[APC][iOS] Implement same-site iframe extraction and cross-site redaction on iOS [chromium/src : main]

0 views
Skip to first unread message

Fikre Mengistu (Gerrit)

unread,
Jun 23, 2026, 5:47:54 PMJun 23
to Fikre Mengistu, Vincent Boisselle, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
Attention needed from Vincent Boisselle

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:
  • Vincent Boisselle
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
Gerrit-Change-Number: 7983196
Gerrit-PatchSet: 5
Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
Gerrit-Attention: Vincent Boisselle <vi...@google.com>
Gerrit-Comment-Date: Tue, 23 Jun 2026 21:47:43 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Vincent Boisselle (Gerrit)

unread,
Jun 26, 2026, 3:24:32 PM (12 days ago) Jun 26
to Fikre Mengistu, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
Attention needed from Fikre Mengistu

Vincent Boisselle added 6 comments

Patchset-level comments
File-level comment, Patchset 6 (Latest):
Vincent Boisselle . unresolved

I feel this change works different from the parent change , is it possible ?

here the redaction is done native side whereas in the parent CL the redaction is done from the iframe metadata coming from the renderer

File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
Line 735, Patchset 5: net::SchemefulSite main_frame_site(_webState->GetLastCommittedURL());
Vincent Boisselle . unresolved

I feel we should capture that when creating the wrapper to avoid toctou issues if navigation occurs during the async extraction

Line 738, Patchset 6 (Latest): annotatedPageContentBarrier.Run();
Vincent Boisselle . unresolved

note: so we drop extracting cross site frames?, this is what I was proposing in the parent cl of this cl

Line 1412, Patchset 6 (Latest): node->mutable_content_attributes()->set_attribute_type(
Vincent Boisselle . unresolved

not 100% sure we want to move this here

this is usually a fix proposed by the AI when xframe registration fails

File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper_unittest.mm
Line 7367, Patchset 6 (Latest): if (IsRefactored()) {
Vincent Boisselle . resolved

note: I think we can clean up the refactored VS non-refactored versions

but let's keep the test variant here until the cleanup

Line 7433, Patchset 6 (Latest): // Subdomain (same-site) text SHOULD be extracted.
Vincent Boisselle . unresolved

I think it is the other way around

Open in Gerrit

Related details

Attention is currently required from:
  • Fikre Mengistu
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
    Gerrit-Change-Number: 7983196
    Gerrit-PatchSet: 6
    Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
    Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Comment-Date: Fri, 26 Jun 2026 19:24:21 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Fikre Mengistu (Gerrit)

    unread,
    Jun 30, 2026, 1:38:19 AM (9 days ago) Jun 30
    to Fikre Mengistu, Nicolas MacBeth, Vincent Boisselle, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
    Attention needed from Nicolas MacBeth and Vincent Boisselle

    Fikre Mengistu added 6 comments

    Patchset-level comments
    Vincent Boisselle . unresolved

    I feel this change works different from the parent change , is it possible ?

    here the redaction is done native side whereas in the parent CL the redaction is done from the iframe metadata coming from the renderer

    Fikre Mengistu

    This CL introduces native C++ pre-extraction cross origin gating in PageContextWrapper. This enables redactions and avoids executing heavy JS extraction on cross-site subframes that would ultimately be discarded. When blocked, their placeholder pins flow into Andrew's sweep where they are redacted with REASON_CROSS_SITE if the same_site_only flag is enabled.

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
    Line 735, Patchset 5: net::SchemefulSite main_frame_site(_webState->GetLastCommittedURL());
    Vincent Boisselle . resolved

    I feel we should capture that when creating the wrapper to avoid toctou issues if navigation occurs during the async extraction

    Fikre Mengistu

    Done

    Line 738, Patchset 6: annotatedPageContentBarrier.Run();
    Vincent Boisselle . resolved

    note: so we drop extracting cross site frames?, this is what I was proposing in the parent cl of this cl

    Fikre Mengistu

    I believe it's fulfils what you are proposing the parent cl. This approach enables redactions while skipping unnecessary cross-site frame js extractions.

    Line 1412, Patchset 6: node->mutable_content_attributes()->set_attribute_type(
    Vincent Boisselle . unresolved

    not 100% sure we want to move this here

    this is usually a fix proposed by the AI when xframe registration fails

    Fikre Mengistu

    Setting attribute_type = CONTENT_ATTRIBUTE_IFRAME prior to registration here was intended for apc v1. Even in V1 mode, cross-origin iframes emit placeholder tokens, so setting the attribute type before returning ensures those placeholder pins identify as iframes when Andrew's sweep checks them. There was some talk about keeping apc v1 around for feature that may want a more lightweight extraction, so I still think this is worth keeping. wyt?

