Add support for detecting attributed events to isInputPending

This updates the isInputPending implementation to delegate to
LocalFrame::CanAccessEvent for checking whether or not information about
the event's dispatch should be accessible.

An event is deemed accessible if the origin of its target document may
be accessed by the invoker's origin.

Bug: 910421
Change-Id: I8903bdef4c38b3c7110afc8d9a22a5ad938ce1aa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2205008Reviewed-by: Stefan Zager <szager@chromium.org>
Commit-Queue: Andrew Comminos <acomminos@fb.com>
Cr-Commit-Position: refs/heads/master@{#776328}

third_party/blink/renderer/core/frame/local_frame.cc

@@ -44,6 +44,7 @@
 #include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
 #include "third_party/blink/public/common/browser_interface_broker_proxy.h"
 #include "third_party/blink/public/common/features.h"
+#include "third_party/blink/public/common/input/web_input_event_attribution.h"
 #include "third_party/blink/public/common/thread_safe_browser_interface_broker_proxy.h"
 #include "third_party/blink/public/mojom/ad_tagging/ad_frame.mojom-blink.h"
 #include "third_party/blink/public/mojom/blob/blob_url_store.mojom-blink.h"
@@ -77,6 +78,7 @@
 #include "third_party/blink/renderer/core/dom/document_init.h"
 #include "third_party/blink/renderer/core/dom/document_parser.h"
 #include "third_party/blink/renderer/core/dom/document_type.h"
+#include "third_party/blink/renderer/core/dom/dom_node_ids.h"
 #include "third_party/blink/renderer/core/dom/events/event.h"
 #include "third_party/blink/renderer/core/dom/ignore_opens_during_unload_count_incrementer.h"
 #include "third_party/blink/renderer/core/editing/editing_utilities.h"
@@ -143,6 +145,7 @@
 #include "third_party/blink/renderer/core/page/page.h"
 #include "third_party/blink/renderer/core/page/plugin_data.h"
 #include "third_party/blink/renderer/core/page/plugin_script_forbidden_scope.h"
+#include "third_party/blink/renderer/core/page/pointer_lock_controller.h"
 #include "third_party/blink/renderer/core/page/scrolling/scrolling_coordinator.h"
 #include "third_party/blink/renderer/core/paint/compositing/graphics_layer_tree_as_text.h"
 #include "third_party/blink/renderer/core/paint/compositing/paint_layer_compositor.h"
@@ -645,6 +648,52 @@ base::Optional<String> LocalFrame::FirstUrlCrossOriginToParent() const {
   return first_url_cross_origin_to_parent_;
 }
 
+bool LocalFrame::CanAccessEvent(
+    const WebInputEventAttribution& attribution) const {
+  switch (attribution.type()) {
+    case WebInputEventAttribution::kTargetedFrame: {
+      auto* frame_document = GetDocument();
+      if (!frame_document)
+        return false;
+
+      // FIXME(acomminos): In the presence of a pointer lock, bail out. We
+      // currently do not propagate which frame had the lock at the time of
+      // event dispatch in the compositor. See https://crbug.com/1092617.
+      if (auto* page = frame_document->GetPage()) {
+        auto& pointer_lock_controller = page->GetPointerLockController();
+        if (pointer_lock_controller.GetElement()) {
+          return false;
+        }
+      }
+
+      auto* frame_origin =
+          frame_document->GetSecurityContext().GetSecurityOrigin();
+
+      cc::ElementId element_id = attribution.target_frame_id();
+      if (!element_id)
+        return false;
+
+      DOMNodeId target_document_id =
+          DOMNodeIdFromCompositorElementId(element_id);
+      Document* target_document =
+          DynamicTo<Document>(DOMNodeIds::NodeForId(target_document_id));
+      if (!target_document || !target_document->IsActive())
+        return false;
+
+      const auto* target_document_origin = target_document->GetSecurityOrigin();
+      if (!target_document_origin)
+        return false;
+
+      return frame_origin->CanAccess(target_document_origin);
+    }
+    case WebInputEventAttribution::kFocusedFrame:
+      return GetPage() ? GetPage()->GetFocusController().FocusedFrame() == this
+                       : false;
+    case WebInputEventAttribution::kUnknown:
+      return false;
+  }
+}
+
 void LocalFrame::Reload(WebFrameLoadType load_type) {
   DCHECK(IsReloadLoadType(load_type));
   if (!loader_.GetDocumentLoader()->GetHistoryItem())

third_party/blink/renderer/core/frame/local_frame.h

@@ -128,6 +128,7 @@ class SpellChecker;
 class TextSuggestionController;
 class VirtualKeyboardOverlayChangedObserver;
 class WebContentSettingsClient;
+class WebInputEventAttribution;
 class WebPluginContainerImpl;
 class WebPrescientNetworking;
 class WebURLLoaderFactory;
@@ -612,6 +613,11 @@ class CORE_EXPORT LocalFrame final : public Frame,
   // parent frame.
   base::Optional<String> FirstUrlCrossOriginToParent() const;
 
+  // Return true if the frame is able to access an event with the given
+  // attribution (i.e. the event is targeted for an origin that the frame may
+  // access).
+  bool CanAccessEvent(const WebInputEventAttribution&) const;
+
  private:
   friend class FrameNavigationDisabler;
   FRIEND_TEST_ALL_PREFIXES(LocalFrameTest, CharacterIndexAtPointWithPinchZoom);

third_party/blink/renderer/core/frame/scheduling.cc

@@ -26,9 +26,11 @@ bool Scheduling::isInputPending(ScriptState* script_state,
   auto info = scheduler->GetPendingUserInputInfo(
       options ? options->includeContinuous() : false);
 
-  // TODO(acomminos): Attribution first requires a reverse mapping between
-  // cc::ElementId instances and their underlying Document* objects.
-  (void)info;
+  for (const auto& attribution : info) {
+    if (frame->CanAccessEvent(attribution)) {
+      return true;
+    }
+  }
   return false;
 }