Don't propagate SessionStorage when noopener is set

When a browsing context is opened with the noopener flag set, do not clone its SessionStorage from the opener's SessionStorage Bug: 771959 Change-Id: I3040d8c0f490198f3414fb9b9108cfccca0da486 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1809006 Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#831044}

Don't propagate SessionStorage when noopener is set
When a browsing context is opened with the noopener flag set, do not clone its SessionStorage from the opener's SessionStorage Bug: 771959 Change-Id: I3040d8c0f490198f3414fb9b9108cfccca0da486 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1809006 Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#831044}
575e18a4 · Eric Lawrence · Commit Bot · 17aeea03 · 575e18a4 · 575e18a4
Commit 575e18a4 authored Nov 25, 2020 by Eric Lawrence Committed by Commit Bot Nov 25, 2020
8 changed files
--- a/content/browser/dom_storage/dom_storage_browsertest.cc
+++ b/content/browser/dom_storage/dom_storage_browsertest.cc
@@ -7,6 +7,7 @@
 #include "base/files/file_util.h"
 #include "base/run_loop.h"
 #include "base/test/bind.h"
+#include "base/test/scoped_feature_list.h"
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 #include "components/services/storage/dom_storage/legacy_dom_storage_database.h"
@@ -199,4 +200,28 @@ IN_PROC_BROWSER_TEST_F(DOMStorageBrowserTest, DataMigrates) {
  }
 }
+// Verify that when kCloneSessionStorageForNoOpener is enabled, sessionStorage
+// is cloned for popups even when |noopener| is specified.
+// TODO(crbug.com/1151381): Remove in Chrome 92.
+class DOMStorageCloningBrowserTest : public ContentBrowserTest {
+ public:
+  DOMStorageCloningBrowserTest() {
+    feature_list_.InitAndEnableFeature(
+        blink::features::kCloneSessionStorageForNoOpener);
+  }
+  void PopupTest(const GURL& test_url, const std::string& expected) {
+    NavigateToURLBlockUntilNavigationsComplete(shell(), test_url, 2);
+    std::string result = shell()->web_contents()->GetLastCommittedURL().ref();
+    EXPECT_EQ(result, expected);
+  }
+ private:
+  base::test::ScopedFeatureList feature_list_;
+};
+IN_PROC_BROWSER_TEST_F(DOMStorageCloningBrowserTest, NoOpenerTest) {
+  PopupTest(GetTestUrl("dom_storage", "noopener_cloning.html"), "firstTab");
+}
 }  // namespace content
--- a/content/renderer/render_view_impl.cc
+++ b/content/renderer/render_view_impl.cc
@@ -23,6 +23,7 @@
 #include "content/renderer/agent_scheduling_group.h"
 #include "content/renderer/render_frame_proxy.h"
 #include "content/renderer/render_thread_impl.h"
+#include "third_party/blink/public/common/features.h"
 #include "third_party/blink/public/platform/modules/video_capture/web_video_capture_impl_manager.h"
 #include "third_party/blink/public/platform/url_conversion.h"
 #include "third_party/blink/public/web/modules/mediastream/web_media_stream_device_observer.h"
@@ -364,11 +365,12 @@ WebView* RenderViewImpl::CreateView(
  params->window_container_type = WindowFeaturesToContainerType(features);
  params->session_storage_namespace_id = session_storage_namespace_id;
-  // TODO(dmurph): Don't copy session storage when features.noopener is true:
+  if (!features.noopener ||
-  // https://html.spec.whatwg.org/multipage/browsers.html#copy-session-storage
+      base::FeatureList::IsEnabled(
-  // https://crbug.com/771959
+          blink::features::kCloneSessionStorageForNoOpener)) {
    params->clone_from_session_storage_namespace_id =
        session_storage_namespace_id_;
+  }
  const std::string& frame_name_utf8 = frame_name.Utf8(
      WebString::UTF8ConversionMode::kStrictReplacingErrorsWithFFFD);

--- a/content/test/data/dom_storage/noopener_cloning.html
+++ b/content/test/data/dom_storage/noopener_cloning.html
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Open a new window with noopener</title>
+</head>
+<body>
+<script>
+    var storage = window.sessionStorage;
+    storage.clear();
+    storage.setItem('setBy', 'firstTab');
+    let channel = new BroadcastChannel('storage_session_window_noopener');
+    channel.addEventListener('message', function(e) {
+        document.location.hash = '#'+e.data.setBy;
+    });
+    var win = window.open('session_storage_popup.html', '_blank', 'noopener');
+</script>
+</body>
+</html>
--- a/content/test/data/dom_storage/session_storage_popup.html
+++ b/content/test/data/dom_storage/session_storage_popup.html
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Second page</title>
+</head>
+<body>
+<script>
+var storage = window.sessionStorage;
+let channel = new BroadcastChannel('storage_session_window_noopener');
+channel.postMessage({'setBy': storage.getItem('setBy')}, '*');
+window.close();
+</script>
+</body>
+</html>
--- a/third_party/blink/common/features.cc
+++ b/third_party/blink/common/features.cc
@@ -829,5 +829,11 @@ const base::Feature kTargetBlankImpliesNoOpener{
 // TODO(crbug.com/1152307): Remove in M91.
 const base::Feature kMediaStreamTrackUseConfigMaxFrameRate{
    "MediaStreamTrackUseConfigMaxFrameRate", base::FEATURE_DISABLED_BY_DEFAULT};
+// Kill switch for the new behavior whereby noopener windows no longer get their
+// sessionStorage cloned from their originator. TODO(crbug.com/1151381): Remove
+// in Chrome 92.
+const base::Feature kCloneSessionStorageForNoOpener{
+    "CloneSessionStorageForNoOpener", base::FEATURE_DISABLED_BY_DEFAULT};
 }  // namespace features
 }  // namespace blink
--- a/third_party/blink/public/common/features.h
+++ b/third_party/blink/public/common/features.h
@@ -341,6 +341,8 @@ BLINK_COMMON_EXPORT extern const base::Feature kTargetBlankImpliesNoOpener;
 BLINK_COMMON_EXPORT extern const base::Feature
    kMediaStreamTrackUseConfigMaxFrameRate;
+BLINK_COMMON_EXPORT extern const base::Feature kCloneSessionStorageForNoOpener;
 }  // namespace features
 }  // namespace blink

--- a/third_party/blink/renderer/core/page/create_window.cc
+++ b/third_party/blink/renderer/core/page/create_window.cc
@@ -297,11 +297,11 @@ Frame* CreateNewWindow(LocalFrame& opener_frame,
      AllocateSessionStorageNamespaceId();
  Page* old_page = opener_frame.GetPage();
-  // TODO(dmurph): Don't copy session storage when features.noopener is true:
+  if (!features.noopener ||
-  // https://html.spec.whatwg.org/C/#copy-session-storage
+      base::FeatureList::IsEnabled(features::kCloneSessionStorageForNoOpener)) {
-  // https://crbug.com/771959
    CoreInitializer::GetInstance().CloneSessionStorage(old_page,
                                                       new_namespace_id);
+  }
  bool consumed_user_gesture = false;
  Page* page = old_page->GetChromeClient().CreateWindow(

--- a/third_party/blink/web_tests/external/wpt/webstorage/storage_session_window_noopener-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/webstorage/storage_session_window_noopener-expected.txt
-This is a testharness.js-based test.
-FAIL A new noopener window to make sure there is a not copy of the previous window's sessionStorage assert_equals: storage.getItem('FOO') expected (object) null but got (string) "BAR"
-Harness: the test ran to completion.