Prevent bindings escalation on an existing NavigationEntry.

content/browser/web_contents/navigation_entry_impl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_BROWSER_WEB_CONTENTS_NAVIGATION_ENTRY_IMPL_H_
 #define CONTENT_BROWSER_WEB_CONTENTS_NAVIGATION_ENTRY_IMPL_H_
 
 #include "base/basictypes.h"
 #include "base/memory/ref_counted.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/public/browser/favicon_status.h"
 #include "content/public/browser/global_request_id.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/common/ssl_status.h"
 
 namespace content {
 
 class CONTENT_EXPORT NavigationEntryImpl
     : public NON_EXPORTED_BASE(NavigationEntry) {
  public:
   static NavigationEntryImpl* FromNavigationEntry(NavigationEntry* entry);
 
+  // The value of bindings() before it is set during commit.
+  static int kInvalidBindings;
+
   NavigationEntryImpl();
   NavigationEntryImpl(SiteInstanceImpl* instance,
                       int page_id,
                       const GURL& url,
                       const Referrer& referrer,
                       const string16& title,
                       PageTransition transition_type,
                       bool is_renderer_initiated);
   virtual ~NavigationEntryImpl();
 
@@ skipping 51 matching lines @@
   // counted pointer to a shared site instance.
   //
   // Note that the SiteInstance should usually not be changed after it is set,
   // but this may happen if the NavigationEntry was cloned and needs to use a
   // different SiteInstance.
   void set_site_instance(SiteInstanceImpl* site_instance);
   SiteInstanceImpl* site_instance() const {
     return site_instance_.get();
   }
 
+  // Remember the set of bindings granted to this NavigationEntry at the time
+  // of commit, to ensure that we do not grant it additional bindings if we
+  // navigate back to it in the future.  This can only be changed once.
+  void SetBindings(int bindings);
+  int bindings() const {
+    return bindings_;
+  }
+
   void set_page_type(PageType page_type) {
     page_type_ = page_type;
   }
 
   bool has_virtual_url() const {
     return !virtual_url_.is_empty();
   }
 
   bool update_virtual_url_with_url() const {
     return update_virtual_url_with_url_;
@@ skipping 74 matching lines @@
   // WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
   // Session/Tab restore save portions of this class so that it can be recreated
   // later. If you add a new field that needs to be persisted you'll have to
   // update SessionService/TabRestoreService and Android WebView
   // state_serializer.cc appropriately.
   // WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 
   // See the accessors above for descriptions.
   int unique_id_;
   scoped_refptr<SiteInstanceImpl> site_instance_;
+  // TODO(creis): Persist bindings_. http://crbug.com/173672.
+  int bindings_;
   PageType page_type_;
   GURL url_;
   Referrer referrer_;
   GURL virtual_url_;
   bool update_virtual_url_with_url_;
   string16 title_;
   FaviconStatus favicon_;
   std::string content_state_;
   int32 page_id_;
   SSLStatus ssl_;
@@ skipping 66 matching lines @@
   // If not empty, the name of the frame to navigate. This field is not
   // persisted, because it is currently only used in tests.
   std::string frame_to_navigate_;
 
   // Copy and assignment is explicitly allowed for this class.
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_WEB_CONTENTS_NAVIGATION_ENTRY_IMPL_H_