Merge tag '110.0.5481.100' into stable.lion

# Conflicts:
#	DEPS
#	chrome/VERSION
#	ui/base/clipboard/clipboard_util_mac.mm

DEPS

@@ -303,7 +303,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling V8
   # and whatever else without interference from each other.
-  'v8_revision': 'dc183b6f8195ebf0c4baa55fd14eddad48894258',
+  'v8_revision': '7999223ca1644726339aae43d9435c721c8a4bb0',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling ANGLE
   # and whatever else without interference from each other.
@@ -315,7 +315,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling PDFium
   # and whatever else without interference from each other.
-  'pdfium_revision': '3455086b5e30971f19cd1adb2358020782bdedce',
+  'pdfium_revision': 'b15f1b6966496c72391a0e2a1e20b4e6c28536fc',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling BoringSSL
   # and whatever else without interference from each other.
@@ -771,7 +771,7 @@ deps = {
 
   'src/clank': {
     'url': 'https://chrome-internal.googlesource.com/clank/internal/apps.git' + '@' +
-    'a1dd3cb074e1d7347c321515d9823a5d2b410592',
+    'af6b41acf323ec0f25da45ca0f527bd508c517e4',
     'condition': 'checkout_android and checkout_src_internal',
   },
 
@@ -1211,7 +1211,7 @@ deps = {
     Var('chromium_git') + '/devtools/devtools-frontend' + '@' + Var('devtools_frontend_revision'),
 
   'src/third_party/devtools-frontend-internal': {
-      'url': 'https://chrome-internal.googlesource.com/devtools/devtools-internal.git' + '@' + '1fbc689b1bd9e2fade05adaccaeec8aa7a9af57e',
+      'url': 'https://chrome-internal.googlesource.com/devtools/devtools-internal.git' + '@' + 'b4c9583c9dfa2baa725205b3c7866b4752a15c32',
     'condition': 'checkout_src_internal',
   },
 
@@ -1895,7 +1895,7 @@ deps = {
     Var('chromium_git') + '/v8/v8.git' + '@' +  Var('v8_revision'),
 
   'src-internal': {
-    'url': 'https://chrome-internal.googlesource.com/chrome/src-internal.git@3e35a22d44ba5e1992c40a3894911ad35a235d26',
+    'url': 'https://chrome-internal.googlesource.com/chrome/src-internal.git@da3eca9482f79af5b73f65ffeb6acde9df194eda',
     'condition': 'checkout_src_internal',
   },
 

chrome/VERSION

@@ -1,5 +1,5 @@
 MAJOR=110
 MINOR=0
 BUILD=5481
-PATCH=77
+PATCH=100
 LEGACYPATCH=1

chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc

@@ -62,14 +62,16 @@
 #include "chrome/browser/web_applications/web_app_registrar.h"
 #endif
 
-#if BUILDFLAG(IS_WIN)
-#include "base/win/shlwapi.h"
-#endif
-
 namespace features {
 BASE_FEATURE(kFileSystemAccessPersistentPermissions,
              "kFileSystemAccessPersistentPermissions",
              base::FEATURE_DISABLED_BY_DEFAULT);
+
+#if BUILDFLAG(IS_WIN)
+BASE_FEATURE(kFileSystemAccessLocalUNCPathBlock,
+             "kFileSystemAccessLocalUNCPathBlock",
+             base::FEATURE_ENABLED_BY_DEFAULT);
+#endif
 }  // namespace features
 
 namespace {
@@ -171,6 +173,51 @@ void ShowFileSystemAccessDangerousFileDialogOnUIThread(
                                           web_contents);
 }
 
+#if BUILDFLAG(IS_WIN)
+bool ContainsInvalidDNSCharacter(base::FilePath::StringType hostname) {
+  for (base::FilePath::CharType c : hostname) {
+    if (!((c >= L'A' && c <= L'Z') || (c >= L'a' && c <= L'z') ||
+          (c >= L'0' && c <= L'9') || (c == L'.') || (c == L'-'))) {
+      return true;
+    }
+  }
+  return false;
+}
+
+bool MaybeIsLocalUNCPath(const base::FilePath& path) {
+  if (!path.IsNetwork()) {
+    return false;
+  }
+
+  const std::vector<base::FilePath::StringType> components =
+      path.GetComponents();
+
+  // Check for server name that could represent a local system. We only
+  // check for a very short list, as it is impossible to cover all different
+  // variants on Windows.
+  if (components.size() >= 2 &&
+      (base::FilePath::CompareEqualIgnoreCase(components[1],
+                                              FILE_PATH_LITERAL("localhost")) ||
+       components[1] == FILE_PATH_LITERAL("127.0.0.1") ||
+       components[1] == FILE_PATH_LITERAL(".") ||
+       components[1] == FILE_PATH_LITERAL("?") ||
+       ContainsInvalidDNSCharacter(components[1]))) {
+    return true;
+  }
+
+  // In case we missed the server name check above, we also check for shares
+  // ending with '$' as they represent pre-defined shares, including the local
+  // drives.
+  for (size_t i = 2; i < components.size(); ++i) {
+    if (components[i].back() == L'$') {
+      return true;
+    }
+  }
+
+  return false;
+}
+#endif
+
 // Sentinel used to indicate that no PathService key is specified for a path in
 // the struct below.
 constexpr const int kNoBasePathKey = -1;
@@ -281,9 +328,13 @@ bool ShouldBlockAccessToPath(const base::FilePath& check_path,
   DCHECK(check_path.IsAbsolute());
 
