-
Ulan Degenbaev authored
The existing implementation measures memory usage of the main JS agent and reports URLs of the JS realms in the agent. The algorithm for mapping a JS realm to its reported URL walks the frame tree upwards to find the top-most cross-origin frame. The algorithm incorrectly assumed that all frames the path are local frames since the realms are local. This does not hold in the ABA case, where the main origin A embeds an iframe from origin B that in turn embeds an iframe from origin A. In such a case, the main JS realm and the grandchild realm are in the same JS agent and their frames are local. However, the child frame B is a remote frame. This CL fixes the algorithm to work both with local and remote frames. The URL of a remote frame can no longer be fetched from its document. Instead, it is fetched from the src attribute of the owner iframe element. This aligns with the upcoming spec and fixes the leak of post-server-redirect URLs. The CL also removes LocalFrame::FirstUrlCrossOriginToParent that is no longer needed. Bug: 1093880,1084999 Change-Id: I7a57a17701448d0fe210a66c7bdb8c0229fa5149 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2246175 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Daniel Cheng <dcheng@chromium.org> Reviewed-by:
Kentaro Hara <haraken@chromium.org> Cr-Commit-Position: refs/heads/master@{#780319}
5775ff8c