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper_unittest.mm
    Line 7367, Patchset 6: if (IsRefactored()) {
    Vincent Boisselle . resolved

    note: I think we can clean up the refactored VS non-refactored versions

    but let's keep the test variant here until the cleanup

    Fikre Mengistu

    Ack.

    Line 7433, Patchset 6: // Subdomain (same-site) text SHOULD be extracted.
    Vincent Boisselle . unresolved

    I think it is the other way around

    Fikre Mengistu

    I believe this is correctly written. Because include_same_site_only allows same-site frames, the subdomain iframe shares the main frame's net::SchemefulSite and should have its text extracted. Conversely, the third-party cross-site iframe has a different site, so gating blocks it and its text should not be extracted.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Nicolas MacBeth
    • Vincent Boisselle
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
    Gerrit-Change-Number: 7983196
    Gerrit-PatchSet: 7
    Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
    Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Attention: Vincent Boisselle <vi...@google.com>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 05:38:12 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Vincent Boisselle <vi...@google.com>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Vincent Boisselle (Gerrit)

    unread,
    Jun 30, 2026, 11:39:44 AM (8 days ago) Jun 30
    to Fikre Mengistu, Nicolas MacBeth, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
    Attention needed from Fikre Mengistu and Nicolas MacBeth

    Vincent Boisselle added 7 comments

    Patchset-level comments
    Vincent Boisselle . unresolved

    I feel this change works different from the parent change , is it possible ?

    here the redaction is done native side whereas in the parent CL the redaction is done from the iframe metadata coming from the renderer

    Fikre Mengistu

    This CL introduces native C++ pre-extraction cross origin gating in PageContextWrapper. This enables redactions and avoids executing heavy JS extraction on cross-site subframes that would ultimately be discarded. When blocked, their placeholder pins flow into Andrew's sweep where they are redacted with REASON_CROSS_SITE if the same_site_only flag is enabled.

    Vincent Boisselle

    Ok so they sort of work in tandem ? we redact before extraction and also feed the redaction data from the renderer extraction but without actually extracting the content of that frame where we just want the "metadata"

    File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
    Line 880, Patchset 7 (Latest): // post-processing can determine if it is cross-site.
    Vincent Boisselle . unresolved

    add also a note that this data will be replaced with the full metadata when resolving the placeholders if the frame data isn't redacted

    Line 884, Patchset 7 (Latest): *iframe_data, destination_node, origin,
    Vincent Boisselle . unresolved

    C++ Style Improvement:

    In Chromium C++, it is much more idiomatic and readable to use `base::NullCallback()` to generate empty callbacks:

    ```cpp
    PopulateIframeData(*iframe_data, destination_node, origin, base::NullCallback());
    ```

    Line 1113, Patchset 7 (Latest): net::SchemefulSite main_frame_site(main_frame_url);
    Vincent Boisselle . unresolved

    Missing Header Include:

    You use `net::SchemefulSite` here, but this file is missing the explicit include for it. Relying on transitive includes can be fragile and might lead to future (or current) compilation errors.

    Please add `#import "net/base/schemeful_site.h"` at the top of the file.

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
    Line 807, Patchset 7 (Latest): }
    Vincent Boisselle . unresolved

    TOCTOU & Potential Null Pointer Crash:

    By querying `_webState->GetLastCommittedURL()` again here, you defeat the purpose of caching `_mainFrameSite` in the constructor (which was added specifically to prevent TOCTOU race conditions). Also, `_webState` is a `base::WeakPtr`, so dereferencing it using `->` inside this loop without first checking its validity can lead to a crash if the web state was destroyed during the asynchronous operations.

    Use the cached `_mainFrameSite` instance variable instead, just as you successfully did in the refactored path loop earlier in the file:
    ```objc
    if (_config->include_same_site_only()) {
    net::SchemefulSite child_site(webFrame->GetSecurityOrigin());
    if (_mainFrameSite != child_site) {
    annotatedPageContentBarrier.Run();
    continue;
    }
    }
    ```
    Line 1412, Patchset 6: node->mutable_content_attributes()->set_attribute_type(
    Vincent Boisselle . unresolved

    not 100% sure we want to move this here

    this is usually a fix proposed by the AI when xframe registration fails

    Fikre Mengistu

    Setting attribute_type = CONTENT_ATTRIBUTE_IFRAME prior to registration here was intended for apc v1. Even in V1 mode, cross-origin iframes emit placeholder tokens, so setting the attribute type before returning ensures those placeholder pins identify as iframes when Andrew's sweep checks them. There was some talk about keeping apc v1 around for feature that may want a more lightweight extraction, so I still think this is worth keeping. wyt?

