Explicitly clear LocalDOMWindow::document_ when reusing the window

This ensures that, during navigation commit, it doesn't matter whether
we are reusing a Document or not. Code that needs to catch and handle
that case can null-check LocalDOMWindow::document().

This requires adding a separate LocalDOMWindow::Initialize() step,
because LocalDOMWindow::InstallNewDocument() can no longer detect
whether this a window reuse case or not.

Bug: 1106273
Change-Id: I23021d505d6a2dc2f54f435359ce5490e4ed561e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2302939
Auto-Submit: Nate Chapin <japhet@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789525}

third_party/blink/renderer/core/frame/local_dom_window.cc

@@ -248,6 +248,12 @@ void LocalDOMWindow::BindContentSecurityPolicy() {
       GetContentSecurityPolicyDelegate());
 }
 
+void LocalDOMWindow::Initialize() {
+  GetAgent()->AttachContext(this);
+  if (auto* agent_metrics = GetFrame()->GetPage()->GetAgentMetricsCollector())
+    agent_metrics->DidAttachWindow(*this);
+}
+
 void LocalDOMWindow::AcceptLanguagesChanged() {
   if (navigator_)
     navigator_->SetLanguagesDirty();
@@ -666,27 +672,13 @@ bool LocalDOMWindow::HasInsecureContextInAncestors() {
 
 Document* LocalDOMWindow::InstallNewDocument(const DocumentInit& init) {
   DCHECK_EQ(init.GetFrame(), GetFrame());
-  DCHECK(!document_ || !document_->IsActive());
-
-  bool is_first_document = !document_;
-
-  // Explicitly null document_ here so that it is always null when Document's
-  // constructor is running. This ensures that no code running from the
-  // constructor obeserves a situation where dom_window_->document() is a
-  // a different Document.
-  document_ = nullptr;
+  DCHECK(!document_);
   document_ = init.CreateDocument();
   document_->Initialize();
 
   if (!GetFrame())
     return document_;
 
-  if (is_first_document) {
-    GetAgent()->AttachContext(this);
-    if (auto* agent_metrics = GetFrame()->GetPage()->GetAgentMetricsCollector())
-      agent_metrics->DidAttachWindow(*this);
-  }
-
   GetFrame()->GetScriptController().UpdateDocument();
   document_->GetViewportData().UpdateViewportDescription();
   if (FrameScheduler* frame_scheduler = GetFrame()->GetFrameScheduler()) {

third_party/blink/renderer/core/frame/local_dom_window.h

@@ -110,6 +110,9 @@ class CORE_EXPORT LocalDOMWindow final : public DOMWindow,
 
   LocalFrame* GetFrame() const { return To<LocalFrame>(DOMWindow::GetFrame()); }
 
+  void Initialize();
+  void ClearForReuse() { document_ = nullptr; }
+
   // Bind Content Security Policy to this window. This will cause the
   // CSP to resolve the 'self' attribute and all policies will then be
   // applied to this document.

third_party/blink/renderer/core/frame/local_frame.cc

@@ -732,6 +732,7 @@ void LocalFrame::SetDOMWindow(LocalDOMWindow* dom_window) {
   }
   GetScriptController().ClearWindowProxy();
   dom_window_ = dom_window;
+  dom_window->Initialize();
 }
 
 Document* LocalFrame::GetDocument() const {
@@ -1823,6 +1824,7 @@ void LocalFrame::ForceSynchronousDocumentInstall(
   // Any Document requires Shutdown() before detach, even the initial empty
   // document.
   GetDocument()->Shutdown();
+  DomWindow()->ClearForReuse();
 
   DomWindow()->InstallNewDocument(
       DocumentInit::Create()

third_party/blink/renderer/core/loader/document_loader.cc

@@ -1688,6 +1688,8 @@ void DocumentLoader::CommitNavigation() {
 
       frame_->DomWindow()->SetOriginPolicyIds(ids);
     }
+  } else {
+    frame_->DomWindow()->ClearForReuse();
   }
 
   // Now that we have the final window and Agent, ensure the security origin has