If an extension does a content injection disable bf cache.

This code tracks whether a content injection (insertCSS, contentScript, executeScript) has occurred for a WebFrame. If so then turn off BFCache for the frame. BUG=1192785 Change-Id: I682a9efb247aae358023e3a591368c84d47001ce Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2787195 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#870582}
blueboxd · Apr 8, 2021 · c787d2a · c787d2a
1 parent 9d3df97
commit c787d2a
Show file tree

Hide file tree

Showing 23 changed files with 306 additions and 48 deletions.
diff --git a/chrome/browser/extensions/back_forward_cache_browsertest.cc b/chrome/browser/extensions/back_forward_cache_browsertest.cc
@@ -0,0 +1,137 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/extension_browsertest.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/common/content_features.h"
+#include "content/public/test/browser_test.h"
+#include "extensions/common/extension.h"
+#include "net/dns/mock_host_resolver.h"
+
+namespace extensions {
+
+class ExtensionBackForwardCacheBrowserTest : public ExtensionBrowserTest {
+ public:
+  explicit ExtensionBackForwardCacheBrowserTest(
+      bool allow_content_scripts = true) {
+    feature_list_.InitWithFeaturesAndParameters(
+        {{features::kBackForwardCache,
+          {{"content_injection_supported",
+            allow_content_scripts ? "true" : "false"}}}},
+        {features::kBackForwardCacheMemoryControls});
+  }
+
+  void SetUpOnMainThread() override {
+    host_resolver()->AddRule("*", "127.0.0.1");
+    ExtensionBrowserTest::SetUpOnMainThread();
+  }
+
+ private:
+  base::test::ScopedFeatureList feature_list_;
+};
+
+class ExtensionBackForwardCacheContentScriptDisabledBrowserTest
+    : public ExtensionBackForwardCacheBrowserTest {
+ public:
+  ExtensionBackForwardCacheContentScriptDisabledBrowserTest()
+      : ExtensionBackForwardCacheBrowserTest(/*allow_content_scripts=*/false) {}
+};
+
+IN_PROC_BROWSER_TEST_F(
+    ExtensionBackForwardCacheContentScriptDisabledBrowserTest,
+    ScriptDisallowed) {
+  ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("back_forward_cache")
+                                .AppendASCII("content_script")));
+
+  ASSERT_TRUE(embedded_test_server()->Start());
+  GURL url_a(embedded_test_server()->GetURL("a.com", "/title1.html"));
+  GURL url_b(embedded_test_server()->GetURL("b.com", "/title1.html"));
+
+  // 1) Navigate to A.
+  content::RenderFrameHost* rfh_a =
+      ui_test_utils::NavigateToURL(browser(), url_a);
+  content::RenderFrameDeletedObserver delete_observer_rfh_a(rfh_a);
+
+  // 2) Navigate to B.
+  content::RenderFrameHost* rfh_b =
+      ui_test_utils::NavigateToURL(browser(), url_b);
+  content::RenderFrameDeletedObserver delete_observer_rfh_b(rfh_b);
+
+  // Expect that |rfh_a| is destroyed as it wouldn't be placed in the cache.
+  EXPECT_TRUE(delete_observer_rfh_a.deleted());
+}
+
+IN_PROC_BROWSER_TEST_F(ExtensionBackForwardCacheBrowserTest, ScriptAllowed) {
+  ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("back_forward_cache")
+                                .AppendASCII("content_script")));
+
+  ASSERT_TRUE(embedded_test_server()->Start());
+  GURL url_a(embedded_test_server()->GetURL("a.com", "/title1.html"));
+  GURL url_b(embedded_test_server()->GetURL("b.com", "/title1.html"));
+
+  // 1) Navigate to A.
+  content::RenderFrameHost* rfh_a =
+      ui_test_utils::NavigateToURL(browser(), url_a);
+  content::RenderFrameDeletedObserver delete_observer_rfh_a(rfh_a);
+
+  // 2) Navigate to B.
+  content::RenderFrameHost* rfh_b =
+      ui_test_utils::NavigateToURL(browser(), url_b);
+  content::RenderFrameDeletedObserver delete_observer_rfh_b(rfh_b);
+
+  // Ensure that |rfh_a| is in the cache.
+  EXPECT_FALSE(delete_observer_rfh_a.deleted());
+  EXPECT_NE(rfh_a, rfh_b);
+  EXPECT_TRUE(rfh_a->IsInBackForwardCache());
+}
+
+IN_PROC_BROWSER_TEST_F(
+    ExtensionBackForwardCacheContentScriptDisabledBrowserTest,
+    CSSDisallowed) {
+  ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("back_forward_cache")
+                                .AppendASCII("content_css")));
+
+  ASSERT_TRUE(embedded_test_server()->Start());
+  GURL url_a(embedded_test_server()->GetURL("a.com", "/title1.html"));
+  GURL url_b(embedded_test_server()->GetURL("b.com", "/title1.html"));
+
+  // 1) Navigate to A.
+  content::RenderFrameHost* rfh_a =
+      ui_test_utils::NavigateToURL(browser(), url_a);
+  content::RenderFrameDeletedObserver delete_observer_rfh_a(rfh_a);
+
+  // 2) Navigate to B.
+  content::RenderFrameHost* rfh_b =
+      ui_test_utils::NavigateToURL(browser(), url_b);
+  content::RenderFrameDeletedObserver delete_observer_rfh_b(rfh_b);
+
+  // Expect that |rfh_a| is destroyed as it wouldn't be placed in the cache.
+  EXPECT_TRUE(delete_observer_rfh_a.deleted());
+}
+
+IN_PROC_BROWSER_TEST_F(ExtensionBackForwardCacheBrowserTest, CSSAllowed) {
+  ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("back_forward_cache")
+                                .AppendASCII("content_css")));
+
+  ASSERT_TRUE(embedded_test_server()->Start());
+  GURL url_a(embedded_test_server()->GetURL("a.com", "/title1.html"));
+  GURL url_b(embedded_test_server()->GetURL("b.com", "/title1.html"));
+
+  // 1) Navigate to A.
+  content::RenderFrameHost* rfh_a =
+      ui_test_utils::NavigateToURL(browser(), url_a);
+  content::RenderFrameDeletedObserver delete_observer_rfh_a(rfh_a);
+
+  // 2) Navigate to B.
+  content::RenderFrameHost* rfh_b =
+      ui_test_utils::NavigateToURL(browser(), url_b);
+  content::RenderFrameDeletedObserver delete_observer_rfh_b(rfh_b);
+
+  // Ensure that |rfh_a| is in the cache.
+  EXPECT_FALSE(delete_observer_rfh_a.deleted());
+  EXPECT_NE(rfh_a, rfh_b);
+  EXPECT_TRUE(rfh_a->IsInBackForwardCache());
+}
+
+}  // namespace extensions
diff --git a/chrome/renderer/cart/commerce_hint_agent.cc b/chrome/renderer/cart/commerce_hint_agent.cc
@@ -439,7 +439,8 @@ void CommerceHintAgent::ExtractProducts() {
       new JavaScriptRequest(weak_factory_.GetWeakPtr());
   main_frame->RequestExecuteScriptInIsolatedWorld(
       ISOLATED_WORLD_ID_CHROME_INTERNAL, &source, 1, false,
-      blink::WebLocalFrame::kAsynchronous, request);
+      blink::WebLocalFrame::kAsynchronous, request,
+      blink::BackForwardCacheAware::kAllow);
 }
 
