Measure `unsafe-url` usage.

We never landed metrics to measure the impact of the proposal in https://github.com/w3c/webappsec-referrer-policy/pull/124. This patch remedies that oversight. Bug: 1158426 Change-Id: Iccde2a755d7003a401a80e6c085a5ad97ac87389 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2589875Reviewed-by: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#837484}

Measure `unsafe-url` usage.
We never landed metrics to measure the impact of the proposal in https://github.com/w3c/webappsec-referrer-policy/pull/124. This patch remedies that oversight. Bug: 1158426 Change-Id: Iccde2a755d7003a401a80e6c085a5ad97ac87389 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2589875Reviewed-by: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Commit-Queue: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#837484}
70d0600a · Mike West · Chromium LUCI CQ · 9bb9dc3a · 70d0600a · 70d0600a
Commit 70d0600a authored Dec 16, 2020 by Mike West Committed by Chromium LUCI CQ Dec 16, 2020
9 changed files
--- a/third_party/blink/public/mojom/web_feature/web_feature.mojom
+++ b/third_party/blink/public/mojom/web_feature/web_feature.mojom
@@ -3064,6 +3064,7 @@ enum WebFeature {
  kCrossOriginSubframeWithoutEmbeddingControl = 3742,
  kReadableStreamWithByteSource = 3743,
  kReadableStreamBYOBReader = 3744,
+  kSetReferrerPolicyUnsafeUrlInSecureContext = 3745,
  // Add new features immediately above this line. Don't change assigned
  // numbers of any item, and don't reuse removed slots.

--- a/third_party/blink/renderer/core/execution_context/execution_context.cc
+++ b/third_party/blink/renderer/core/execution_context/execution_context.cc
@@ -406,6 +406,11 @@ void ExecutionContext::SetReferrerPolicy(
  UseCounter::Count(this, WebFeature::kSetReferrerPolicy);
  if (referrer_policy_ != network::mojom::ReferrerPolicy::kDefault)
    UseCounter::Count(this, WebFeature::kResetReferrerPolicy);
+  if (IsSecureContext() &&
+      referrer_policy == network::mojom::ReferrerPolicy::kAlways) {
+    UseCounter::Count(this,
+                      WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+  }
  referrer_policy_ = referrer_policy;
 }

--- a/third_party/blink/renderer/core/html/html_anchor_element.cc
+++ b/third_party/blink/renderer/core/html/html_anchor_element.cc
@@ -505,6 +505,11 @@ void HTMLAnchorElement::HandleClick(Event& event) {
      !HasRel(kRelationNoReferrer)) {
    UseCounter::Count(GetDocument(),
                      WebFeature::kHTMLAnchorElementReferrerPolicyAttribute);
+    if (GetDocument().GetExecutionContext()->IsSecureContext() &&
+        policy == network::mojom::ReferrerPolicy::kAlways) {
+      UseCounter::Count(GetDocument(),
+                        WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+    }
    request.SetReferrerPolicy(policy);
  }

--- a/third_party/blink/renderer/core/html/html_iframe_element.cc
+++ b/third_party/blink/renderer/core/html/html_iframe_element.cc
@@ -184,6 +184,12 @@ void HTMLIFrameElement::ParseAttribute(
          value, kSupportReferrerPolicyLegacyKeywords, &referrer_policy_);
      UseCounter::Count(GetDocument(),
                        WebFeature::kHTMLIFrameElementReferrerPolicyAttribute);
+      if (GetDocument().GetExecutionContext()->IsSecureContext() &&
+          referrer_policy_ == network::mojom::ReferrerPolicy::kAlways) {
+        UseCounter::Count(
+            GetDocument(),
+            WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+      }
    }
  } else if (name == html_names::kAllowfullscreenAttr) {
    bool old_allow_fullscreen = allow_fullscreen_;

--- a/third_party/blink/renderer/core/html/html_image_element.cc
+++ b/third_party/blink/renderer/core/html/html_image_element.cc
@@ -286,7 +286,11 @@ void HTMLImageElement::ParseAttribute(
          params.new_value, kSupportReferrerPolicyLegacyKeywords,
          &referrer_policy_);
    }
+    if (GetDocument().GetExecutionContext()->IsSecureContext() &&
+        referrer_policy_ == network::mojom::ReferrerPolicy::kAlways) {
+      UseCounter::Count(GetDocument(),
+                        WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+    }
    if (referrer_policy_ != old_referrer_policy) {
      GetImageLoader().UpdateFromElement(
          ImageLoader::kUpdateIgnorePreviousError, referrer_policy_);

--- a/third_party/blink/renderer/core/html/html_link_element.cc
+++ b/third_party/blink/renderer/core/html/html_link_element.cc
@@ -122,6 +122,12 @@ void HTMLLinkElement::ParseAttribute(
          value, kDoNotSupportReferrerPolicyLegacyKeywords, &referrer_policy_);
      UseCounter::Count(GetDocument(),
                        WebFeature::kHTMLLinkElementReferrerPolicyAttribute);
+      if (GetDocument().GetExecutionContext()->IsSecureContext() &&
+          referrer_policy_ == network::mojom::ReferrerPolicy::kAlways) {
+        UseCounter::Count(
+            GetDocument(),
+            WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+      }
    }
  } else if (name == html_names::kSizesAttr) {
    sizes_->DidUpdateAttributeValue(params.old_value, value);

--- a/third_party/blink/renderer/core/html/portal/html_portal_element.cc
+++ b/third_party/blink/renderer/core/html/portal/html_portal_element.cc
@@ -494,6 +494,12 @@ void HTMLPortalElement::ParseAttribute(
      SecurityPolicy::ReferrerPolicyFromString(
          params.new_value, kDoNotSupportReferrerPolicyLegacyKeywords,
          &referrer_policy_);
+      if (GetDocument().GetExecutionContext()->IsSecureContext() &&
+          referrer_policy_ == network::mojom::ReferrerPolicy::kAlways) {
+        UseCounter::Count(
+            GetDocument(),
+            WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+      }
    }
    return;
  }

--- a/third_party/blink/renderer/core/script/script_loader.cc
+++ b/third_party/blink/renderer/core/script/script_loader.cc
@@ -464,6 +464,11 @@ bool ScriptLoader::PrepareScript(const TextPosition& script_start_position,
    SecurityPolicy::ReferrerPolicyFromString(
        referrerpolicy_attr, kDoNotSupportReferrerPolicyLegacyKeywords,
        &referrer_policy);
+    if (context_window->IsSecureContext() &&
+        referrer_policy == network::mojom::ReferrerPolicy::kAlways) {
+      UseCounter::Count(*context_window,
+                        WebFeature::kSetReferrerPolicyUnsafeUrlInSecureContext);
+    }
  }
  // Priority Hints is currently a non-standard feature, but we can assume the

--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -30679,6 +30679,7 @@ Called by update_use_counter_feature_enum.py.-->
  <int value="3742" label="CrossOriginSubframeWithoutEmbeddingControl"/>
  <int value="3743" label="ReadableStreamWithByteSource"/>
  <int value="3744" label="ReadableStreamBYOBReader"/>
+  <int value="3745" label="SetReferrerPolicyUnsafeUrlInSecureContext"/>
 </enum>
 <enum name="FeaturePolicyAllowlistType">