[Document Policy] Fix Document Policy lost issue in XSLT documents

This CL fixes the missing Document Policy issue for XSLT document. The fix is similar to the previous fix on Permissions Policy. See https://chromium-review.googlesource.com/c/chromium/src/+/2561144. Bug: 1151954 Change-Id: Ie080c360ddc70ac46a63d5166b3830752ecdd94e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2563440 Commit-Queue: Charlie Hu <chenleihu@google.com> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#833361}

[Document Policy] Fix Document Policy lost issue in XSLT documents
This CL fixes the missing Document Policy issue for XSLT document. The fix is similar to the previous fix on Permissions Policy. See https://chromium-review.googlesource.com/c/chromium/src/+/2561144. Bug: 1151954 Change-Id: Ie080c360ddc70ac46a63d5166b3830752ecdd94e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2563440 Commit-Queue: Charlie Hu <chenleihu@google.com> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#833361}
8fb68e33 · Charlie Hu · Chromium LUCI CQ · b8b242f8 · 8fb68e33 · 8fb68e33
Commit 8fb68e33 authored Dec 03, 2020 by Charlie Hu Committed by Chromium LUCI CQ Dec 03, 2020
10 changed files
--- a/third_party/blink/common/feature_policy/document_policy.cc
+++ b/third_party/blink/common/feature_policy/document_policy.cc
@@ -21,6 +21,21 @@ std::unique_ptr<DocumentPolicy> DocumentPolicy::CreateWithHeaderPolicy(
                                header_policy.endpoint_map, feature_defaults);
 }
+// static
+std::unique_ptr<DocumentPolicy> DocumentPolicy::CopyStateFrom(
+    const DocumentPolicy* source) {
+  if (!source)
+    return nullptr;
+  std::unique_ptr<DocumentPolicy> new_policy =
+      DocumentPolicy::CreateWithHeaderPolicy(
+          {/* header_policy */ {}, /* endpoint_map */ {}});
+  new_policy->internal_feature_state_ = source->internal_feature_state_;
+  new_policy->endpoint_map_ = source->endpoint_map_;
+  return new_policy;
+}
 namespace {
 net::structured_headers::Item PolicyValueToItem(const PolicyValue& value) {
  switch (value.Type()) {

--- a/third_party/blink/public/common/feature_policy/document_policy.h
+++ b/third_party/blink/public/common/feature_policy/document_policy.h
@@ -76,6 +76,8 @@ class BLINK_COMMON_EXPORT DocumentPolicy {
  static std::unique_ptr<DocumentPolicy> CreateWithHeaderPolicy(
      const ParsedDocumentPolicy& header_policy);
+  static std::unique_ptr<DocumentPolicy> CopyStateFrom(const DocumentPolicy*);
  // Returns true if the feature is unrestricted (has its default value for the
  // platform)
  bool IsFeatureEnabled(mojom::DocumentPolicyFeature feature) const;
@@ -131,9 +133,10 @@ class BLINK_COMMON_EXPORT DocumentPolicy {
  void UpdateFeatureState(const DocumentPolicyFeatureState& feature_state);
  // Internal feature state is represented as an array to avoid overhead
-  // in using container classes.
+  // of indexing into map like structure.
-  PolicyValue internal_feature_state_
+  std::array<PolicyValue,
-      [static_cast<size_t>(mojom::DocumentPolicyFeature::kMaxValue) + 1];
+             static_cast<size_t>(mojom::DocumentPolicyFeature::kMaxValue) + 1>
+      internal_feature_state_;
  FeatureEndpointMap endpoint_map_;

