Content API changes to improve DOM stitching in ThreatDetails code.

components/safe_browsing/browser/threat_details.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SAFE_BROWSING_BROWSER_THREAT_DETAILS_H_
 #define COMPONENTS_SAFE_BROWSING_BROWSER_THREAT_DETAILS_H_
 
 // A class that encapsulates the detailed threat reports sent when
 // users opt-in to do so from the safe browsing warning page.
 
@@ skipping 34 matching lines @@
 class ThreatDetailsCacheCollector;
 class ThreatDetailsRedirectsCollector;
 class ThreatDetailsFactory;
 
 using ResourceMap =
     base::hash_map<std::string,
                    std::unique_ptr<ClientSafeBrowsingReportRequest::Resource>>;
 
 // Maps a key of an HTML element to its corresponding HTMLElement proto message.
 // HTML Element keys have the form "<frame_id>-<node_id>", where |frame_id| is
-// the FrameTree NodeID of the render frame containing the element, and
+// the FrameTree NodeID of the frame containing the element, and

[Charlie Reis, 2017/05/12 21:40:50]

Heh, I keep catching more of these.  :)

nit: the FrameTreeNode ID

[lpz, 2017/05/15 18:49:07]

Yeah, this one was sneaky, sorry for the churn from these :)

 // |node_id| is a sequential ID for the element generated by the renderer.
 using ElementMap = base::hash_map<std::string, std::unique_ptr<HTMLElement>>;
 
-// Maps a URL to some HTML Elements. Used to maintain parent/child relationship
-// for HTML Elements across IFrame boundaries.
-// The key is the string URL set as the src attribute of an iframe. The value is
-// the HTMLElement proto that represents the iframe element with that URL.
-// The HTMLElement protos are not owned by this map.
-using UrlToDomElementMap = base::hash_map<std::string, HTMLElement*>;
+// Maps the key of an iframe element to the FrameTreeNode ID of the frame that
+// rendered the contents of the iframe.
+using KeyToFrameTreeIdMap = base::hash_map<std::string, int>;
 
-// Maps a URL to some Element IDs. Used to maintain parent/child relationship
-// for HTML Elements across IFrame boundaries.
-// The key is the string URL of a render frame. The value is the set of Element
-// IDs that are at the top-level of this render frame.
-using UrlToChildIdsMap = base::hash_map<std::string, std::unordered_set<int>>;
+// Maps a FrameTreeNode ID of a frame to a set of child IDs. The child IDs are
+// the Element IDs of the top-level HTML Elements in this frame.
+using FrameTreeIdToChildIdsMap = base::hash_map<int, std::unordered_set<int>>;
 
 class ThreatDetails : public base::RefCountedThreadSafe<
                           ThreatDetails,
                           content::BrowserThread::DeleteOnUIThread>,
                       public content::WebContentsObserver {
  public:
   typedef security_interstitials::UnsafeResource UnsafeResource;
 
   // Constructs a new ThreatDetails instance, using the factory.
   static ThreatDetails* NewThreatDetails(
@@ skipping 33 matching lines @@
                 content::WebContents* web_contents,
                 const UnsafeResource& resource,
                 net::URLRequestContextGetter* request_context_getter,
                 history::HistoryService* history_service);
 
   ~ThreatDetails() override;
 
   // Called on the IO thread with the DOM details.
   virtual void AddDOMDetails(
       const int frame_tree_node_id,
-      const GURL& frame_last_committed_url,
-      const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params);
+      const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params,
+      const KeyToFrameTreeIdMap& child_frame_tree_map);
 
   // The report protocol buffer.
   std::unique_ptr<ClientSafeBrowsingReportRequest> report_;
 
   // Used to get a pointer to the HTTP cache.
   scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
 
  private:
   friend class base::RefCountedThreadSafe<ThreatDetails>;
   friend struct content::BrowserThread::DeleteOnThread<
@@ skipping 24 matching lines @@
       const std::string& tagname,
       const std::vector<GURL>* children);
 
   // Message handler.
   void OnReceivedThreatDOMDetails(
       content::RenderFrameHost* sender,
       const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params);
 
   void AddRedirectUrlList(const std::vector<GURL>& urls);
 
-  // Adds an HTML Element to the DOM structure.
-  // |frame_tree_node_id| is the unique ID of the render frame the element came
-  // from. |frame_url| is the URL that the render frame was handling.
-  // |element_node_id| is a unique ID of the element within the render frame.
-  // |tag_name| is the tag of the element. |parent_element_node_id| is the
-  // unique ID of the parent element with the render frame. |attributes|
-  // contains the names and values of the element's attributes.|resource| is
-  // set if this element is a resource.
+  // Adds an HTML Element to the DOM structure. |frame_tree_node_id| is the
+  // unique ID of the frame the element came from, and |process_id| is that
+  // frame's current renderer process ID. |child_frame_routing_id| is only set

[Charlie Reis, 2017/05/12 21:40:50]

Don't forget to remove the stale params from the comment as well.