 CommerceHintAgent::JavaScriptRequest::JavaScriptRequest(

diff --git a/chrome/test/BUILD.gn b/chrome/test/BUILD.gn
@@ -2042,6 +2042,7 @@ if (!is_android) {
         "../browser/extensions/app_process_apitest.cc",
         "../browser/extensions/app_window_overrides_browsertest.cc",
         "../browser/extensions/autoplay_browsertest.cc",
+        "../browser/extensions/back_forward_cache_browsertest.cc",
         "../browser/extensions/background_header_browsertest.cc",
         "../browser/extensions/background_page_apitest.cc",
         "../browser/extensions/background_scripts_apitest.cc",

diff --git a/chrome/test/data/extensions/back_forward_cache/content_css/color.css b/chrome/test/data/extensions/back_forward_cache/content_css/color.css
@@ -0,0 +1,5 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+body {background-color: cyan;}
diff --git a/chrome/test/data/extensions/back_forward_cache/content_css/manifest.json b/chrome/test/data/extensions/back_forward_cache/content_css/manifest.json
@@ -0,0 +1,14 @@
+{
+  "name": "no caching",
+  "version": "0.1",
+  "manifest_version": 2,
+  "description": "Checks that injected CSS do prevent back forward cache.",
+  "permissions": ["http://*/*", "https://*/*"],
+  "content_scripts": [
+    {
+      "matches": ["http://*/*", "https://*/*"],
+      "css": ["color.css"],
+      "run_at": "document_start"
+    }
+  ]
+}
diff --git a/chrome/test/data/extensions/back_forward_cache/content_script/change_page_title.js b/chrome/test/data/extensions/back_forward_cache/content_script/change_page_title.js
@@ -0,0 +1,5 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+document.title = "modified";
diff --git a/chrome/test/data/extensions/back_forward_cache/content_script/manifest.json b/chrome/test/data/extensions/back_forward_cache/content_script/manifest.json
@@ -0,0 +1,14 @@
+{
+  "name": "no caching",
+  "version": "0.1",
+  "manifest_version": 2,
+  "description": "Checks that content scripts do prevent back forward cache.",
+  "permissions": ["http://*/*", "https://*/*"],
+  "content_scripts": [
+    {
+      "matches": ["http://*/*", "https://*/*"],
+      "js": ["change_page_title.js"],
+      "run_at": "document_end"
+    }
+  ]
+}
diff --git a/components/translate/content/renderer/per_frame_translate_agent.cc b/components/translate/content/renderer/per_frame_translate_agent.cc
@@ -200,7 +200,8 @@ void PerFrameTranslateAgent::ExecuteScript(const std::string& script) {
     return;
 
