New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 806937 link

Starred by 1 user
Status: Fixed
Owner:
fsam...@chromium.org
Last visit > 30 days ago
Closed: Feb 2018
Cc:
lfg@chromium.org
wjmaclean@chromium.org
gov...@chromium.org
sadrul@chromium.org
creis@chromium.org
chrishtr@chromium.org
nasko@chromium.org
vmp...@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Site isolation: OOPIFs do not scale correctly with a CSS transform

Project Member Reported by fsam...@chromium.org, Jan 29 2018 
We plumb the post transform rect to the child renderer which in turn uses that rect to compute the size of the CompositorFrame. The size of the content area does not change. This results in clipping of content in the OOPIF.

Comment 2 by fsamuel@google.com, Jan 29 2018

Labels: -Pri-3 M-64 Pri-1

Comment 3 by creis@chromium.org, Jan 29 2018

Components: Internals>Sandbox>SiteIsolation
Project Member

Comment 4 by bugdroid1@chromium.org, Jan 31 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/82fd52abc249b5535789a42d2ead47e45a44b580

commit 82fd52abc249b5535789a42d2ead47e45a44b580
Author: Fady Samuel <fsamuel@chromium.org>
Date: Wed Jan 31 21:00:06 2018

Site isolation: report local size to content

If a CSS scale is applied to an OOPIF, the physical backing size was
incorrectly set. The entirety of the OOPIF is expected to be displayed even
if scaled. With this change, the scaling occurs entirely in the parent and the
child is oblivious to the scaling.

Note that RenderWidgetHostView::GetViewBounds is used in different ways:

1. To set the layout size of the child renderer.
2. To know position for popups.

For 1, it should be oblivious to transforms in the parent.
For 2, it needs to take into account transforms in the parent.

To fix this, we need to decouple position and size. This is a fairly major
refactor, so I'll leave it outside the scope of this hotfix for an immediate
site isolation problem.

Bug:  806937 
Change-Id: I8efeab97002983071aa02519dbfa8a82cf0a9ba3
Reviewed-on: https://chromium-review.googlesource.com/891663
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Fady Samuel <fsamuel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#533403}
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/frame_host/cross_process_frame_connector.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/frame_host/cross_process_frame_connector.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/renderer_host/frame_connector_delegate.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/renderer_host/frame_connector_delegate.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/renderer_host/render_widget_host_view_child_frame.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/renderer_host/render_widget_host_view_child_frame_unittest.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/common/frame_messages.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/renderer/render_frame_proxy.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/test/content_browser_test_utils_internal.cc
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/test/content_browser_test_utils_internal.h
[add] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/content/test/data/frame_tree/page_with_scaled_frame.html
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/testing/buildbot/filters/viz.content_browsertests.filter
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/Source/core/frame/RemoteFrameClient.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/Source/core/frame/RemoteFrameClientImpl.cpp
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/Source/core/frame/RemoteFrameClientImpl.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/Source/core/frame/RemoteFrameView.cpp
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/Source/core/loader/EmptyClients.h
[modify] https://crrev.com/82fd52abc249b5535789a42d2ead47e45a44b580/third_party/WebKit/public/web/WebRemoteFrameClient.h

Comment 5 by fsam...@chromium.org, Feb 2 2018

Labels: Merge-Request-64
This has landed and made its way into canary.
Project Member

Comment 6 by sheriffbot@chromium.org, Feb 2 2018

Labels: -Merge-Request-64 Hotlist-Merge-Review Merge-Review-64
This bug requires manual review: Request affecting a post-stable build
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by abdulsyed@chromium.org, Feb 3 2018 

Can you please comment on which OS this impacts? (My guess is desktop (Windows, mac, linux))

This also seems like a fairly large change. Can you please comment on why this is absolutely critical for M64 vs waiting until M65? I believe this was discussed on Tuesday's sync, but since the fix seems quite complex, my recommendation is to wait until M65.

