| Index: components/safe_browsing/browser/threat_details.cc
|
| diff --git a/components/safe_browsing/browser/threat_details.cc b/components/safe_browsing/browser/threat_details.cc
|
| index 0aa468608efbe36a85f841e0087a4baefa683f24..0e6cfb8cf117a5f9ca81ce61eb8649cb78fedb1f 100644
|
| --- a/components/safe_browsing/browser/threat_details.cc
|
| +++ b/components/safe_browsing/browser/threat_details.cc
|
| @@ -22,6 +22,7 @@
|
| #include "content/public/browser/navigation_controller.h"
|
| #include "content/public/browser/navigation_entry.h"
|
| #include "content/public/browser/render_frame_host.h"
|
| +#include "content/public/browser/render_process_host.h"
|
| #include "content/public/browser/web_contents.h"
|
| #include "net/url_request/url_request_context_getter.h"
|
|
|
| @@ -287,7 +288,6 @@ ClientSafeBrowsingReportRequest::Resource* ThreatDetails::AddUrl(
|
|
|
| void ThreatDetails::AddDomElement(
|
| const int frame_tree_node_id,
|
| - const std::string& frame_url,
|
| const int element_node_id,
|
| const std::string& tagname,
|
| const int parent_element_node_id,
|
| @@ -309,18 +309,9 @@ void ThreatDetails::AddDomElement(
|
| attribute_pb->set_name(attribute.first);
|
| attribute_pb->set_value(attribute.second);
|
| }
|
| - bool is_frame = tag_name_upper == "IFRAME" || tag_name_upper == "FRAME";
|
|
|
| if (resource) {
|
| cur_element->set_resource_id(resource->id());
|
| -
|
| - // For iframes, remember that this HTML Element represents an iframe with a
|
| - // specific URL. Elements from a frame with this URL are children of this
|
| - // element.
|
| - if (is_frame &&
|
| - !base::ContainsKey(iframe_src_to_element_map_, resource->url())) {
|
| - iframe_src_to_element_map_[resource->url()] = cur_element;
|
| - }
|
| }
|
|
|
| // Next we try to lookup the parent of the current element and add ourselves
|
| @@ -328,23 +319,11 @@ void ThreatDetails::AddDomElement(
|
| HTMLElement* parent_element = nullptr;
|
| if (parent_element_node_id == 0) {
|
| // No parent indicates that this element is at the top of the current frame.
|
| - // This frame could be a child of an iframe in another frame, or it could be
|
| - // at the root of the whole page. If we have a frame URL then we can try to
|
| - // map this element to its parent.
|
| - if (!frame_url.empty()) {
|
| - // First, remember that this element is at the top-level of a frame with
|
| - // our frame URL.
|
| - document_url_to_children_map_[frame_url].insert(cur_element->id());
|
| -
|
| - // Now check if the frame URL matches the src URL of an iframe elsewhere.
|
| - // This means that we processed the parent iframe element earlier, so we
|
| - // can add ourselves as a child of that iframe.
|
| - // If no such iframe exists, it could be processed later, or this element
|
| - // is in the top-level frame and truly has no parent.
|
| - if (base::ContainsKey(iframe_src_to_element_map_, frame_url)) {
|
| - parent_element = iframe_src_to_element_map_[frame_url];
|
| - }
|
| - }
|
| + // Remember that this is a top-level element of the frame with the
|
| + // current |frame_tree_node_id|. If this element is inside an iframe, a
|
| + // second pass will insert this element as a child of its parent iframe.
|
| + frame_tree_id_to_children_map_[frame_tree_node_id].insert(
|
| + cur_element->id());
|
| } else {
|
| // We have a parent ID, so this element is just a child of something inside
|
| // of our current frame. We can easily lookup our parent.
|
| @@ -369,20 +348,6 @@ void ThreatDetails::AddDomElement(
|
| parent_element->add_child_ids(cur_element->id());
|
| }
|
| }
|
| -
|
| - // Finally, we need to check if the current element is the parent of some
|
| - // other elements that came in from another frame earlier. This only happens
|
| - // if we are an iframe, and our src URL exists in
|
| - // document_url_to_children_map_. If there is a match, then all of the
|
| - // children in that map belong to us.
|
| - if (is_frame && resource &&
|
| - base::ContainsKey(document_url_to_children_map_, resource->url())) {
|
| - const std::unordered_set<int>& child_ids =
|
| - document_url_to_children_map_[resource->url()];
|
| - for (const int child_id : child_ids) {
|
| - cur_element->add_child_ids(child_id);
|
| - }
|
| - }
|
| }
|
|
|
| void ThreatDetails::StartCollection() {
|
| @@ -452,19 +417,39 @@ void ThreatDetails::StartCollection() {
|
| void ThreatDetails::OnReceivedThreatDOMDetails(
|
| content::RenderFrameHost* sender,
|
| const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params) {
|
| + // Lookup the FrameTreeNode ID of any child frames in the list of DOM nodes.