 #if BUILDFLAG(IS_WIN)
-  // On Windows, UNC paths are rejected to avoid bypassing the block list.
-  if (PathIsUNC(check_path.value().c_str()))
+  // On Windows, local UNC paths are rejected, as UNC path can be written in a
+  // way that can bypass the blocklist.
+  if (base::FeatureList::IsEnabled(
+          features::kFileSystemAccessLocalUNCPathBlock) &&
+      MaybeIsLocalUNCPath(check_path)) {
     return true;
+  }
 #endif
 
   base::FilePath nearest_ancestor;

chrome/browser/file_system_access/chrome_file_system_access_permission_context.h

@@ -30,6 +30,11 @@ class BrowserContext;
 namespace features {
 // Enables persistent permissions for the File System Access API.
 BASE_DECLARE_FEATURE(kFileSystemAccessPersistentPermissions);
+
+#if BUILDFLAG(IS_WIN)
+// Enables blocking local UNC path on Windows for the File System Access API.
+BASE_DECLARE_FEATURE(kFileSystemAccessLocalUNCPathBlock);
+#endif
 }  // namespace features
 
 // Chrome implementation of FileSystemAccessPermissionContext. This class

chrome/browser/file_system_access/chrome_file_system_access_permission_context_unittest.cc

@@ -426,25 +426,76 @@ TEST_F(ChromeFileSystemAccessPermissionContextTest,
 #if BUILDFLAG(IS_WIN)
 TEST_F(ChromeFileSystemAccessPermissionContextTest,
        ConfirmSensitiveEntryAccess_UNCPath) {
+  if (!base::FeatureList::IsEnabled(
+          features::kFileSystemAccessLocalUNCPathBlock)) {
+    return;
+  }
+
+  EXPECT_EQ(
+      SensitiveDirectoryResult::kAllowed,
+      ConfirmSensitiveEntryAccessSync(
+          permission_context(), PathType::kLocal,
+          base::FilePath(FILE_PATH_LITERAL("\\\\server\\share\\foo\\bar")),
+          HandleType::kDirectory, UserAction::kOpen));
+
+  EXPECT_EQ(SensitiveDirectoryResult::kAllowed,
+            ConfirmSensitiveEntryAccessSync(
+                permission_context(), PathType::kLocal,
+                base::FilePath(FILE_PATH_LITERAL("c:\\\\foo\\bar")),
+                HandleType::kDirectory, UserAction::kOpen));
+
+  EXPECT_EQ(
+      SensitiveDirectoryResult::kAbort,
+      ConfirmSensitiveEntryAccessSync(
+          permission_context(), PathType::kLocal,
+          base::FilePath(FILE_PATH_LITERAL("\\\\localhost\\c$\\foo\\bar")),
+          HandleType::kDirectory, UserAction::kOpen));
+
   EXPECT_EQ(
       SensitiveDirectoryResult::kAbort,
       ConfirmSensitiveEntryAccessSync(
           permission_context(), PathType::kLocal,
-          base::FilePath(FILE_PATH_LITERAL("\\\\127.0.0.1\\c:\\Program Files")),
+          base::FilePath(FILE_PATH_LITERAL("\\\\LOCALHOST\\c$\\foo\\bar")),
           HandleType::kDirectory, UserAction::kOpen));
 
   EXPECT_EQ(
       SensitiveDirectoryResult::kAbort,
       ConfirmSensitiveEntryAccessSync(
           permission_context(), PathType::kLocal,
-          base::FilePath(FILE_PATH_LITERAL("\\\\127.0.0.1\\c:\\foo\\bar")),
+          base::FilePath(FILE_PATH_LITERAL("\\\\127.0.0.1\\c$\\foo\\bar")),
           HandleType::kDirectory, UserAction::kOpen));
 
