fix: use appropriate site instance for cross-site nav's (#15821)

* fix: use Chromium's determined new site instance as candidate when navigating.

When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().

fixes 8100.

* Revert "fix: use Chromium's determined new site instance as candidate when navigating."

This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.

* fix: delegate site instance creation back to content when sandboxed.

* fix: ensure site isolation is on

* test: adapt ut for cross-site navigation

* fix: register pending processes during a navigation.

* refactor: dont call loadURL for a window constructed from an existing webContents.

* test: add sandboxed affinity UT's.

* fix: check affinity before deciding if to force a new site instance.

* chore: adapt subsequent patch.

* refactor: constify logically const methods.

* fix: do not reuse site instances when navigation redirects cross-site.

* test: ensure localStorage accessible after x-site redirect.

* test: adapt localStorage acess denied UT for site isolation.

* fix: do not send render-view-deleted for speculative frames.

* chore: amend tests after rebase.

* test: add ut for webContents' render-view-deleted emission

* fix: introduce current-render-view-deleted for current RVH's deletions.

Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.

* refactor: style and comments fixed.

lib/browser/guest-window-manager.js

@@ -90,9 +90,9 @@ const setupGuest = function (embedder, frameName, guest, options) {
   }
   const closedByUser = function () {
     embedder._sendInternal('ELECTRON_GUEST_WINDOW_MANAGER_WINDOW_CLOSED_' + guestId)
-    embedder.removeListener('render-view-deleted', closedByEmbedder)
+    embedder.removeListener('current-render-view-deleted', closedByEmbedder)
   }
-  embedder.once('render-view-deleted', closedByEmbedder)
+  embedder.once('current-render-view-deleted', closedByEmbedder)
   guest.once('closed', closedByUser)
   if (frameName) {
     frameToGuest.set(frameName, guest)
@@ -118,28 +118,12 @@ const createGuest = function (embedder, url, referrer, frameName, options, postD
   }
 
   guest = new BrowserWindow(options)
-  if (!options.webContents || url !== 'about:blank') {
+  if (!options.webContents) {
     // We should not call `loadURL` if the window was constructed from an
-    // existing webContents(window.open in a sandboxed renderer) and if the url
-    // is not 'about:blank'.
+    // existing webContents (window.open in a sandboxed renderer).
     //
     // Navigating to the url when creating the window from an existing
-    // webContents would not be necessary(it will navigate there anyway), but
-    // apparently there's a bug that allows the child window to be scripted by
-    // the opener, even when the child window is from another origin.
-    //
-    // That's why the second condition(url !== "about:blank") is required: to
-    // force `OverrideSiteInstanceForNavigation` to be called and consequently
-    // spawn a new renderer if the new window is targeting a different origin.
-    //
-    // If the URL is "about:blank", then it is very likely that the opener just
-    // wants to synchronously script the popup, for example:
-    //
-    //     let popup = window.open()
-    //     popup.document.body.write('<h1>hello</h1>')
-    //
-    // The above code would not work if a navigation to "about:blank" is done
-    // here, since the window would be cleared of all changes in the next tick.
+    // webContents is not necessary (it will navigate there anyway).
     const loadOptions = {
       httpReferrer: referrer
     }