Prerender: Disallow window.open() in prerendered pages

This CL makes window.open() fail in prerendered pages and return a null object like other restriction cases (e.g., window.open() in sandboxed iframes). This doesn't cancel prerendering. Bug: 1158252 Change-Id: I49fa64c8653fab898076eb91ace3c8386c7cf3f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2589060 Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#843067}

Prerender: Disallow window.open() in prerendered pages
This CL makes window.open() fail in prerendered pages and return a null object like other restriction cases (e.g., window.open() in sandboxed iframes). This doesn't cancel prerendering. Bug: 1158252 Change-Id: I49fa64c8653fab898076eb91ace3c8386c7cf3f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2589060 Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Matt Falkenhagen <falken@chromium.org> Cr-Commit-Position: refs/heads/master@{#843067}
be4d3a70 · Hiroki Nakagawa · Chromium LUCI CQ · f97bcaac · be4d3a70 · be4d3a70
Commit be4d3a70 authored Jan 13, 2021 by Hiroki Nakagawa Committed by Chromium LUCI CQ Jan 13, 2021
3 changed files
--- a/content/browser/prerender/prerender_browsertest.cc
+++ b/content/browser/prerender/prerender_browsertest.cc
@@ -421,5 +421,34 @@ IN_PROC_BROWSER_TEST_P(PrerenderBrowserTest, PrerenderBlankIframe) {
 // TODO(https://crbug.com/1132746): Test prerendering for 404 page, redirection,
 // auth error, cross origin, etc.

+// Tests for feature restrictions in prerendered pages =========================
+
+// Tests that window.open() in a prerendering page fails.
+IN_PROC_BROWSER_TEST_P(PrerenderBrowserTest, FeatureRestriction_WindowOpen) {
+  // Navigate to an initial page.
+  const GURL kInitialUrl = GetUrl("/prerender/add_prerender.html");
+  ASSERT_TRUE(NavigateToURL(shell(), kInitialUrl));
+
+  // Start a prerender.
+  const GURL kPrerenderingUrl =
+      GetUrl("/prerender/add_prerender.html?prerendering");
+  AddPrerender(kPrerenderingUrl);
+  PrerenderHostRegistry& registry = GetPrerenderHostRegistry();
+  PrerenderHost* prerender_host =
+      registry.FindHostByUrlForTesting(kPrerenderingUrl);
+  ASSERT_TRUE(prerender_host);
+  WebContents* prerender_contents = WebContents::FromRenderFrameHost(
+      prerender_host->GetPrerenderedMainFrameHostForTesting());
+
+  // Attempt to open a window in the prerendered page. This should fail.
+  const GURL kWindowOpenUrl = GetUrl("/empty.html");
+  EXPECT_EQ("FAILED", EvalJs(prerender_contents,
+                             JsReplace("open_window($1)", kWindowOpenUrl)));
+  EXPECT_EQ(GetRequestCount(kWindowOpenUrl), 0);
+
+  // Opening a window shouldn't cancel prerendering.
+  EXPECT_EQ(registry.FindHostByUrlForTesting(kPrerenderingUrl), prerender_host);
+}
+
 }  // namespace
 }  // namespace content
--- a/content/browser/renderer_host/render_frame_host_impl.cc
+++ b/content/browser/renderer_host/render_frame_host_impl.cc
@@ -5273,6 +5273,12 @@ void RenderFrameHostImpl::CreateNewWindow(
          effective_transient_activation_state, params->opener_suppressed,
          &no_javascript_access);

+  // Disallow window creation in prerendered pages.
+  if (base::FeatureList::IsEnabled(blink::features::kPrerender2) &&
+      IsPrerendering()) {
+    can_create_window = false;
+  }
+
  bool was_consumed = false;
  if (can_create_window) {
    // Consume activation even w/o User Activation v2, to sync other renderers

--- a/content/test/data/prerender/add_prerender.html
+++ b/content/test/data/prerender/add_prerender.html
@@ -25,6 +25,8 @@ async function add_iframe(url) {
 // Opens a new pop-up window with the URL.
 async function open_window(url) {
  const win = window.open(url, '_blank');
+  if (!win)
+    return 'FAILED';
  return await new Promise(resolve => {
    win.onload = e => resolve('LOADED');
  });