Security drop fullscreen for any nested WebContents level.

This relands 3dcaec6e with a fix to the test. BUG=873080 TEST=as in bug Change-Id: Ie68b197fc6b92447e9633f233354a68fefcf20c7 Reviewed-on: https://chromium-review.googlesource.com/1175925Reviewed-by: Sidney San Martín <sdy@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#583335}

Security drop fullscreen for any nested WebContents level.
This relands 3dcaec6e with a fix to the test. BUG=873080 TEST=as in bug Change-Id: Ie68b197fc6b92447e9633f233354a68fefcf20c7 Reviewed-on: https://chromium-review.googlesource.com/1175925Reviewed-by: Sidney San Martín <sdy@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#583335}
d18c5197 · Avi Drissman · Commit Bot · adc38f78 · d18c5197 · d18c5197
Commit d18c5197 authored Aug 15, 2018 by Avi Drissman Committed by Commit Bot Aug 15, 2018
3 changed files
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -2695,8 +2695,7 @@ void WebContentsImpl::CreateNewWindow(
  // Any new WebContents opened while this WebContents is in fullscreen can be
  // used to confuse the user, so drop fullscreen.
-  if (IsFullscreenForCurrentTab())
+  ForSecurityDropFullscreen();
-    ExitFullscreen(true);
  if (params.opener_suppressed) {
    // When the opener is suppressed, the original renderer cannot access the
@@ -4366,8 +4365,7 @@ void WebContentsImpl::ViewSource(RenderFrameHostImpl* frame) {
  // Any new WebContents opened while this WebContents is in fullscreen can be
  // used to confuse the user, so drop fullscreen.
-  if (IsFullscreenForCurrentTab())
+  ForSecurityDropFullscreen();
-    ExitFullscreen(true);
  // We intentionally don't share the SiteInstance with the original frame so
  // that view source has a consistent process model and always ends up in a new
@@ -5084,8 +5082,7 @@ void WebContentsImpl::RunJavaScriptDialog(RenderFrameHost* render_frame_host,
  // Running a dialog causes an exit to webpage-initiated fullscreen.
  // http://crbug.com/728276
-  if (IsFullscreenForCurrentTab())
+  ForSecurityDropFullscreen();
-    ExitFullscreen(true);
  auto callback =
      base::BindOnce(&WebContentsImpl::OnDialogClosed, base::Unretained(this),
@@ -5154,8 +5151,7 @@ void WebContentsImpl::RunBeforeUnloadConfirm(
  // Running a dialog causes an exit to webpage-initiated fullscreen.
  // http://crbug.com/728276
-  if (IsFullscreenForCurrentTab())
+  ForSecurityDropFullscreen();
-    ExitFullscreen(true);
  RenderFrameHostImpl* rfhi =
      static_cast<RenderFrameHostImpl*>(render_frame_host);
@@ -5737,6 +5733,15 @@ void WebContentsImpl::EnsureOpenerProxiesExist(RenderFrameHost* source_rfh) {
  }
 }
+void WebContentsImpl::ForSecurityDropFullscreen() {
+  WebContentsImpl* web_contents = this;
+  while (web_contents) {
+    if (web_contents->IsFullscreenForCurrentTab())
+      web_contents->ExitFullscreen(true);
+    web_contents = web_contents->GetOuterWebContents();
+  }
+}
 void WebContentsImpl::SetAsFocusedWebContentsIfNecessary() {
  // Only change focus if we are not currently focused.
  WebContentsImpl* old_contents = GetFocusedWebContents();
@@ -5804,8 +5809,7 @@ void WebContentsImpl::SetFocusedFrame(FrameTreeNode* node,
 void WebContentsImpl::DidCallFocus() {
  // Any explicit focusing of another window while this WebContents is in
  // fullscreen can be used to confuse the user, so drop fullscreen.
-  if (IsFullscreenForCurrentTab())
+  ForSecurityDropFullscreen();
-    ExitFullscreen(true);
 }
 RenderFrameHost* WebContentsImpl::GetFocusedFrameIncludingInnerWebContents() {

--- a/content/browser/web_contents/web_contents_impl.h
+++ b/content/browser/web_contents/web_contents_impl.h
@@ -923,6 +923,11 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,
  // |IsFullscreen| must return |true| when this method is called.
  bool IsPictureInPictureAllowedForFullscreenVideo() const;
+  // The WebContents is trying to take some action that would cause user
+  // confusion if taken while in fullscreen. If this WebContents or any outer
+  // WebContents is in fullscreen, drop it.
+  void ForSecurityDropFullscreen();
  // When inner or outer WebContents are present, become the focused
  // WebContentsImpl. This will activate this content's main frame RenderWidget
  // and indirectly all its subframe widgets.  GetFocusedRenderWidgetHost will
@@ -1013,6 +1018,8 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,
                           JavaScriptDialogsInMainAndSubframes);
  FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest,
                           DialogsFromJavaScriptEndFullscreen);
+  FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest,
+                           DialogsFromJavaScriptEndFullscreenEvenInInnerWC);
  FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest,
                           PopupsFromJavaScriptEndFullscreen);
  FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest,

