[Android WebAPK] Canonicalize the webapp scope before sending it to the renderer

This CL changes the WebAPK autoplay logic to canonicalize the scope URL
prior to checking whether the document URL is within the WebAPK's scope.
The scope passed to the renderer comes from a <meta-data> tag in the
WebAPK's Android Manifest.

The value of the scope <meta-data> tag comes
from the scope URL sent by Chrome to the WebAPK Minting server during
WebAPK creation (which is canonicalized). Right now the <meta-data> tag
in the Android Manifest is always canonicalized. We should not assume
this.

Change-Id: I9982420fda7da53ca9a77ed90e9f35de7b00bd28
Reviewed-on: https://chromium-review.googlesource.com/c/1068252
Commit-Queue: Peter Kotwicz <pkotwicz@chromium.org>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Zhiqiang Zhang <zqzhang@chromium.org>
Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
Reviewed-by: Mounir Lamouri <mlamouri@chromium.org>
Cr-Commit-Position: refs/heads/master@{#601425}

chrome/browser/android/tab_android.cc

@@ -890,7 +890,7 @@ void TabAndroid::SetInterceptNavigationDelegate(
 void TabAndroid::SetWebappManifestScope(JNIEnv* env,
                                         const JavaParamRef<jobject>& obj,
                                         const JavaParamRef<jstring>& scope) {
-  webapp_manifest_scope_ = base::android::ConvertJavaStringToUTF8(scope);
+  webapp_manifest_scope_ = GURL(base::android::ConvertJavaStringToUTF8(scope));
 
   if (!web_contents() || !web_contents()->GetRenderViewHost())
     return;

chrome/browser/android/tab_android.h

@@ -253,9 +253,7 @@ class TabAndroid : public CoreTabHelperDelegate,
       const base::android::JavaParamRef<jobject>& obj,
       const base::android::JavaParamRef<jstring>& scope);
 
-  const std::string& GetWebappManifestScope() const {
-    return webapp_manifest_scope_;
-  }
+  const GURL& GetWebappManifestScope() const { return webapp_manifest_scope_; }
 
   void SetPictureInPictureEnabled(
       JNIEnv* env,
@@ -329,7 +327,7 @@ class TabAndroid : public CoreTabHelperDelegate,
   scoped_refptr<content::DevToolsAgentHost> devtools_host_;
   std::unique_ptr<browser_sync::SyncedTabDelegateAndroid> synced_tab_delegate_;
 
-  std::string webapp_manifest_scope_;
+  GURL webapp_manifest_scope_;
   bool picture_in_picture_enabled_;
   bool embedded_media_experience_enabled_;
 

content/public/common/web_preferences.h

@@ -238,7 +238,7 @@ struct CONTENT_EXPORT WebPreferences {
   float device_scale_adjustment;
   bool force_enable_zoom;
   bool fullscreen_supported;
-  std::string media_playback_gesture_whitelist_scope;
+  GURL media_playback_gesture_whitelist_scope;
   GURL default_video_poster_url;
   bool support_deprecated_target_density_dpi;
   bool use_legacy_background_size_shorthand_behavior;

content/renderer/render_view_impl.cc

@@ -825,8 +825,8 @@ void RenderView::ApplyWebPreferences(const WebPreferences& prefs,
   settings->SetFullscreenSupported(prefs.fullscreen_supported);
   web_view->SetIgnoreViewportTagScaleLimits(prefs.force_enable_zoom);
   settings->SetAutoZoomFocusedNodeToLegibleScale(true);
-  settings->SetMediaPlaybackGestureWhitelistScope(
-      blink::WebString::FromUTF8(prefs.media_playback_gesture_whitelist_scope));
+  settings->SetMediaPlaybackGestureWhitelistScope(blink::WebString::FromASCII(
+      prefs.media_playback_gesture_whitelist_scope.spec()));
   settings->SetDefaultVideoPosterURL(
       WebString::FromASCII(prefs.default_video_poster_url.spec()));
   settings->SetSupportDeprecatedTargetDensityDPI(

third_party/blink/renderer/core/html/media/autoplay_policy.cc

@@ -54,6 +54,7 @@ bool IsDocumentWhitelisted(const Document& document) {
   if (whitelist_scope.IsNull() || whitelist_scope.IsEmpty())
     return false;
 
+  DCHECK_EQ(KURL(whitelist_scope).GetString(), whitelist_scope);
   return document.Url().GetString().StartsWith(whitelist_scope);
 }