--- a/third_party/blink/renderer/core/execution_context/security_context_init.cc
+++ b/third_party/blink/renderer/core/execution_context/security_context_init.cc
@@ -273,4 +273,12 @@ void SecurityContextInit::InitFeaturePolicyFrom(const SecurityContext& other) {
  security_context.SetReportOnlyFeaturePolicy(
      FeaturePolicy::CopyStateFrom(other.GetReportOnlyFeaturePolicy()));
 }
+void SecurityContextInit::InitDocumentPolicyFrom(const SecurityContext& other) {
+  auto& security_context = execution_context_->GetSecurityContext();
+  security_context.SetDocumentPolicy(
+      DocumentPolicy::CopyStateFrom(other.GetDocumentPolicy()));
+  security_context.SetReportOnlyDocumentPolicy(
+      DocumentPolicy::CopyStateFrom(other.GetReportOnlyDocumentPolicy()));
+}
 }  // namespace blink
--- a/third_party/blink/renderer/core/execution_context/security_context_init.h
+++ b/third_party/blink/renderer/core/execution_context/security_context_init.h
@@ -36,6 +36,13 @@ class CORE_EXPORT SecurityContextInit {
  // does not have header information available.
  void InitFeaturePolicyFrom(const SecurityContext& other);
+  // Init |document_policy_| and |report_only_document_policy_| by copying
+  // state from another security context instance.
+  // Used to carry document policy information from previous document
+  // to current document during XSLT navigation, because XSLT navigation
+  // does not have header information available.
+  void InitDocumentPolicyFrom(const SecurityContext& other);
  void ApplyFeaturePolicy(LocalFrame* frame,
                          const ResourceResponse& response,
                          const base::Optional<WebOriginPolicy>& origin_policy,

--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -1688,34 +1688,35 @@ void DocumentLoader::CommitNavigation() {
  SecurityContextInit security_init(frame_->DomWindow());
-  // The document constructed by XSLTProcessor should inherit Feature Policy
+  // The document constructed by XSLTProcessor should inherit Feature Policy and
-  // from the previous Document. Note: In XSLT commit, |response_| no longer
+  // Document Policy from the previous Document. Note: In XSLT commit,
-  // holds header fields. Going through regular initialization will cause empty
+  // |response_| no longer holds header fields. Going through regular
-  // policy even if there is header on xml document.
+  // initialization will cause empty policy even if there is header on xml
-  // TODO(crbug.com/1151954): Fix the problem for Document Policy as well.
+  // document.
  if (commit_reason_ == CommitReason::kXSLT) {
    DCHECK(response_.HttpHeaderField(http_names::kFeaturePolicy).IsEmpty());
    DCHECK(response_.HttpHeaderField(http_names::kPermissionsPolicy).IsEmpty());
+    DCHECK(response_.HttpHeaderField(http_names::kDocumentPolicy).IsEmpty());
    security_init.InitFeaturePolicyFrom(previous_window->GetSecurityContext());
+    security_init.InitDocumentPolicyFrom(previous_window->GetSecurityContext());
  } else {
    // FeaturePolicy and DocumentPolicy require SecurityOrigin and origin trials
    // to be initialized.
    // TODO(iclelland): Add Feature-Policy-Report-Only to Origin Policy.
    security_init.ApplyFeaturePolicy(frame_.Get(), response_, origin_policy_,
                                     frame_policy_);
+    // |document_policy_| is parsed in document loader because it is
+    // compared with |frame_policy.required_document_policy| to decide
+    // whether to block the document load or not.
+    // |report_only_document_policy| does not block the page load. Its
+    // initialization is delayed to
+    // SecurityContextInit::InitializeDocumentPolicy(), similar to
+    // |report_only_feature_policy|.
+    security_init.ApplyDocumentPolicy(
+        document_policy_,
+        response_.HttpHeaderField(http_names::kDocumentPolicyReportOnly));
  }
-  // |document_policy_| is parsed in document loader because it is
-  // compared with |frame_policy.required_document_policy| to decide
-  // whether to block the document load or not.
-  // |report_only_document_policy| does not block the page load. Its
-  // initialization is delayed to
-  // SecurityContextInit::InitializeDocumentPolicy(), similar to
-  // |report_only_feature_policy|.
-  security_init.ApplyDocumentPolicy(
-      document_policy_,
-      response_.HttpHeaderField(http_names::kDocumentPolicyReportOnly));
  navigation_scroll_allowed_ = !frame_->DomWindow()->IsFeatureEnabled(
      mojom::blink::DocumentPolicyFeature::kForceLoadAtTop);