|
| + const int sender_process_id = sender->GetProcess()->GetID();
|
| + const int sender_frame_tree_node_id = sender->GetFrameTreeNodeId();
|
| + KeyToFrameTreeIdMap child_frame_tree_map;
|
| + for (const SafeBrowsingHostMsg_ThreatDOMDetails_Node& node : params) {
|
| + if (node.child_frame_routing_id == 0)
|
| + continue;
|
| +
|
| + const std::string cur_element_key =
|
| + GetElementKey(sender_frame_tree_node_id, node.node_id);
|
| + int child_frame_tree_node_id =
|
| + content::RenderFrameHost::GetFrameTreeNodeIdForRoutingId(
|
| + sender_process_id, node.child_frame_routing_id);
|
| + if (child_frame_tree_node_id ==
|
| + content::RenderFrameHost::kNoFrameTreeNodeId) {
|
| + ambiguous_dom_ = true;
|
| + } else {
|
| + child_frame_tree_map[cur_element_key] = child_frame_tree_node_id;
|
| + }
|
| + }
|
| +
|
| // Schedule this in IO thread, so it doesn't conflict with future users
|
| // of our data structures (eg GetSerializedReport).
|
| BrowserThread::PostTask(
|
| BrowserThread::IO, FROM_HERE,
|
| - base::BindOnce(&ThreatDetails::AddDOMDetails, this,
|
| - sender->GetFrameTreeNodeId(),
|
| - sender->GetLastCommittedURL(), params));
|
| + base::Bind(&ThreatDetails::AddDOMDetails, this, sender_frame_tree_node_id,
|
| + params, child_frame_tree_map));
|
| }
|
|
|
| void ThreatDetails::AddDOMDetails(
|
| const int frame_tree_node_id,
|
| - const GURL& frame_last_committed_url,
|
| - const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params) {
|
| + const std::vector<SafeBrowsingHostMsg_ThreatDOMDetails_Node>& params,
|
| + const KeyToFrameTreeIdMap& child_frame_tree_map) {
|
| DCHECK_CURRENTLY_ON(BrowserThread::IO);
|
| DVLOG(1) << "Nodes from the DOM: " << params.size();
|
|
|
| @@ -482,21 +467,9 @@ void ThreatDetails::AddDOMDetails(
|
| if (params.empty())
|
| return;
|
|
|
| - // Try to deduce the URL that the render frame was handling. First check if
|
| - // the summary node from the renderer has a document URL. If not, try looking
|
| - // at the last committed URL of the frame.
|
| - GURL frame_url;
|
| - if (IsReportableUrl(params.back().url)) {
|
| - frame_url = params.back().url;
|
| - } else if (IsReportableUrl(frame_last_committed_url)) {
|
| - frame_url = frame_last_committed_url;
|
| - }
|
| -
|
| - // If we can't figure out which URL the frame was rendering then we don't know
|
| - // where these elements belong in the hierarchy. The DOM will be ambiguous.
|
| - if (frame_url.is_empty()) {
|
| - ambiguous_dom_ = true;
|
| - }
|
| + // Copy FrameTreeNode IDs for the child frame into the combined mapping.
|
| + iframe_key_to_frame_tree_id_map_.insert(child_frame_tree_map.begin(),
|
| + child_frame_tree_map.end());
|
|
|
| // Add the urls from the DOM to |resources_|. The renderer could be sending
|
| // bogus messages, so limit the number of nodes we accept.
|
| @@ -510,9 +483,8 @@ void ThreatDetails::AddDOMDetails(
|
| }
|
| // Check for a tag_name to avoid adding the summary node to the DOM.
|
| if (!node.tag_name.empty()) {
|
| - AddDomElement(frame_tree_node_id, frame_url.spec(), node.node_id,
|
| - node.tag_name, node.parent_node_id, node.attributes,
|
| - resource);
|
| + AddDomElement(frame_tree_node_id, node.node_id, node.tag_name,
|
| + node.parent_node_id, node.attributes, resource);
|
| }
|
| }
|
| }
|
| @@ -525,6 +497,22 @@ void ThreatDetails::AddDOMDetails(
|
| void ThreatDetails::FinishCollection(bool did_proceed, int num_visit) {
|
| DCHECK_CURRENTLY_ON(BrowserThread::IO);
|
|
|
| + // Do a second pass over the elements and update iframe elements to have
|
| + // references to their children. Children may have been received from a
|
| + // different renderer than the iframe element.
|
| + for (auto& element_pair : elements_) {
|
| + const std::string& element_key = element_pair.first;
|
| + HTMLElement* element = element_pair.second.get();
|
| + if (base::ContainsKey(iframe_key_to_frame_tree_id_map_, element_key)) {
|
| + int frame_tree_id_of_iframe_renderer =
|
| + iframe_key_to_frame_tree_id_map_[element_key];
|
| + const std::unordered_set<int>& child_ids =
|
| + frame_tree_id_to_children_map_[frame_tree_id_of_iframe_renderer];
|
| + for (const int child_id : child_ids) {
|
| + element->add_child_ids(child_id);
|
| + }
|
| + }
|
| + }
|
| did_proceed_ = did_proceed;
|
| num_visits_ = num_visit;
|
| std::vector<GURL> urls;
|
|
|
Chromium Code Reviews
Issue 2837603002:
Content API changes to improve DOM stitching in ThreatDetails code. (Closed)