--- a/content/browser/web_contents/web_contents_impl_browsertest.cc
+++ b/content/browser/web_contents/web_contents_impl_browsertest.cc
@@ -1558,8 +1558,10 @@ class TestWCDelegateForDialogsAndFullscreen : public JavaScriptDialogManager,
  void ExitFullscreenModeForTab(WebContents*) override {
    is_fullscreen_ = false;
-    if (waiting_for_ == kFullscreenExit)
+    if (waiting_for_ == kFullscreenExit) {
+      waiting_for_ = kNothing;
      run_loop_->Quit();
+    }
  }
  bool IsFullscreenForTabOrPending(
@@ -1575,8 +1577,10 @@ class TestWCDelegateForDialogsAndFullscreen : public JavaScriptDialogManager,
                      bool* was_blocked) override {
    popup_ = std::move(new_contents);
-    if (waiting_for_ == kNewContents)
+    if (waiting_for_ == kNewContents) {
+      waiting_for_ = kNothing;
      run_loop_->Quit();
+    }
  }
  // JavaScriptDialogManager
@@ -1591,8 +1595,10 @@ class TestWCDelegateForDialogsAndFullscreen : public JavaScriptDialogManager,
    last_message_ = base::UTF16ToUTF8(message_text);
    *did_suppress_message = true;
-    if (waiting_for_ == kDialog)
+    if (waiting_for_ == kDialog) {
+      waiting_for_ = kNothing;
      run_loop_->Quit();
+    }
  }
  void RunBeforeUnloadDialog(WebContents* web_contents,
@@ -1601,8 +1607,10 @@ class TestWCDelegateForDialogsAndFullscreen : public JavaScriptDialogManager,
                             DialogClosedCallback callback) override {
    std::move(callback).Run(true, base::string16());
-    if (waiting_for_ == kDialog)
+    if (waiting_for_ == kDialog) {
+      waiting_for_ = kNothing;
      run_loop_->Quit();
+    }
  }
  bool HandleJavaScriptDialog(WebContents* web_contents,
@@ -1615,7 +1623,12 @@ class TestWCDelegateForDialogsAndFullscreen : public JavaScriptDialogManager,
                     bool reset_state) override {}
 private:
-  enum { kDialog, kNewContents, kFullscreenExit } waiting_for_;
+  enum {
+    kNothing,
+    kDialog,
+    kNewContents,
+    kFullscreenExit
+  } waiting_for_ = kNothing;
  std::string last_message_;
@@ -2132,6 +2145,51 @@ IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
  wc->SetJavaScriptDialogManagerForTesting(nullptr);
 }
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+                       DialogsFromJavaScriptEndFullscreenEvenInInnerWC) {
+  WebContentsImpl* top_contents =
+      static_cast<WebContentsImpl*>(shell()->web_contents());
+  TestWCDelegateForDialogsAndFullscreen top_test_delegate;
+  top_contents->SetDelegate(&top_test_delegate);
+  GURL url("about:blank");
+  EXPECT_TRUE(NavigateToURL(shell(), url));
+  FrameTreeNode* root = top_contents->GetFrameTree()->root();
+  ASSERT_EQ(0U, root->child_count());
+  std::string script =
+      "var iframe = document.createElement('iframe');"
+      "document.body.appendChild(iframe);";
+  EXPECT_TRUE(content::ExecuteScript(root->current_frame_host(), script));
+  EXPECT_TRUE(WaitForLoadStop(shell()->web_contents()));
+  ASSERT_EQ(1U, root->child_count());
+  RenderFrameHost* frame = root->child_at(0)->current_frame_host();
+  ASSERT_NE(nullptr, frame);
+  WebContentsImpl* inner_contents =
+      static_cast<WebContentsImpl*>(CreateAndAttachInnerContents(frame));
+  TestWCDelegateForDialogsAndFullscreen inner_test_delegate;
+  inner_contents->SetDelegate(&inner_test_delegate);
+  // A dialog from the inner WebContents should make the outer contents lose
+  // fullscreen.
+  top_contents->EnterFullscreenMode(url, blink::WebFullscreenOptions());
+  EXPECT_TRUE(top_contents->IsFullscreenForCurrentTab());
+  script = "alert('hi')";
+  inner_test_delegate.WillWaitForDialog();
+  EXPECT_TRUE(content::ExecuteScript(inner_contents, script));
+  inner_test_delegate.Wait();
+  EXPECT_FALSE(top_contents->IsFullscreenForCurrentTab());
+  inner_contents->SetDelegate(nullptr);
+  inner_contents->SetJavaScriptDialogManagerForTesting(nullptr);
+  top_contents->SetDelegate(nullptr);
+  top_contents->SetJavaScriptDialogManagerForTesting(nullptr);
+}
 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
                       PopupsFromJavaScriptEndFullscreen) {
  WebContentsImpl* wc = static_cast<WebContentsImpl*>(shell()->web_contents());