Comment 8 by creis@chromium.org, Feb 5 2018

Cc: gov...@chromium.org
Labels: -Merge-Review-64 M-65 Merge-Request-65 Target-65 OS-Chrome OS-Linux OS-Mac OS-Windows
r533403 landed in 66.0.3336.0, and I can verify the fix in Windows Canary 66.0.3340.0 with a https://googlesyndication.com subframe process (using https://clawr.users.x20web.corp.google.com/www/b/71913328/container-local.html).  For comparison, I do see the bug in 65.0.3325.31 and 64.0.3282.140.

Per Abdul's comment in http://b/71913328#comment46, it seems like we should target M65 for this instead, unless we hear otherwise about the urgency.

Fady, can you comment on the safety of the change for the M65 branch?  Is it risky to merge there, or do you expect it be safe?  Thanks!

Comment 9 by fsam...@chromium.org, Feb 6 2018 

I think it ought to be safe to merge in M65 at this point. Let's skip M64.
Project Member

Comment 10 by sheriffbot@chromium.org, Feb 6 2018

Labels: -Merge-Request-65 Hotlist-Merge-Approved Merge-Approved-65
Your change meets the bar and is auto-approved for M65. Please go ahead and merge the CL to branch 3325 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 11 by gov...@chromium.org, Feb 7 2018 

Pls merge your change to M65 branch 3325 before 2:00 PM PT tomorrow, Wednesday (02/07/18). Thank you.

Comment 12 by gov...@chromium.org, Feb 7 2018 

Pls merge your change to M65 branch 3325 ASAP so we can pick it up for next M65 Beta release. Thank you.
Project Member

Comment 13 by bugdroid1@chromium.org, Feb 7 2018

Labels: -merge-approved-65 merge-merged-3325
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/67dfa6f581eacce483aa33c3325d6107cc3e5ef4

commit 67dfa6f581eacce483aa33c3325d6107cc3e5ef4
Author: Fady Samuel <fsamuel@chromium.org>
Date: Wed Feb 07 19:32:31 2018

Site isolation: report local size to content

If a CSS scale is applied to an OOPIF, the physical backing size was
incorrectly set. The entirety of the OOPIF is expected to be displayed even
if scaled. With this change, the scaling occurs entirely in the parent and the
child is oblivious to the scaling.

Note that RenderWidgetHostView::GetViewBounds is used in different ways:

1. To set the layout size of the child renderer.
2. To know position for popups.

For 1, it should be oblivious to transforms in the parent.
For 2, it needs to take into account transforms in the parent.

To fix this, we need to decouple position and size. This is a fairly major
refactor, so I'll leave it outside the scope of this hotfix for an immediate
site isolation problem.

TBR=fsamuel@chromium.org

(cherry picked from commit 82fd52abc249b5535789a42d2ead47e45a44b580)

Bug:  806937 
Change-Id: I8efeab97002983071aa02519dbfa8a82cf0a9ba3
Reviewed-on: https://chromium-review.googlesource.com/891663
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Fady Samuel <fsamuel@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#533403}
Reviewed-on: https://chromium-review.googlesource.com/907212
Reviewed-by: Fady Samuel <fsamuel@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#367}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/frame_host/cross_process_frame_connector.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/frame_host/cross_process_frame_connector.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/renderer_host/frame_connector_delegate.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/renderer_host/frame_connector_delegate.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/renderer_host/render_widget_host_view_child_frame.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/renderer_host/render_widget_host_view_child_frame_unittest.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/common/frame_messages.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/renderer/render_frame_proxy.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/renderer/render_frame_proxy.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/test/content_browser_test_utils_internal.cc
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/test/content_browser_test_utils_internal.h
[add] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/content/test/data/frame_tree/page_with_scaled_frame.html
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/testing/buildbot/filters/viz.content_browsertests.filter
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/Source/core/frame/RemoteFrameClient.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/Source/core/frame/RemoteFrameClientImpl.cpp
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/Source/core/frame/RemoteFrameClientImpl.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/Source/core/frame/RemoteFrameView.cpp
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/Source/core/loader/EmptyClients.h
[modify] https://crrev.com/67dfa6f581eacce483aa33c3325d6107cc3e5ef4/third_party/WebKit/public/web/WebRemoteFrameClient.h

Comment 14 by fsam...@chromium.org, Feb 7 2018

Status: Fixed (was: Assigned)

Sign in to add a comment