    Vincent Boisselle

    ack, I think I see in the changes that was moved it back to after ?


    I think setting the content attribute type too early may mess up with
    ```
    void MergeContent(optimization_guide::proto::ContentNode* placeholder,
    FrameGrafter::FrameContent&& frame_content,
    autofill::RemoteFrameToken document_id) {
    if (placeholder->content_attributes().attribute_type() ==
    optimization_guide::proto::CONTENT_ATTRIBUTE_IFRAME) {
    // Rich Extraction: The placeholder is already assigned as an
    // iframe, this means that the data in the `placeholder` is already
    // partially set so do a partial merge in this case. The iframe content tree
    // needs to be added as a child of the attributed iframe ContentNode.
    // Content starts from the page root (like for the main frame).
    optimization_guide::proto::FrameData* frame_data =
    placeholder->mutable_content_attributes()
    ->mutable_iframe_data()
    ->mutable_frame_data();
    frame_data->Swap(&frame_content.frame_data);
    // Set the document identifier here because it is not available in the
    // frame data extracted for the entire page which is the case for
    // cross-origin frames that require grafting.
    frame_data->mutable_document_identifier()->set_serialized_token(
    document_id.ToString());
    *placeholder->add_children_nodes() = std::move(frame_content.content);
      } else {
    // Light Extraction: The placeholder doesn't hold any partial data,
    // it means that the whole ContentNode for the iframe is provided from the
    // content stored in `unregistered_content_.
    *placeholder = std::move(frame_content.content);
    }
    }
    ```

    discerning between "legacy" and rich extraction

    Also

    One caveat of putting it before was that CONTENT_ATTRIBUTE_IFRAME would be set and some tests only checked that attribute to verify whether the iframe content was grafted , but if the tests are complete enough they would look at more stuff so they can catch regressions where the content stops being grafted

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper_unittest.mm
    Line 7433, Patchset 6: // Subdomain (same-site) text SHOULD be extracted.
    Vincent Boisselle . resolved

    I think it is the other way around

    Fikre Mengistu

    I believe this is correctly written. Because include_same_site_only allows same-site frames, the subdomain iframe shares the main frame's net::SchemefulSite and should have its text extracted. Conversely, the third-party cross-site iframe has a different site, so gating blocks it and its text should not be extracted.

    Vincent Boisselle

    right, sorry I think I read "redacted" instead of "extracted"

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Fikre Mengistu
    • Nicolas MacBeth
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
    Gerrit-Change-Number: 7983196
    Gerrit-PatchSet: 7
    Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
    Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Comment-Date: Tue, 30 Jun 2026 15:39:32 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Fikre Mengistu <fikrem...@chromium.org>
    Comment-In-Reply-To: Vincent Boisselle <vi...@google.com>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Fikre Mengistu (Gerrit)

    unread,
    Jul 1, 2026, 12:07:21 PM (7 days ago) Jul 1
    to Fikre Mengistu, Nicolas MacBeth, Vincent Boisselle, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
    Attention needed from Nicolas MacBeth and Vincent Boisselle

    Fikre Mengistu added 6 comments

    Patchset-level comments
    Vincent Boisselle . unresolved

    I feel this change works different from the parent change , is it possible ?

    here the redaction is done native side whereas in the parent CL the redaction is done from the iframe metadata coming from the renderer

    Fikre Mengistu

    This CL introduces native C++ pre-extraction cross origin gating in PageContextWrapper. This enables redactions and avoids executing heavy JS extraction on cross-site subframes that would ultimately be discarded. When blocked, their placeholder pins flow into Andrew's sweep where they are redacted with REASON_CROSS_SITE if the same_site_only flag is enabled.

    Vincent Boisselle

    Ok so they sort of work in tandem ? we redact before extraction and also feed the redaction data from the renderer extraction but without actually extracting the content of that frame where we just want the "metadata"

    Fikre Mengistu

    Yes, if same_site_only is enabled, we prevent the extraction of cross site subframe from happening to prevent unnecessary work. In the main frame's extraction, we put a placeholder in place of the cross site iframe that inlcudes site metada, and the frame grafter in the end will look at the placeholder and replace it with a redaction node.

