Made renderer-initiated requests registration more reliable.

ios/web/web_state/ui/crw_web_controller.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/web_state/ui/crw_web_controller.h"
 
 #import <WebKit/WebKit.h>
 
 #import <objc/runtime.h>
 #include <stddef.h>
@@ skipping 4417 matching lines @@
     BOOL previousItemWasLoadedInNativeView =
         [self shouldLoadURLInNativeView:lastCommittedURL];
     if (!isFirstLoad && !previousItemWasLoadedInNativeView)
       [self.sessionController discardNonCommittedItems];
   }
 
   handler(allowNavigation ? WKNavigationResponsePolicyAllow
                           : WKNavigationResponsePolicyCancel);
 }
 
-// TODO(stuartmorgan): Move all the guesswork around these states out of the
-// superclass, and wire these up to the remaining methods.
 - (void)webView:(WKWebView*)webView
     didStartProvisionalNavigation:(WKNavigation*)navigation {
   [_navigationStates setState:web::WKNavigationState::STARTED
                 forNavigation:navigation];
 
-  if (navigation &&
-      ![[_navigationStates lastAddedNavigation] isEqual:navigation]) {
-    // |navigation| is not the latest navigation and will be cancelled.
-    // Ignore |navigation| as a new navigation will start soon.
-    return;
-  }
-
   GURL webViewURL = net::GURLWithNSURL(webView.URL);
   if (webViewURL.is_empty()) {
     // May happen on iOS9, however in didCommitNavigation: callback the URL
     // will be "about:blank".
     webViewURL = GURL(url::kAboutBlankURL);
   }
 
-  // Intercept renderer-initiated navigations. If this navigation has not yet
-  // been registered, do so. loadPhase check is necessary because
-  // lastRegisteredRequestURL may be the same as the webViewURL on a new tab
-  // created by window.open (default is about::blank).
-  if (_lastRegisteredRequestURL != webViewURL ||
-      self.loadPhase != web::LOAD_REQUESTED) {
-    // Reset current WebUI if one exists.
-    [self clearWebUI];
+  web::NavigationContextImpl* context =
+      [_navigationStates contextForNavigation:navigation];
+  if (context) {
+    // This is already seen and registered navigation.
+
+    if (context->GetUrl() != webViewURL) {
+      // Update last seen URL because it may be changed by WKWebView (f.e. by
+      // performing characters escaping).
+      web::NavigationItem* item = web::GetItemWithUniqueID(
+          self.navigationManagerImpl, context->GetNavigationItemUniqueID());
+      if (item) {
+        item->SetVirtualURL(webViewURL);
+        item->SetURL(webViewURL);
+      }
+
+      _lastRegisteredRequestURL = webViewURL;
+    }
+    return;
+  }
+
+  // This is renderer-initiated navigation which was not seen before and should
+  // be registered.
+
+  [self clearWebUI];
+
+  if (web::GetWebClient()->IsAppSpecificURL(webViewURL)) {
     // Restart app specific URL loads to properly capture state.
     // TODO(crbug.com/546347): Extract necessary tasks for app specific URL
     // navigation rather than restarting the load.
-    if (web::GetWebClient()->IsAppSpecificURL(webViewURL)) {
-      // Renderer-initiated loads of WebUI can be done only from other WebUI
-      // pages. WebUI pages may have increased power and using the same web
-      // process (which may potentially be controller by an attacker) is
-      // dangerous.
-      if (web::GetWebClient()->IsAppSpecificURL(_documentURL)) {
-        [self abortLoad];
-        NavigationManager::WebLoadParams params(webViewURL);
-        [self loadWithParams:params];
-      }
-      return;
-    } else {
-      std::unique_ptr<web::NavigationContextImpl> navigationContext =
-          [self registerLoadRequestForURL:webViewURL];
-      [_navigationStates setContext:std::move(navigationContext)
-                      forNavigation:navigation];
+
+    // Renderer-initiated loads of WebUI can be done only from other WebUI
+    // pages. WebUI pages may have increased power and using the same web
+    // process (which may potentially be controller by an attacker) is
+    // dangerous.
+    if (web::GetWebClient()->IsAppSpecificURL(_documentURL)) {
+      [self abortLoad];
+      NavigationManager::WebLoadParams params(webViewURL);
+      [self loadWithParams:params];
     }
+    return;
   }
 
-  // Ensure the URL is registered and loadPhase is as expected.
-  DCHECK(_lastRegisteredRequestURL == webViewURL);
+  std::unique_ptr<web::NavigationContextImpl> navigationContext =
+      [self registerLoadRequestForURL:webViewURL];
+  [_navigationStates setContext:std::move(navigationContext)
+                  forNavigation:navigation];
   DCHECK(self.loadPhase == web::LOAD_REQUESTED);
 }
 
 - (void)webView:(WKWebView*)webView
     didReceiveServerRedirectForProvisionalNavigation:(WKNavigation*)navigation {
   [_navigationStates setState:web::WKNavigationState::REDIRECTED
                 forNavigation:navigation];
 
   // It is fine to ignore returned NavigationContext. Context does not change
   // for redirect and old context stored _navigationStates is valid and it
@@ skipping 738 matching lines @@
 - (NSUInteger)observerCount {
   DCHECK_EQ(_observerBridges.size(), [_observers count]);
   return [_observers count];
 }
 
 - (NSString*)referrerFromNavigationAction:(WKNavigationAction*)action {
   return [action.request valueForHTTPHeaderField:kReferrerHeaderName];
 }
 
 @end