NC_AUTO_SUBFRAME kills
==========

to

==========
Kill renderer if it changes the main frame's origin on subframe commits.

This is hopefully safe after the fix for 597322.  It's a useful second
line of defense against URL spoofs.

BUG=486916, 597322
TEST=No NC_AUTO_SUBFRAME kills
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[Charlie Reis, 2016-05-09 17:32:10]

creis@chromium.org changed reviewers:
+ nick@chromium.org

[Charlie Reis, 2016-05-09 17:32:10]

This restores the renderer kill we had before, to try to prevent URL spoofs
after subframe navigations.  We were hitting it in practice for a while, but
that hopefully was fixed by https://codereview.chromium.org/1848813005.

[ncarter (slow), 2016-05-09 19:06:33]

lgtm

If you wait a couple days, I ought to have the
magic_signature/DumpWithoutCrashing stuff landed, which would make landing this
easier (since you'll get the near-realtime crash/ feedback). Your choice!

[Charlie Reis, 2016-05-10 17:37:16]

The CQ bit was checked by creis@chromium.org

[commit-bot: I haz the power, 2016-05-10 17:37:46]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1960983002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1960983002/1

[commit-bot: I haz the power, 2016-05-10 19:02:04]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-05-10 19:04:34]

Description was changed from

==========
Kill renderer if it changes the main frame's origin on subframe commits.

This is hopefully safe after the fix for 597322.  It's a useful second
line of defense against URL spoofs.

BUG=486916, 597322
TEST=No NC_AUTO_SUBFRAME kills
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Kill renderer if it changes the main frame's origin on subframe commits.

This is hopefully safe after the fix for 597322.  It's a useful second
line of defense against URL spoofs.

BUG=486916, 597322
TEST=No NC_AUTO_SUBFRAME kills
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Committed: https://crrev.com/fb6eeb6dde866fbe9b48b62311eb6cc48771fc70
Cr-Commit-Position: refs/heads/master@{#392666}
==========

[commit-bot: I haz the power, 2016-05-10 19:04:35]

Patchset 1 (id:??) landed as
https://crrev.com/fb6eeb6dde866fbe9b48b62311eb6cc48771fc70
Cr-Commit-Position: refs/heads/master@{#392666}