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
-  local_frame->ExecuteScriptInIsolatedWorld(world_id_, source);
+  local_frame->ExecuteScriptInIsolatedWorld(
+      world_id_, source, blink::BackForwardCacheAware::kAllow);
 }
 
 bool PerFrameTranslateAgent::ExecuteScriptAndGetBoolResult(
@@ -214,8 +215,8 @@ bool PerFrameTranslateAgent::ExecuteScriptAndGetBoolResult(
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_,
-                                                              source);
+      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   DCHECK(result->IsBoolean());
 
   return result.As<v8::Boolean>()->Value();
@@ -232,8 +233,8 @@ std::string PerFrameTranslateAgent::ExecuteScriptAndGetStringResult(
   v8::HandleScope handle_scope(isolate);
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_,
-                                                              source);
+      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   DCHECK(result->IsString());
 
   v8::Local<v8::String> v8_str = result.As<v8::String>();
@@ -253,8 +254,8 @@ double PerFrameTranslateAgent::ExecuteScriptAndGetDoubleResult(
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_,
-                                                              source);
+      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   DCHECK(result->IsNumber());
 
   return result.As<v8::Number>()->Value();
@@ -270,8 +271,8 @@ int64_t PerFrameTranslateAgent::ExecuteScriptAndGetIntegerResult(
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_,
-                                                              source);
+      local_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   DCHECK(result->IsNumber());
 
   return result.As<v8::Integer>()->Value();

diff --git a/components/translate/content/renderer/translate_agent.cc b/components/translate/content/renderer/translate_agent.cc
@@ -250,7 +250,8 @@ void TranslateAgent::ExecuteScript(const std::string& script) {
     return;
 
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
-  main_frame->ExecuteScriptInIsolatedWorld(world_id_, source);
+  main_frame->ExecuteScriptInIsolatedWorld(
+      world_id_, source, blink::BackForwardCacheAware::kAllow);
 }
 
 bool TranslateAgent::ExecuteScriptAndGetBoolResult(const std::string& script,
@@ -262,7 +263,8 @@ bool TranslateAgent::ExecuteScriptAndGetBoolResult(const std::string& script,
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_, source);
+      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   if (result.IsEmpty() || !result->IsBoolean()) {
     NOTREACHED();
     return fallback;
@@ -281,7 +283,8 @@ std::string TranslateAgent::ExecuteScriptAndGetStringResult(
   v8::HandleScope handle_scope(isolate);
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_, source);
+      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   if (result.IsEmpty() || !result->IsString()) {
     NOTREACHED();
     return std::string();
@@ -306,7 +309,8 @@ double TranslateAgent::ExecuteScriptAndGetDoubleResult(
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_, source);
+      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   if (result.IsEmpty() || !result->IsNumber()) {
     NOTREACHED();
     return 0.0;
@@ -324,7 +328,8 @@ int64_t TranslateAgent::ExecuteScriptAndGetIntegerResult(
   v8::HandleScope handle_scope(v8::Isolate::GetCurrent());
   WebScriptSource source = WebScriptSource(WebString::FromASCII(script));
   v8::Local<v8::Value> result =
-      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(world_id_, source);
+      main_frame->ExecuteScriptInIsolatedWorldAndReturnValue(
+          world_id_, source, blink::BackForwardCacheAware::kAllow);
   if (result.IsEmpty() || !result->IsNumber()) {
     NOTREACHED();
     return 0;

diff --git a/content/browser/renderer_host/back_forward_cache_impl.cc b/content/browser/renderer_host/back_forward_cache_impl.cc
@@ -99,6 +99,14 @@ bool IsGeolocationSupported() {
   return geolocation_supported.Get();
 }
 