    File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
    Line 880, Patchset 7: // post-processing can determine if it is cross-site.
    Vincent Boisselle . resolved

    add also a note that this data will be replaced with the full metadata when resolving the placeholders if the frame data isn't redacted

    Fikre Mengistu

    Done

    Line 884, Patchset 7: *iframe_data, destination_node, origin,
    Vincent Boisselle . resolved

    C++ Style Improvement:

    In Chromium C++, it is much more idiomatic and readable to use `base::NullCallback()` to generate empty callbacks:

    ```cpp
    PopulateIframeData(*iframe_data, destination_node, origin, base::NullCallback());
    ```

    Fikre Mengistu

    Done

    Line 1113, Patchset 7: net::SchemefulSite main_frame_site(main_frame_url);
    Vincent Boisselle . resolved

    Missing Header Include:

    You use `net::SchemefulSite` here, but this file is missing the explicit include for it. Relying on transitive includes can be fragile and might lead to future (or current) compilation errors.

    Please add `#import "net/base/schemeful_site.h"` at the top of the file.

    Fikre Mengistu

    that import statement is already exists at the top of this file.

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
    Line 807, Patchset 7: }
    Vincent Boisselle . resolved

    TOCTOU & Potential Null Pointer Crash:

    By querying `_webState->GetLastCommittedURL()` again here, you defeat the purpose of caching `_mainFrameSite` in the constructor (which was added specifically to prevent TOCTOU race conditions). Also, `_webState` is a `base::WeakPtr`, so dereferencing it using `->` inside this loop without first checking its validity can lead to a crash if the web state was destroyed during the asynchronous operations.

    Use the cached `_mainFrameSite` instance variable instead, just as you successfully did in the refactored path loop earlier in the file:
    ```objc
    if (_config->include_same_site_only()) {
    net::SchemefulSite child_site(webFrame->GetSecurityOrigin());
    if (_mainFrameSite != child_site) {
    annotatedPageContentBarrier.Run();
    continue;
    }
    }
    ```
    Fikre Mengistu

    Done. Thanks for the catch.

    Line 1412, Patchset 6: node->mutable_content_attributes()->set_attribute_type(
    Vincent Boisselle . resolved
    Fikre Mengistu

    Acknowledged. I removed the change from this CL, and will follow up with you about possibly making this change in conjunction with the changes in mergecontent and tests.

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Nicolas MacBeth
    • Vincent Boisselle
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
    Gerrit-Change-Number: 7983196
    Gerrit-PatchSet: 8
    Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
    Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Attention: Vincent Boisselle <vi...@google.com>
    Gerrit-Comment-Date: Wed, 01 Jul 2026 16:07:13 +0000
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Vincent Boisselle (Gerrit)

    unread,
    Jul 1, 2026, 5:45:34 PM (7 days ago) Jul 1
    to Fikre Mengistu, Nicolas MacBeth, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
    Attention needed from Fikre Mengistu and Nicolas MacBeth

    Vincent Boisselle voted and added 1 comment

    Votes added by Vincent Boisselle

    Code-Review+1

    1 comment

    Patchset-level comments
    File-level comment, Patchset 6:
    Vincent Boisselle . resolved

    I feel this change works different from the parent change , is it possible ?

    here the redaction is done native side whereas in the parent CL the redaction is done from the iframe metadata coming from the renderer

    Fikre Mengistu

    This CL introduces native C++ pre-extraction cross origin gating in PageContextWrapper. This enables redactions and avoids executing heavy JS extraction on cross-site subframes that would ultimately be discarded. When blocked, their placeholder pins flow into Andrew's sweep where they are redacted with REASON_CROSS_SITE if the same_site_only flag is enabled.

    Vincent Boisselle

    Ok so they sort of work in tandem ? we redact before extraction and also feed the redaction data from the renderer extraction but without actually extracting the content of that frame where we just want the "metadata"

    Fikre Mengistu

    Yes, if same_site_only is enabled, we prevent the extraction of cross site subframe from happening to prevent unnecessary work. In the main frame's extraction, we put a placeholder in place of the cross site iframe that inlcudes site metada, and the frame grafter in the end will look at the placeholder and replace it with a redaction node.

