fix: crash loading `about:blank` in subframes (#45694)

fix: crash loading about:blank in subframes

patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch

@@ -28,17 +28,17 @@ The patch should be removed in favor of either:
 Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
 
 diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
-index 0c67607fd99b2fceba176308a041c8f08643506a..82c4a7e1d441f1444d6ca32a56e8b0381209ec2f 100644
+index 0c67607fd99b2fceba176308a041c8f08643506a..6b38139e1b58db7c7a0c4d553ed2cdaa11a63d2d 100644
 --- a/content/browser/renderer_host/navigation_request.cc
 +++ b/content/browser/renderer_host/navigation_request.cc
 @@ -10980,6 +10980,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo() {
          "blob");
    }
  
-+  if (!IsInMainFrame() && !common_params().url.IsStandard()) {
++  if (!common_params().url.IsStandard() && !common_params().url.IsAboutBlank()) {
 +    return std::make_pair(url::Origin::Resolve(common_params().url,
-+                                               url::Origin()),
-+                          "url_non_standard");
++                                url::Origin()),
++          "url_non_standard");
 +  }
 +
    // In cases not covered above, URLLoaderFactory should be associated with the

spec/api-subframe-spec.ts

@@ -217,6 +217,40 @@ describe('renderer nodeIntegrationInSubFrames', () => {
   });
 });
 
+describe('subframe with non-standard schemes', () => {
+  it('should not crash when changing subframe src to about:blank and back', async () => {
+    const w = new BrowserWindow({ show: false, width: 400, height: 400 });
+
+    const fwfPath = path.resolve(__dirname, 'fixtures/sub-frames/frame-with-frame.html');
+    await w.loadFile(fwfPath);
+
+    const originalSrc = await w.webContents.executeJavaScript(`
+      const iframe = document.querySelector('iframe');
+      iframe.src;
+    `);
+
+    const updatedSrc = await w.webContents.executeJavaScript(`
+      new Promise((resolve, reject) => {
+        const iframe = document.querySelector('iframe');
+        iframe.src = 'about:blank';
+        resolve(iframe.src);
+      })
+    `);
+
+    expect(updatedSrc).to.equal('about:blank');
+
+    const restoredSrc = await w.webContents.executeJavaScript(`
+      new Promise((resolve, reject) => {
+        const iframe = document.querySelector('iframe');
+        iframe.src = '${originalSrc}';
+        resolve(iframe.src);
+      })
+    `);
+
+    expect(restoredSrc).to.equal(originalSrc);
+  });
+});
+
 // app.getAppMetrics() does not return sandbox information on Linux.
 ifdescribe(process.platform !== 'linux')('cross-site frame sandboxing', () => {
   let server: http.Server;