Partial revert of r624035: always process JS urls in the window that requested the navigation

The spec says to use the target window, not the source window, but we have some bugs around this targeting that may be breaking real websites. Temporary go back to the spec-violating way, as the breakage appears to be smaller. Bug: 935064 Change-Id: Ie1fd3030cbe8700820d1b8631bb3d318259e3380 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1504160 Commit-Queue: Nate Chapin <japhet@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Auto-Submit: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#637904}

Partial revert of r624035: always process JS urls in the window that requested the navigation
The spec says to use the target window, not the source window, but we have some bugs around this targeting that may be breaking real websites. Temporary go back to the spec-violating way, as the breakage appears to be smaller. Bug: 935064 Change-Id: Ie1fd3030cbe8700820d1b8631bb3d318259e3380 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1504160 Commit-Queue: Nate Chapin <japhet@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Auto-Submit: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#637904}
ff71f092 · Nate Chapin · Commit Bot · 1a198243 · ff71f092 · ff71f092
Commit ff71f092 authored Mar 05, 2019 by Nate Chapin Committed by Commit Bot Mar 05, 2019
Showing with 9 additions and 6 deletions

third_party/blink/renderer/core/loader/frame_loader.cc third_party/blink/renderer/core/loader/frame_loader.cc +4 -6

third_party/blink/web_tests/TestExpectations third_party/blink/web_tests/TestExpectations +5 -0

No files found.
--- a/third_party/blink/renderer/core/loader/frame_loader.cc
+++ b/third_party/blink/renderer/core/loader/frame_loader.cc
@@ -706,6 +706,10 @@ bool FrameLoader::PrepareRequestForThisFrame(FrameLoadRequest& request) {

    if (frame_->Owner() && frame_->Owner()->GetSandboxFlags() & kSandboxOrigin)
      return false;
+
+    frame_->GetDocument()->ProcessJavaScriptUrl(
+        url, request.ShouldCheckMainWorldContentSecurityPolicy());
+    return false;
  }

  if (!request.OriginDocument()->GetSecurityOrigin()->CanDisplay(url)) {
@@ -940,12 +944,6 @@ void FrameLoader::StartNavigation(const FrameLoadRequest& passed_request,
    LocalFrame::ConsumeTransientUserActivation(frame_);
  }

-  if (url.ProtocolIsJavaScript()) {
-    frame_->GetDocument()->ProcessJavaScriptUrl(
-        url, request.ShouldCheckMainWorldContentSecurityPolicy());
-    return;
-  }
-
  Client()->BeginNavigation(
      resource_request, origin_document, nullptr /* document_loader */,
      navigation_type, policy, has_transient_activation, frame_load_type,

--- a/third_party/blink/web_tests/TestExpectations
+++ b/third_party/blink/web_tests/TestExpectations
@@ -5956,6 +5956,11 @@ crbug.com/932078 virtual/outofblink-cors/http/tests/security/powerfulFeatureRest
 # Wasm threads enabled by default
 crbug.com/754910 virtual/origin-trials-runtimeflags-disabled/http/tests/origin_trials/webexposed/wasm-threads-origin-trial-disabled.html [ Skip ]

+# These tests depend on targeting javascript: url navigations at the specified window.
+crbug.com/935064 external/wpt/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-abort/javascript-url-abort-return-value-string.tentative.html [ Failure ]
+crbug.com/935064 external/wpt/content-security-policy/inheritance/iframe-all-local-schemes.sub.html [ Failure ]
+crbug.com/935064 external/wpt/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html [ Timeout ]
+
 # Sheriff 2019-02-28
 crbug.com/936827 external/wpt/fullscreen/api/element-request-fullscreen-and-remove-manual.html [ Failure Pass ]