    Vincent Boisselle

    Acknowledged

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Fikre Mengistu
    • Nicolas MacBeth
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
    Gerrit-Change-Number: 7983196
    Gerrit-PatchSet: 8
    Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
    Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
    Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
    Gerrit-Comment-Date: Wed, 01 Jul 2026 21:45:26 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Nicolas MacBeth (Gerrit)

    unread,
    Jul 2, 2026, 3:29:36 PM (6 days ago) Jul 2
    to Fikre Mengistu, Vincent Boisselle, chromium...@chromium.org, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
    Attention needed from Fikre Mengistu

    Nicolas MacBeth voted and added 5 comments

    Votes added by Nicolas MacBeth

    Code-Review+1
    Commit-Queue+1

    5 comments

    Patchset-level comments
    File-level comment, Patchset 8 (Latest):
    Nicolas MacBeth . unresolved

    thanks Fikre! looks great! see some comments and one ask here:

    can you look at the actor_service's page context extraction and add the flag there to be used please? (correct me if i'm wrong but we want this for actuation stuff only, correct?)

    File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.h
    Line 97, Patchset 7: bool include_same_site_only,
    Nicolas MacBeth . unresolved

    nit: update the comment to briefly explain `include_same_site_only`

    File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
    Line 1110, Patchset 8 (Latest): if (!include_same_site_only) {
    Nicolas MacBeth . unresolved

    can you add a comment here why we need this?

    Line 1127, Patchset 8 (Latest): placeholder->content_attributes().iframe_data().frame_data().url());
    Nicolas MacBeth . unresolved

    This is an AI recommendation, and I'm a little outside the context right now so you'll know better whether this is actionable or not: we are doing security-related things with this information, but it comes from untrusted JS-based sources. should we be validating this URL or checking it somehow? sorry if this is very ambiguous

    File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
    Line 285, Patchset 8 (Latest): GURL url = _webState->GetVisibleURL();
    Nicolas MacBeth . unresolved

    I think `GetLastCommitedURL` is better security-wise, can you confirm? If so, can you update this existing code to make sure we're consistent?

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Fikre Mengistu
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement satisfiedCode-Owners
      • requirement satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
      Gerrit-Change-Number: 7983196
      Gerrit-PatchSet: 8
      Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
      Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
      Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
      Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
      Gerrit-Comment-Date: Thu, 02 Jul 2026 19:29:27 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Fikre Mengistu (Gerrit)

      unread,
      12:34 AM (17 hours ago) 12:34 AM
      to Fikre Mengistu, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, Nicolas MacBeth, Vincent Boisselle, chromium...@chromium.org, ios-actor...@google.com, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
      Attention needed from Nicolas MacBeth

      Fikre Mengistu added 5 comments

      Patchset-level comments
      File-level comment, Patchset 8:
      Nicolas MacBeth . resolved

      thanks Fikre! looks great! see some comments and one ask here:

      can you look at the actor_service's page context extraction and add the flag there to be used please? (correct me if i'm wrong but we want this for actuation stuff only, correct?)

      Fikre Mengistu

      Yes, redactions will only be enabled for agentic tasks. I was going to enable the flag in a separate CL, but it can also be done here. Done.

      File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.h
      Line 97, Patchset 7: bool include_same_site_only,
      Nicolas MacBeth . resolved

      nit: update the comment to briefly explain `include_same_site_only`

      Fikre Mengistu

      Done

      File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
      Line 1110, Patchset 8: if (!include_same_site_only) {
      Nicolas MacBeth . resolved

      can you add a comment here why we need this?

      Fikre Mengistu

      Done

      Line 1127, Patchset 8: placeholder->content_attributes().iframe_data().frame_data().url());
      Nicolas MacBeth . unresolved

      This is an AI recommendation, and I'm a little outside the context right now so you'll know better whether this is actionable or not: we are doing security-related things with this information, but it comes from untrusted JS-based sources. should we be validating this URL or checking it somehow? sorry if this is very ambiguous

      Fikre Mengistu

      Subframe extraction gating in PageContextWrapper uses C++ browser state (`webFrame->GetSecurityOrigin()`) rather than the JS-reported placeholder URL, so spoofed JS URLs cannot trick the crawler into extracting cross-site content. Even if the URL extracted in js is misrepresented here, the subframe's DOM/text was already blocked from being extracted, leaving an empty node with zero data here.

      File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
      Line 285, Patchset 8: GURL url = _webState->GetVisibleURL();
      Nicolas MacBeth . resolved

      I think `GetLastCommitedURL` is better security-wise, can you confirm? If so, can you update this existing code to make sure we're consistent?

