mirror of
https://github.com/electron/electron.git
synced 2026-05-02 03:00:22 -04:00
8f0f8401f2
The frameNamesToWindow map was a holdover from the BrowserWindowProxy IPC shim. Since nativeWindowOpen became the only code path, Blink's FrameTree::FindOrCreateFrameForNavigation resolves named window targets directly in the renderer, scoped to the opener's browsing context group. When a matching named window exists, Blink navigates it without ever sending a CreateNewWindow IPC to the browser, so this map was never consulted in the legitimate same-opener case. The only time the map found a match was when two unrelated renderers happened to use the same target name, in which case openGuestWindow would short-circuit before consuming the guest WebContents that Chromium had already created for the new window, leaking it. Adds a test verifying Blink handles same-opener named-target reuse end-to-end without any browser-side tracking. Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Sam Attard <sattard@anthropic.com>