+bool IsContentInjectionSupported() {
+  if (!IsBackForwardCacheEnabled())
+    return false;
+  static constexpr base::FeatureParam<bool> content_injection_supported(
+      &features::kBackForwardCache, "content_injection_supported", false);
+  return content_injection_supported.Get();
+}
+
 bool IsFileSystemSupported() {
   if (!IsBackForwardCacheEnabled())
     return false;
@@ -204,6 +212,11 @@ uint64_t GetDisallowedFeatures(RenderFrameHostImpl* rfh,
         WebSchedulerTrackedFeature::kRequestedGeolocationPermission);
   }
 
+  if (!IsContentInjectionSupported()) {
+    result |= FeatureToBit(WebSchedulerTrackedFeature::kIsolatedWorldScript) |
+              FeatureToBit(WebSchedulerTrackedFeature::kInjectedStyleSheet);
+  }
+
   if (!IgnoresOutstandingNetworkRequestForTesting()) {
     result |=
         FeatureToBit(

diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
@@ -2446,7 +2446,8 @@ void RenderFrameImpl::JavaScriptExecuteRequestForTests(
         WebScriptSource(WebString::FromUTF16(javascript)));
   } else {
     result = frame_->ExecuteScriptInIsolatedWorldAndReturnValue(
-        world_id, WebScriptSource(WebString::FromUTF16(javascript)));
+        world_id, WebScriptSource(WebString::FromUTF16(javascript)),
+        blink::BackForwardCacheAware::kAllow);
   }
 
   if (!weak_this)
@@ -2481,7 +2482,8 @@ void RenderFrameImpl::JavaScriptExecuteRequestInIsolatedWorld(
   JavaScriptIsolatedWorldRequest* request = new JavaScriptIsolatedWorldRequest(
       weak_factory_.GetWeakPtr(), wants_result, std::move(callback));
   frame_->RequestExecuteScriptInIsolatedWorld(
-      world_id, &script, 1, false, WebLocalFrame::kSynchronous, request);
+      world_id, &script, 1, false, WebLocalFrame::kSynchronous, request,
+      blink::BackForwardCacheAware::kAllow);
 }
 
 RenderFrameImpl::JavaScriptIsolatedWorldRequest::JavaScriptIsolatedWorldRequest(

diff --git a/content/web_test/renderer/test_runner.cc b/content/web_test/renderer/test_runner.cc
@@ -1075,8 +1075,8 @@ TestRunnerBindings::EvaluateScriptInIsolatedWorldAndReturnValue(
     return {};
 
   blink::WebScriptSource source = blink::WebString::FromUTF8(script);
-  return GetWebFrame()->ExecuteScriptInIsolatedWorldAndReturnValue(world_id,
-                                                                   source);
+  return GetWebFrame()->ExecuteScriptInIsolatedWorldAndReturnValue(
+      world_id, source, blink::BackForwardCacheAware::kAllow);
 }
 
 void TestRunnerBindings::EvaluateScriptInIsolatedWorld(
@@ -1086,7 +1086,8 @@ void TestRunnerBindings::EvaluateScriptInIsolatedWorld(
     return;
 
   blink::WebScriptSource source = blink::WebString::FromUTF8(script);
-  GetWebFrame()->ExecuteScriptInIsolatedWorld(world_id, source);
+  GetWebFrame()->ExecuteScriptInIsolatedWorld(
+      world_id, source, blink::BackForwardCacheAware::kAllow);
 }
 
 void TestRunnerBindings::SetIsolatedWorldInfo(

diff --git a/extensions/renderer/script_injection.cc b/extensions/renderer/script_injection.cc
@@ -336,7 +336,8 @@ void ScriptInjection::InjectJs(std::set<std::string>* executing_scripts,
 
   render_frame_->GetWebFrame()->RequestExecuteScriptInIsolatedWorld(
       world_id, &sources.front(), sources.size(), is_user_gesture,
-      execution_option, callback.release());
+      execution_option, callback.release(),
+      blink::BackForwardCacheAware::kPossiblyDisallow);
 }
 
 void ScriptInjection::OnJsInjectionCompleted(
@@ -436,8 +437,9 @@ void ScriptInjection::InjectOrRemoveCss(
   } else {
     DCHECK(adding_css);
     for (const blink::WebString& css : css_sources)
-      web_frame->GetDocument().InsertStyleSheet(css, &style_sheet_key,
-                                                blink_css_origin);
+      web_frame->GetDocument().InsertStyleSheet(
+          css, &style_sheet_key, blink_css_origin,
+          blink::BackForwardCacheAware::kPossiblyDisallow);
   }
 }