      Fikre Mengistu

      Done

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Nicolas MacBeth
      Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement is not satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
      Gerrit-Change-Number: 7983196
      Gerrit-PatchSet: 9
      Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
      Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
      Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
      Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
      Gerrit-Comment-Date: Wed, 08 Jul 2026 04:34:30 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      Comment-In-Reply-To: Nicolas MacBeth <nicolas...@google.com>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Vincent Boisselle (Gerrit)

      unread,
      3:42 PM (2 hours ago) 3:42 PM
      to Fikre Mengistu, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, Nicolas MacBeth, chromium...@chromium.org, ios-actor...@google.com, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
      Attention needed from Fikre Mengistu and Nicolas MacBeth

      Vincent Boisselle voted and added 3 comments

      Votes added by Vincent Boisselle

      Code-Review+1

      3 comments

      File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
      Line 1119, Patchset 9 (Latest): GURL main_frame_url(apc->main_frame_data().url());
      Vincent Boisselle . unresolved

      we have changed how this works in the parent cl

      File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper.mm
      Line 740, Patchset 9 (Latest): net::SchemefulSite child_site(webFrame->GetSecurityOrigin());
      Vincent Boisselle . unresolved

      childSite

      File ios/chrome/browser/intelligence/proto_wrappers/page_context_wrapper_unittest.mm
      Line 7518, Patchset 9 (Latest): EXPECT_FALSE(subdomain_node->content_attributes()
      Vincent Boisselle . unresolved

      can u verify that there are children as well ?

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Fikre Mengistu
      • Nicolas MacBeth
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement is not satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement is not satisfiedNo-Unresolved-Comments
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
        Gerrit-Change-Number: 7983196
        Gerrit-PatchSet: 9
        Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
        Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
        Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
        Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
        Gerrit-Attention: Nicolas MacBeth <nicolas...@google.com>
        Gerrit-Comment-Date: Wed, 08 Jul 2026 19:42:47 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        unsatisfied_requirement
        open
        diffy

        Nicolas MacBeth (Gerrit)

        unread,
        4:05 PM (2 hours ago) 4:05 PM
        to Fikre Mengistu, Vincent Boisselle, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, ios-actor...@google.com, ios-revie...@chromium.org, ios-r...@chromium.org, marq+...@chromium.org
        Attention needed from Fikre Mengistu

        Nicolas MacBeth voted and added 2 comments

        Votes added by Nicolas MacBeth

        Code-Review+1

        2 comments

        Patchset-level comments
        File-level comment, Patchset 9 (Latest):
        Nicolas MacBeth . resolved

        thanks!

        File ios/chrome/browser/intelligence/proto_wrappers/annotated_page_content_extraction_utils.mm
        Line 1127, Patchset 8: placeholder->content_attributes().iframe_data().frame_data().url());
        Nicolas MacBeth . resolved

        This is an AI recommendation, and I'm a little outside the context right now so you'll know better whether this is actionable or not: we are doing security-related things with this information, but it comes from untrusted JS-based sources. should we be validating this URL or checking it somehow? sorry if this is very ambiguous

        Fikre Mengistu

        Subframe extraction gating in PageContextWrapper uses C++ browser state (`webFrame->GetSecurityOrigin()`) rather than the JS-reported placeholder URL, so spoofed JS URLs cannot trick the crawler into extracting cross-site content. Even if the URL extracted in js is misrepresented here, the subframe's DOM/text was already blocked from being extracted, leaving an empty node with zero data here.

        Nicolas MacBeth

        Acknowledged

        Open in Gerrit

        Related details

        Attention is currently required from:
        • Fikre Mengistu
        Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement is not satisfiedNo-Unresolved-Comments
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: Icacb3e205ea25f32c5e27c479f6e88542f82b3e2
        Gerrit-Change-Number: 7983196
        Gerrit-PatchSet: 9
        Gerrit-Owner: Fikre Mengistu <fikrem...@chromium.org>
        Gerrit-Reviewer: Nicolas MacBeth <nicolas...@google.com>
        Gerrit-Reviewer: Vincent Boisselle <vi...@google.com>
        Gerrit-Attention: Fikre Mengistu <fikrem...@chromium.org>
        Gerrit-Comment-Date: Wed, 08 Jul 2026 20:05:33 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: Yes
        Comment-In-Reply-To: Fikre Mengistu <fikrem...@chromium.org>
        Comment-In-Reply-To: Nicolas MacBeth <nicolas...@google.com>
        satisfied_requirement
        unsatisfied_requirement
        open
        diffy
        Reply all
        Reply to author
        Forward
        0 new messages