Added UseCounter for clearing browsing context name on cross-origin name

third_party/WebKit/Source/core/loader/DocumentLoader.cpp

Index: third_party/WebKit/Source/core/loader/DocumentLoader.cpp
diff --git a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
index b8767260da3b54447598a4982e67326047400931..50619accfd24b6f5b3e38605c4cbd904dfb1ad70 100644
--- a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
+++ b/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
@@ -669,6 +669,10 @@ void DocumentLoader::ensureWriter(const AtomicString& mimeType,
   if (!m_frame)
     return;
 
+  SecurityOrigin* frameSecurityOrigin = nullptr;
+  if (m_frame->document())
+    frameSecurityOrigin = m_frame->document()->getSecurityOrigin();
+
   const AtomicString& encoding = response().textEncodingName();
 
   // Prepare a DocumentInit before clearing the frame, because it may need to
@@ -695,7 +699,7 @@ void DocumentLoader::ensureWriter(const AtomicString& mimeType,
 
   installNewDocument(init, mimeType, encoding,
                      InstallNewDocumentReason::kNavigation, parsingPolicy,
-                     overridingURL);
+                     overridingURL, frameSecurityOrigin);
   m_writer->setDocumentWasLoadedAsPartOfNavigation();
   m_frame->document()->maybeHandleHttpRefresh(
       m_response.httpHeaderField(HTTPNames::Refresh),
@@ -1030,13 +1034,30 @@ void setFeaturePolicy(Document* document, const String& featurePolicyHeader) {
     frame->client()->didSetFeaturePolicyHeader(parsedHeader);
 }
 
+// static
+bool DocumentLoader::shouldClearWindowName(
+    const LocalFrame& frame,
+    SecurityOrigin* frameSecurityOrigin,
+    const Document& newDocument)
+{
+  if (!frameSecurityOrigin)
+    return false;
+  if (!frame.isMainFrame())
+    return false;
+  if (frame.loader().opener())
+    return false;
+
+  return !newDocument.getSecurityOrigin()->isSameSchemeHostPort(frameSecurityOrigin);
+}
+
 void DocumentLoader::installNewDocument(
     const DocumentInit& init,
     const AtomicString& mimeType,
     const AtomicString& encoding,
     InstallNewDocumentReason reason,
     ParserSynchronizationPolicy parsingPolicy,
-    const KURL& overridingURL) {
+    const KURL& overridingURL,
+    SecurityOrigin* frameSecurityOrigin) {
   DCHECK_EQ(init.frame(), m_frame);
   DCHECK(!m_frame->document() || !m_frame->document()->isActive());
   DCHECK_EQ(m_frame->tree().childCount(), 0u);
@@ -1045,6 +1066,16 @@ void DocumentLoader::installNewDocument(
     m_frame->setDOMWindow(LocalDOMWindow::create(*m_frame));
 
   Document* document = m_frame->domWindow()->installNewDocument(mimeType, init);
+
+  if (shouldClearWindowName(*m_frame, frameSecurityOrigin, *document)) {

[dcheng, 2017/04/04 07:53:21]

Can we just check this in LocalDOMWindow::installNewDocument()? We can capture
both the previous SecurityOrigin and the new SecurityOrigin there, to avoid this
plumbing.

[dcheng, 2017/04/04 07:57:59]

Ah never mind, that doesn't work because we may have changed the DOMWindow.

But I would still try to name frameSecurityOrigin a bit more descriptively:
maybe "previousSecurityOrigin"

[dcheng, 2017/04/04 07:59:39]

Actually we can avoid plumbing around frameSecurityOrigin: just capture it at
the beginning of this function, before we install a new DOM window on line 1066.

+    // TODO(andypaicu): decide  if we can do this without breaking functionality

[Mike West, 2017/04/04 12:12:01]

Nit: double-space after "decide"
Nit: Capital "D" for "decide".
Nit: "Decide _whether_" sounds better than "if".
Nit: Actually, I'd just remove the whole first sentence, and change the last
sentence to "If we decide to move forward with this change, we'd actually clean
the name here."

+    // after we get user data. experimentalSetNullName will just record the fact
+    // that the name would be nulled and if the name is accessed after we will fire a UseCounter
+    // This is what would be here if we decided to move forward with this:
+    // m_frame->tree().setName(nullAtom);
+    m_frame->tree().experimentalSetNulledName();
+  }
+
   m_frame->page()->chromeClient().installSupplements(*m_frame);
   if (!overridingURL.isEmpty())
     document->setBaseURLOverride(overridingURL);
@@ -1063,6 +1094,7 @@ void DocumentLoader::installNewDocument(
   // are sent in didCommitNavigation().
   setFeaturePolicy(document,
                    m_response.httpHeaderField(HTTPNames::Feature_Policy));
+
   frameLoader().dispatchDidClearDocumentOfWindowObject();
 }
 
@@ -1076,11 +1108,12 @@ const AtomicString& DocumentLoader::mimeType() const {
 // FrameLoader::replaceDocumentWhileExecutingJavaScriptURL()
 void DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL(
     const DocumentInit& init,
-    const String& source) {
+    const String& source,
+    SecurityOrigin* frameSecurityOrigin) {
   installNewDocument(init, mimeType(),
                      m_writer ? m_writer->encoding() : emptyAtom,
                      InstallNewDocumentReason::kJavascriptURL,
-                     ForceSynchronousParsing, KURL());
+                     ForceSynchronousParsing, KURL(), frameSecurityOrigin);
   if (!source.isNull())
     m_writer->appendReplacingData(source);
   endWriting();