--- a/third_party/blink/web_tests/http/tests/document-policy/document-policy-in-xsl.php
+++ b/third_party/blink/web_tests/http/tests/document-policy/document-policy-in-xsl.php
+<?php
+header("Document-Policy: oversized-images=2.0");
+header("Content-Type: application/xml");
+echo '<?xml version="1.0"?>
+<?xml-stylesheet href="resources/document-policy-in-xsl.xslt" type="text/xsl"?>
+<page>
+</page>';
+?>
--- a/third_party/blink/web_tests/http/tests/document-policy/document-policy-report-only-in-xsl.php
+++ b/third_party/blink/web_tests/http/tests/document-policy/document-policy-report-only-in-xsl.php
+<?php
+header("Document-Policy-Report-Only: oversized-images=2.0");
+header("Content-Type: application/xml");
+echo '<?xml version="1.0"?>
+<?xml-stylesheet href="resources/document-policy-report-only-in-xsl.xslt" type="text/xsl"?>
+<page>
+</page>';
+?>
--- a/third_party/blink/web_tests/http/tests/document-policy/resources/document-policy-in-xsl.xslt
+++ b/third_party/blink/web_tests/http/tests/document-policy/resources/document-policy-in-xsl.xslt
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+              xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="page">
+  <html>
+    <head>
+      <title> Test XSLT </title>
+      <script src="../../resources/testharness.js"></script>
+      <script src="../../resources/testharnessreport.js"></script>
+      <script>
+        // The page is expected to have 'oversized-images' threshold
+        // set to 2.0, i.e. images with actual_size / display_size ratio
+        // > 2.0 should be replaced with placeholder images. A violation
+        // report is also expected to be generated.
+        async_test(t => {
+          new ReportingObserver(t.step_func_done((reports, _) => {
+            assert_equals(reports.length, 1);
+            const report = reports[0];
+            assert_equals(report.type, 'document-policy-violation');
+            assert_equals(report.body.featureId, 'oversized-images');
+            assert_equals(report.body.disposition, 'enforce');
+          }), {types: ['document-policy-violation']}).observe();
+        });
+      </script>
+    </head>
+    <body bgcolor="#ffffff">
+      <img src="resources/green-256x256.jpg" width="100"></img>
+    </body>
+  </html>
+</xsl:template>
+</xsl:stylesheet>
\ No newline at end of file
--- a/third_party/blink/web_tests/http/tests/document-policy/resources/document-policy-report-only-in-xsl.xslt
+++ b/third_party/blink/web_tests/http/tests/document-policy/resources/document-policy-report-only-in-xsl.xslt
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0"
+              xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="page">
+  <html>
+    <head>
+      <title> Test XSLT </title>
+      <script src="../../resources/testharness.js"></script>
+      <script src="../../resources/testharnessreport.js"></script>
+      <script>
+        // The page is expected to have 'oversized-images' threshold
+        // set to 2.0 in report only mode, i.e. images with
+        // actual_size / display_size ratio > 2.0 should generate
+        // violation reports.
+        async_test(t => {
+          new ReportingObserver(t.step_func_done((reports, _) => {
+            assert_equals(reports.length, 1);
+            const report = reports[0];
+            assert_equals(report.type, 'document-policy-violation');
+            assert_equals(report.body.featureId, 'oversized-images');
+            assert_equals(report.body.disposition, 'report');
+          }), {types: ['document-policy-violation']}).observe();
+        });
+      </script>
+    </head>
+    <body bgcolor="#ffffff">
+      <img src="resources/green-256x256.jpg" width="100"></img>
+    </body>
+  </html>
+</xsl:template>
+</xsl:stylesheet>
\ No newline at end of file
--- a/third_party/blink/web_tests/http/tests/document-policy/resources/green-256x256.jpg
+++ b/third_party/blink/web_tests/http/tests/document-policy/resources/green-256x256.jpg