Disable cross origin message filtering if frame messaging is enabled.

Messages from cross origin iframes are validated using the corresponding frame ids instead of the web state global window id. This allows features the ability to support cross origin iframes instead of only the main frame and same origin iframes.

Bug: 851636
Cq-Include-Trybots: luci.chromium.try:ios-simulator-cronet;luci.chromium.try:ios-simulator-full-configs
Change-Id: Idd092efaa4e18ae699a91043f37b304e500f4238
Reviewed-on: https://chromium-review.googlesource.com/1227137
Commit-Queue: Mike Dougherty <michaeldo@chromium.org>
Reviewed-by: Eugene But <eugenebut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#591416}

ios/web/web_state/js/resources/message.js

@@ -99,21 +99,41 @@ __gCrWeb.message.invokeQueues = function() {
 };
 
 function sendQueue_(queueObject) {
-  // Do nothing if messaging is suspended or windowId has not been set.
-  if (messaging_suspended_ || typeof window.top.__gCrWeb.windowId != 'string') {
+  if (messaging_suspended_) {
+    // Leave messages queued if messaging is suspended.
     return;
   }
+
+  var windowId = null;
+  try {
+    windowId = window.top.__gCrWeb['windowId'];
+  } catch (e) {
+    // A SecurityError will be thrown if this is a cross origin iframe. Allow
+    // sending the message in this case and it will be filtered by frameID.
+    if (e.name !== 'SecurityError') {
+      throw e;
+    }
+  }
+
+  // Do nothing if windowId has not been set.
+  if (typeof windowId != 'string') {
+    return;
+  }
+
   // Some pages/plugins implement Object.prototype.toJSON, which can result
   // in serializing messageQueue_ to an invalid format.
   var originalObjectToJSON = Object.prototype.toJSON;
   if (originalObjectToJSON) delete Object.prototype.toJSON;
 
   queueObject.queue.forEach(function(command) {
-    __gCrWeb.common.sendWebKitMessage(queueObject.scheme, {
+    var message = {
       'crwCommand': command,
-      'crwFrameId': __gCrWeb.message['getFrameId'](),
-      'crwWindowId': window.top.__gCrWeb['windowId']
-    });
+      'crwFrameId': __gCrWeb.message['getFrameId']()
+    };
+    if (windowId) {
+      message['crwWindowId'] = windowId;
+    }
+    __gCrWeb.common.sendWebKitMessage(queueObject.scheme, message);
   });
   queueObject.reset();
 

ios/web/web_state/ui/crw_web_controller.mm

@@ -2426,17 +2426,6 @@ registerLoadRequestForURL:(const GURL&)requestURL
 }
 
 - (BOOL)respondToWKScriptMessage:(WKScriptMessage*)scriptMessage {
-  GURL messageFrameOrigin = web::GURLOriginWithWKSecurityOrigin(
-      scriptMessage.frameInfo.securityOrigin);
-  if (!scriptMessage.frameInfo.mainFrame &&
-      messageFrameOrigin.GetOrigin() != _documentURL.GetOrigin()) {
-    // Messages from cross-origin iframes are not currently supported.
-    // |scriptMessage.frameInfo.securityOrigin| returns opener's origin for
-    // about:blank pages, so it is important to allow all messages coming from
-    // the main frame, even if messageFrameOrigin and _documentURL have
-    // different origins.
-    return NO;
-  }
   if (![scriptMessage.name isEqualToString:kScriptMessageName]) {
     return NO;
   }
@@ -2447,15 +2436,7 @@ registerLoadRequestForURL:(const GURL&)requestURL
   if (!messageAsValue || !messageAsValue->GetAsDictionary(&message)) {
     return NO;
   }
-  std::string windowID;
-  message->GetString("crwWindowId", &windowID);
-  // Check for correct windowID
-  if (base::SysNSStringToUTF8([_windowIDJSManager windowID]) != windowID) {
-    DLOG(WARNING) << "Message from JS ignored due to non-matching windowID: " <<
-        [_windowIDJSManager windowID]
-                  << " != " << base::SysUTF8ToNSString(windowID);
-    return NO;
-  }
+
   web::WebFrame* senderFrame = nullptr;
   std::string frameID;
   if (message->GetString("crwFrameId", &frameID)) {
@@ -2463,6 +2444,38 @@ registerLoadRequestForURL:(const GURL&)requestURL
         web::WebFramesManagerImpl::FromWebState([self webState]);
     senderFrame = framesManager->GetFrameWithId(frameID);
   }
+
+  if (base::FeatureList::IsEnabled(web::features::kWebFrameMessaging)) {
+    // Message must be associated with a current frame.
+    if (!senderFrame) {
+      return NO;
+    }
+  } else {
+    GURL messageFrameOrigin = web::GURLOriginWithWKSecurityOrigin(
+        scriptMessage.frameInfo.securityOrigin);
+    if (!scriptMessage.frameInfo.mainFrame &&
+        messageFrameOrigin.GetOrigin() != _documentURL.GetOrigin()) {
+      // Messages from cross-origin iframes are not currently supported.
+      // |scriptMessage.frameInfo.securityOrigin| returns opener's origin for
+      // about:blank pages, so it is important to allow all messages coming from
+      // the main frame, even if messageFrameOrigin and _documentURL have
+      // different origins.
+      return NO;
+    }
+
+    std::string windowID;
+    // If windowID exists, it must match the ID from the main frame.
+    if (message->GetString("crwWindowId", &windowID)) {
+      if (base::SysNSStringToUTF8([_windowIDJSManager windowID]) != windowID) {
+        DLOG(WARNING)
+            << "Message from JS ignored due to non-matching windowID: "
+            << base::SysNSStringToUTF8([_windowIDJSManager windowID])
+            << " != " << windowID;
+        return NO;
+      }
+    }
+  }
+
   base::DictionaryValue* command = nullptr;
   if (!message->GetDictionary("crwCommand", &command)) {
     return NO;