+  EXPECT_EQ(SensitiveDirectoryResult::kAbort,
+            ConfirmSensitiveEntryAccessSync(
+                permission_context(), PathType::kLocal,
+                base::FilePath(FILE_PATH_LITERAL("\\\\.\\c:\\foo\\bar")),
+                HandleType::kDirectory, UserAction::kOpen));
+
+  EXPECT_EQ(SensitiveDirectoryResult::kAbort,
+            ConfirmSensitiveEntryAccessSync(
+                permission_context(), PathType::kLocal,
+                base::FilePath(FILE_PATH_LITERAL("\\\\?\\c:\\foo\\bar")),
+                HandleType::kDirectory, UserAction::kOpen));
+
+  EXPECT_EQ(SensitiveDirectoryResult::kAbort,
+            ConfirmSensitiveEntryAccessSync(
+                permission_context(), PathType::kLocal,
+                base::FilePath(FILE_PATH_LITERAL(
+                    "\\\\;LanmanRedirector\\localhost\\c$\\foo\\bar")),
+                HandleType::kDirectory, UserAction::kOpen));
+
+  EXPECT_EQ(SensitiveDirectoryResult::kAbort,
+            ConfirmSensitiveEntryAccessSync(
+                permission_context(), PathType::kLocal,
+                base::FilePath(
+                    FILE_PATH_LITERAL("\\\\.\\UNC\\LOCALHOST\\c:\\foo\\bar")),
+                HandleType::kDirectory, UserAction::kOpen));
+
   EXPECT_EQ(
       SensitiveDirectoryResult::kAbort,
       ConfirmSensitiveEntryAccessSync(
           permission_context(), PathType::kLocal,
-          base::FilePath(FILE_PATH_LITERAL("\\\\localhost\\c:\\Program Files")),
+          base::FilePath(FILE_PATH_LITERAL("\\\\myhostname\\c$\\foo\\bar")),
           HandleType::kDirectory, UserAction::kOpen));
 }
 #endif

chrome/installer/setup/setup_main.cc

@@ -1553,10 +1553,10 @@ int WINAPI wWinMain(HINSTANCE instance,
   if (is_uninstall)
     persistent_histogram_storage.Disable();
 
-  // Check to make sure current system is Win7 or later. If not, log
+  // Check to make sure current system is Win10 or later. If not, log
   // error message and get out.
   if (!InstallUtil::IsOSSupported()) {
-    LOG(ERROR) << "Chrome only supports Windows 7 or later.";
+    LOG(ERROR) << "Chrome only supports Windows 10 or later.";
     installer_state.WriteInstallerResult(installer::OS_NOT_SUPPORTED,
                                          IDS_INSTALL_OS_NOT_SUPPORTED_BASE,
                                          nullptr);

chrome/installer/util/install_util.cc

@@ -242,10 +242,10 @@ base::Version InstallUtil::GetCriticalUpdateVersion() {
 }
 
 bool InstallUtil::IsOSSupported() {
-  // We do not support anything prior to Windows 7.
+  // We do not support anything prior to Windows 10.
   VLOG(1) << base::SysInfo::OperatingSystemName() << ' '
           << base::SysInfo::OperatingSystemVersion();
-  return base::win::GetVersion() >= base::win::Version::WIN7;
+  return base::win::GetVersion() >= base::win::Version::WIN10;
 }
 
 void InstallUtil::AddInstallerResultItems(bool system_install,

chrome/updater/win/installer/installer.cc

@@ -315,7 +315,7 @@ ProcessExitResult InstallerMain(HMODULE module) {
   CHECK(EnableSecureDllLoading());
   EnableProcessHeapMetadataProtection();
 
-  if (base::win::GetVersion() < base::win::Version::WIN7) {
+  if (base::win::GetVersion() < base::win::Version::WIN10) {
     return ProcessExitResult(UNSUPPORTED_WINDOWS_VERSION);
   }
 

third_party/blink/renderer/core/frame/coop_access_violation_report_body.idl

@@ -5,7 +5,7 @@
 // https://html.spec.whatwg.org/C/#cross-origin-opener-policies
 
 [
-    Exposed=(Window,Worker)
+  LegacyNoInterfaceObject
 ] interface CoopAccessViolationReportBody : ReportBody {
   readonly attribute DOMString? sourceFile;
   readonly attribute unsigned long? lineNumber;

third_party/blink/renderer/core/frame/csp/csp_violation_report_body.idl

@@ -5,7 +5,7 @@
 // https://www.w3.org/TR/CSP3/#cspviolationreportbody
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface CSPViolationReportBody : ReportBody {
   readonly attribute USVString documentURL;
   readonly attribute USVString? referrer;

third_party/blink/renderer/core/frame/deprecation/deprecation_report_body.idl

@@ -5,7 +5,7 @@
 // https://wicg.github.io/reporting/#deprecation-report
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface DeprecationReportBody : ReportBody {
   readonly attribute DOMString id;
   [CallWith=ScriptState] readonly attribute object? anticipatedRemoval;

third_party/blink/renderer/core/frame/document_policy_violation_report_body.idl

@@ -5,7 +5,7 @@
 // https://w3c.github.io/webappsec-feature-policy/document-policy.html#reporting
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface DocumentPolicyViolationReportBody : ReportBody {
   readonly attribute DOMString featureId;
   readonly attribute DOMString? sourceFile;

third_party/blink/renderer/core/frame/intervention_report_body.idl

@@ -5,7 +5,7 @@
 // https://wicg.github.io/reporting/#intervention-report
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface InterventionReportBody : ReportBody {
   readonly attribute DOMString id;
   readonly attribute DOMString message;

third_party/blink/renderer/core/frame/permissions_policy_violation_report_body.idl

