Allow Signin page to open other chrome:// URLs if login content in <webview>

extensions/browser/guest_view/web_view/web_view_guest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/guest_view/web_view/web_view_guest.h"
 
 #include "base/message_loop/message_loop.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "content/public/browser/browser_context.h"
@@ skipping 1100 matching lines @@
     *was_blocked = false;
   RequestNewWindowPermission(disposition,
                              initial_rect,
                              user_gesture,
                              new_contents);
 }
 
 content::WebContents* WebViewGuest::OpenURLFromTab(
     content::WebContents* source,
     const content::OpenURLParams& params) {
+  // There are two use cases to consider from a security perspective:
+  // 1.) Renderer-initiated nav to chrome:// must always be blocked even if
+  //     the <webview> is in WebUI. This is handled by
+  //     WebViewGuest::NavigateGuest.

[Charlie Reis, 2015/02/18 22:32:06]

nit: It's not obvious how we get to NavigateGuest.  Can you mention the line(s)
below that goes there?  

(Is it LoadURLWithParams?  CreateNewGuestWebViewWindow?  Both?  I don't see it
in either, so I'm concerned that we're not actually covered.)

+  // 2.) The Language Settings context menu item should always work, both in
+  //     Chrome Apps and WebUI. This is a browser initiated request and so
+  //     we pass it along to the embedder's WebContentsDelegate to get the
+  //     browser to perform the action for the <webview>.
+  if (!params.is_renderer_initiated) {
+    if (!owner_web_contents()->GetDelegate())
+      return nullptr;
+    return owner_web_contents()->GetDelegate()->OpenURLFromTab(
+        owner_web_contents(), params);
+  }
+
   // If the guest wishes to navigate away prior to attachment then we save the
   // navigation to perform upon attachment. Navigation initializes a lot of
   // state that assumes an embedder exists, such as RenderWidgetHostViewGuest.
   // Navigation also resumes resource loading which we don't want to allow
   // until attachment.
   if (!attached()) {
     WebViewGuest* opener = GetOpener();
     auto it = opener->pending_new_windows_.find(this);
     if (it == opener->pending_new_windows_.end())
       return nullptr;
@@ skipping 101 matching lines @@
       WebViewGuest::From(owner_web_contents()->GetRenderProcessHost()->GetID(),
                          new_window_instance_id);
   if (!guest)
     return;
 
   if (!allow)
     guest->Destroy();
 }
 
 }  // namespace extensions