[lpz, 2017/05/15 18:49:07]

Doh, done.

+  // for iframe elements, and indicates the routing ID of the RenderFrame (or
+  // placeholder within |process_id|, if it is an out-of-process iframe)
+  // containing the body of the iframe. |element_node_id| is a unique ID of the
+  // element within the frame. |tag_name| is the tag of the element.
+  // |parent_element_node_id| is the unique ID of the parent element within the
+  // frame. |attributes| contains the names and values of the element's
+  // attributes. |resource| is set if this element is a resource.
   void AddDomElement(const int frame_tree_node_id,
-                     const std::string& frame_url,
                      const int element_node_id,
                      const std::string& tag_name,
                      const int parent_element_node_id,
                      const std::vector<AttributeNameValue>& attributes,
                      const ClientSafeBrowsingReportRequest::Resource* resource);
 
   scoped_refptr<BaseUIManager> ui_manager_;
 
   const UnsafeResource resource_;
 
   // For every Url we collect we create a Resource message. We keep
   // them in a map so we can avoid duplicates.
   ResourceMap resources_;
 
   // Store all HTML elements collected, keep them in a map for easy lookup.
   ElementMap elements_;
 
-  // For each iframe element encountered we map the src of the iframe to the
-  // iframe element. This is used when we receive elements from a different
-  // frame whose document URL matches the src of an iframe in this map. We can
-  // then add all elements from the subframe as children of the iframe element
-  // stored here.
-  UrlToDomElementMap iframe_src_to_element_map_;
+  // For each iframe element encountered we map the key of the iframe to the
+  // FrameTreeNode ID of the frame containing the contents of that iframe.
+  // We populate this map when receiving results from ThreatDomDetails, and use
+  // it in a second pass (after FinishCollection) to attach children to iframe
+  // elements.
+  // Should only be accessed on the IO thread.
+  KeyToFrameTreeIdMap iframe_key_to_frame_tree_id_map_;
 
-  // When getting a set of elements from a render frame, we store the frame's
-  // URL and a collection of all the top-level elements in that frame. When we
-  // later encounter the parent iframe with the same src URL, we can add all of
-  // these elements as children of that iframe.
-  UrlToChildIdsMap document_url_to_children_map_;
+  // When getting a set of elements from a frame, we store the frame's
+  // FrameTreeNode ID and a collection of all top-level elements in that frame.
+  // It is populated as we receive sets of nodes from different renderers.
+  // It is used together with |iframe_key_to_frame_tree_id_map_| in a second
+  // pass to insert child elements under their parent iframe elements.
+  FrameTreeIdToChildIdsMap frame_tree_id_to_children_map_;
 
   // Result from the cache extractor.
   bool cache_result_;
 
   // Whether user did proceed with the safe browsing blocking page or
   // not.
   bool did_proceed_;
 
   // How many times this user has visited this page before.
   int num_visits_;
 
   // Keeps track of whether we have an ambiguous DOM in this report. This can
-  // happen when the HTML Elements returned by a render frame can't be
+  // happen when the HTML Elements returned by a renderer can't be
   // associated with a parent Element in the parent frame.
   bool ambiguous_dom_;
 
   // The factory used to instantiate SafeBrowsingBlockingPage objects.
   // Useful for tests, so they can provide their own implementation of
   // SafeBrowsingBlockingPage.
   static ThreatDetailsFactory* factory_;
 
   // Used to collect details from the HTTP Cache.
   scoped_refptr<ThreatDetailsCacheCollector> cache_collector_;
@@ skipping 21 matching lines @@
       BaseUIManager* ui_manager,
       content::WebContents* web_contents,
       const security_interstitials::UnsafeResource& unsafe_resource,
       net::URLRequestContextGetter* request_context_getter,
       history::HistoryService* history_service) = 0;
 };
 
 }  // namespace safe_browsing
 
 #endif  // COMPONENTS_SAFE_BROWSING_BROWSER_THREAT_DETAILS_H_