Revert of Block top-level navigations to nested URLs with extension origins from non-extension procs

Revert of Block top-level navigations to nested URLs with extension origins from non-extension processes. (patchset #1 id:1 of https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed: https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7fefe329d5091



TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
# Adding these as instructed by commit-bot:
NOTRY=true
NOPRESUBMIT=true

[alexmos, 2016-10-04 16:41:58]

The CQ bit was checked by alexmos@chromium.org

[alexmos, 2016-10-04 16:41:58]

Created Revert of Block top-level navigations to nested URLs with extension
origins from non-extension processes.

[commit-bot: I haz the power, 2016-10-04 16:42:23]

The CQ bit was unchecked by commit-bot@chromium.org

[alexmos, 2016-10-04 16:46:09]

The CQ bit was checked by alexmos@chromium.org

[commit-bot: I haz the power, 2016-10-04 16:46:40]

The CQ bit was unchecked by commit-bot@chromium.org

[alexmos, 2016-10-04 16:47:53]

The CQ bit was checked by alexmos@chromium.org

[commit-bot: I haz the power, 2016-10-04 16:48:19]

The CQ bit was unchecked by commit-bot@chromium.org

[alexmos, 2016-10-04 16:49:42]

Description was changed from

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...

TBR=
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
==========

to

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...

TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
==========

[alexmos, 2016-10-04 16:49:48]

The CQ bit was checked by alexmos@chromium.org

[commit-bot: I haz the power, 2016-10-04 16:50:02]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-10-04 16:50:02]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-10-04 16:50:05]

CLs for remote refs other than refs/pending/heads/master must contain NOTRY=true
and NOPRESUBMIT=true in order for the CQ to process them

[alexmos, 2016-10-04 16:51:31]

Description was changed from

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...

TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
==========

to

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...



TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
# Adding these as instructed by commit-bot:
NOTRY=true
NOPRESUBMIT=true
==========

[alexmos, 2016-10-04 16:51:41]

The CQ bit was checked by alexmos@chromium.org

[commit-bot: I haz the power, 2016-10-04 16:51:55]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-10-04 16:56:24]

Description was changed from

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...



TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
# Adding these as instructed by commit-bot:
NOTRY=true
NOPRESUBMIT=true
==========

to

==========
Revert of Block top-level navigations to nested URLs with extension origins from
non-extension processes. (patchset #1 id:1 of
https://codereview.chromium.org/2366973002/ )

Reason for revert:
Broke blob: loads in <webview>.  See
https://bugs.chromium.org/p/chromium/issues/detail?id=652077

Original issue's description:
> Block top-level navigations to nested URLs with extension origins from
non-extension processes.
> 
> Before this CL, it was possible for a web iframe with an unblessed
> extension frame to exploit the renderer, create a blob: or filesystem:
> URL in the extension frame context, then create a new top-level window
> and navigate it to that URL, which could end up putting the new window
> into a privileged extension process running attacker's code.
> 
> BUG=645028
> 
> Review-Url: https://codereview.chromium.org/2345473003
> Cr-Commit-Position: refs/heads/master@{#419019}
> (cherry picked from commit 4bfdc9292a6161980ba9a7a469d2d4515bebc6dd)
> 
> Committed:
https://chromium.googlesource.com/chromium/src/+/dbf71ae0ae30ffd84974aebf1bc7...



TBR=nasko@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=645028
# Adding these as instructed by commit-bot:
NOTRY=true
NOPRESUBMIT=true
==========

[commit-bot: I haz the power, 2016-10-04 16:56:25]

Committed patchset #1 (id:1)