@@ -5,8 +5,7 @@
 // https://wicg.github.io/feature-policy/#reporting
 
 [
-    Exposed=(Window,Worker),
-    RuntimeEnabled=FeaturePolicyReporting
+    LegacyNoInterfaceObject
 ] interface PermissionsPolicyViolationReportBody : ReportBody {
   readonly attribute DOMString featureId;
   readonly attribute DOMString? sourceFile;

third_party/blink/renderer/core/frame/report.idl

@@ -5,7 +5,7 @@
 // https://github.com/WICG/reporting/blob/master/EXPLAINER.md#reportingobserver---observing-reports-from-javascript
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface Report {
     readonly attribute DOMString type;
     readonly attribute DOMString url;

third_party/blink/renderer/core/frame/report_body.idl

@@ -5,7 +5,7 @@
 // https://github.com/WICG/reporting/blob/master/EXPLAINER.md#reportingobserver---observing-reports-from-javascript
 
 [
-    Exposed=(Window,Worker)
+    LegacyNoInterfaceObject
 ] interface ReportBody {
     [CallWith=ScriptState] object toJSON();
 };

third_party/blink/web_tests/external/wpt/content-security-policy/securitypolicyviolation/idlharness.window-expected.txt

@@ -0,0 +1,56 @@
+This is a testharness.js-based test.
+Found 52 tests; 34 PASS, 18 FAIL, 0 TIMEOUT, 0 NOTRUN.
+PASS idl_test setup
+PASS idl_test validation
+FAIL CSPViolationReportBody interface: existence and properties of interface object assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface object length assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface object name assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: existence and properties of interface prototype object assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: existence and properties of interface prototype object's "constructor" property assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: existence and properties of interface prototype object's @@unscopables property assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: operation toJSON() assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute documentURL assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute referrer assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute blockedURL assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute effectiveDirective assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute originalPolicy assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute sourceFile assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute sample assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute disposition assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute statusCode assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute lineNumber assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+FAIL CSPViolationReportBody interface: attribute columnNumber assert_own_property: self does not have own property "CSPViolationReportBody" expected property "CSPViolationReportBody" missing
+PASS SecurityPolicyViolationEvent interface: existence and properties of interface object
+PASS SecurityPolicyViolationEvent interface object length
+PASS SecurityPolicyViolationEvent interface object name
+PASS SecurityPolicyViolationEvent interface: existence and properties of interface prototype object
+PASS SecurityPolicyViolationEvent interface: existence and properties of interface prototype object's "constructor" property
+PASS SecurityPolicyViolationEvent interface: existence and properties of interface prototype object's @@unscopables property
+PASS SecurityPolicyViolationEvent interface: attribute documentURI
+PASS SecurityPolicyViolationEvent interface: attribute referrer
+PASS SecurityPolicyViolationEvent interface: attribute blockedURI
+PASS SecurityPolicyViolationEvent interface: attribute effectiveDirective
+PASS SecurityPolicyViolationEvent interface: attribute violatedDirective
+PASS SecurityPolicyViolationEvent interface: attribute originalPolicy
+PASS SecurityPolicyViolationEvent interface: attribute sourceFile
+PASS SecurityPolicyViolationEvent interface: attribute sample
+PASS SecurityPolicyViolationEvent interface: attribute disposition
+PASS SecurityPolicyViolationEvent interface: attribute statusCode
+PASS SecurityPolicyViolationEvent interface: attribute lineNumber
+PASS SecurityPolicyViolationEvent interface: attribute columnNumber
+PASS SecurityPolicyViolationEvent must be primary interface of new SecurityPolicyViolationEvent("securitypolicyviolation")
+PASS Stringification of new SecurityPolicyViolationEvent("securitypolicyviolation")
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "documentURI" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "referrer" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "blockedURI" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "effectiveDirective" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "violatedDirective" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "originalPolicy" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "sourceFile" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "sample" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "disposition" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "statusCode" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "lineNumber" with the proper type
+PASS SecurityPolicyViolationEvent interface: new SecurityPolicyViolationEvent("securitypolicyviolation") must inherit property "columnNumber" with the proper type
+Harness: the test ran to completion.
+