| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/browser.h" | 5 #include "chrome/browser/browser.h" |
| 6 #include "chrome/browser/profile.h" | 6 #include "chrome/browser/profile.h" |
| 7 #include "chrome/browser/tab_contents/interstitial_page.h" | 7 #include "chrome/browser/tab_contents/interstitial_page.h" |
| 8 #include "chrome/browser/tab_contents/navigation_entry.h" | 8 #include "chrome/browser/tab_contents/navigation_entry.h" |
| 9 #include "chrome/browser/tab_contents/tab_contents.h" | 9 #include "chrome/browser/tab_contents/tab_contents.h" |
| 10 #include "chrome/common/pref_names.h" | 10 #include "chrome/common/pref_names.h" |
| (...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 | 225 |
| 226 // Because of cross-frame scripting restrictions, we cannot access the iframe | 226 // Because of cross-frame scripting restrictions, we cannot access the iframe |
| 227 // content. So to know if the frame was loaded, we just check if a popup was | 227 // content. So to know if the frame was loaded, we just check if a popup was |
| 228 // opened (the iframe content opens one). | 228 // opened (the iframe content opens one). |
| 229 // Note: because of bug 1115868, no constrained window is opened right now. | 229 // Note: because of bug 1115868, no constrained window is opened right now. |
| 230 // Once the bug is fixed, this will do the real check. | 230 // Once the bug is fixed, this will do the real check. |
| 231 EXPECT_EQ(0, static_cast<int>(tab->constrained_window_count())); | 231 EXPECT_EQ(0, static_cast<int>(tab->constrained_window_count())); |
| 232 | 232 |
| 233 int img_width; | 233 int img_width; |
| 234 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt( | 234 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractInt( |
| 235 tab, L"", L"window.domAutomationController.send(ImageWidth());", | 235 tab->render_view_host(), L"", |
| 236 &img_width)); | 236 L"window.domAutomationController.send(ImageWidth());", &img_width)); |
| 237 // In order to check that the image was not loaded, we check its width. | 237 // In order to check that the image was not loaded, we check its width. |
| 238 // The actual image (Google logo) is 114 pixels wide, we assume the broken | 238 // The actual image (Google logo) is 114 pixels wide, we assume the broken |
| 239 // image is less than 100. | 239 // image is less than 100. |
| 240 EXPECT_GT(100, img_width); | 240 EXPECT_GT(100, img_width); |
| 241 | 241 |
| 242 bool js_result = false; | 242 bool js_result = false; |
| 243 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( | 243 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 244 tab, L"", L"window.domAutomationController.send(IsFooSet());", | 244 tab->render_view_host(), L"", |
| 245 &js_result)); | 245 L"window.domAutomationController.send(IsFooSet());", &js_result)); |
| 246 EXPECT_FALSE(js_result); | 246 EXPECT_FALSE(js_result); |
| 247 } | 247 } |
| 248 | 248 |
| 249 // Visits a page with mixed content loaded by JS (after the initial page load). | 249 // Visits a page with mixed content loaded by JS (after the initial page load). |
| 250 IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) { | 250 IN_PROC_BROWSER_TEST_F(SSLUITest, TestMixedContentsLoadedFromJS) { |
| 251 scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); | 251 scoped_refptr<HTTPSTestServer> https_server = GoodCertServer(); |
| 252 scoped_refptr<HTTPTestServer> http_server = PlainServer(); | 252 scoped_refptr<HTTPTestServer> http_server = PlainServer(); |
| 253 | 253 |
| 254 ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW( | 254 ui_test_utils::NavigateToURL(browser(), https_server->TestServerPageW( |
| 255 L"files/ssl/page_with_dynamic_mixed_contents.html")); | 255 L"files/ssl/page_with_dynamic_mixed_contents.html")); |
| 256 | 256 |
| 257 TabContents* tab = browser()->GetSelectedTabContents(); | 257 TabContents* tab = browser()->GetSelectedTabContents(); |
| 258 CheckAuthenticatedState(tab, false, false); | 258 CheckAuthenticatedState(tab, false, false); |
| 259 | 259 |
| 260 // Load the insecure image. | 260 // Load the insecure image. |
| 261 bool js_result = false; | 261 bool js_result = false; |
| 262 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( | 262 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 263 tab, L"", L"loadBadImage();", &js_result)); | 263 tab->render_view_host(), L"", L"loadBadImage();", &js_result)); |
| 264 EXPECT_TRUE(js_result); | 264 EXPECT_TRUE(js_result); |
| 265 | 265 |
| 266 // We should now have mixed-contents. | 266 // We should now have mixed-contents. |
| 267 CheckAuthenticatedState(tab, true /* mixed-content */, false); | 267 CheckAuthenticatedState(tab, true /* mixed-content */, false); |
| 268 } | 268 } |
| 269 | 269 |
| 270 // Visits two pages from the same origin: one with mixed content and one | 270 // Visits two pages from the same origin: one with mixed content and one |
| 271 // without. The test checks that we propagate the mixed content state from one | 271 // without. The test checks that we propagate the mixed content state from one |
| 272 // to the other. | 272 // to the other. |
| 273 // TODO(jcampan): http://crbug.com/15072 this test fails. | 273 // TODO(jcampan): http://crbug.com/15072 this test fails. |
| (...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 571 | 571 |
| 572 TabContents* tab = browser()->GetSelectedTabContents(); | 572 TabContents* tab = browser()->GetSelectedTabContents(); |
| 573 ui_test_utils::NavigateToURL( | 573 ui_test_utils::NavigateToURL( |
| 574 browser(), | 574 browser(), |
| 575 good_https_server->TestServerPageW(L"files/ssl/top_frame.html")); | 575 good_https_server->TestServerPageW(L"files/ssl/top_frame.html")); |
| 576 | 576 |
| 577 CheckAuthenticatedState(tab, false, false); | 577 CheckAuthenticatedState(tab, false, false); |
| 578 | 578 |
| 579 bool success = false; | 579 bool success = false; |
| 580 // Now navigate inside the frame. | 580 // Now navigate inside the frame. |
| 581 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 581 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 582 L"", | 582 tab->render_view_host(), L"", |
| 583 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", | 583 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", |
| 584 &success)); | 584 &success)); |
| 585 EXPECT_TRUE(success); | 585 EXPECT_TRUE(success); |
| 586 ui_test_utils::WaitForNavigation(&tab->controller()); | 586 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 587 | 587 |
| 588 // We should still be fine. | 588 // We should still be fine. |
| 589 CheckAuthenticatedState(tab, false, false); | 589 CheckAuthenticatedState(tab, false, false); |
| 590 | 590 |
| 591 // Now let's hit a bad page. | 591 // Now let's hit a bad page. |
| 592 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 592 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 593 L"", | 593 tab->render_view_host(), L"", |
| 594 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", | 594 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", |
| 595 &success)); | 595 &success)); |
| 596 EXPECT_TRUE(success); | 596 EXPECT_TRUE(success); |
| 597 ui_test_utils::WaitForNavigation(&tab->controller()); | 597 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 598 | 598 |
| 599 // The security style should still be secure. | 599 // The security style should still be secure. |
| 600 CheckAuthenticatedState(tab, false, false); | 600 CheckAuthenticatedState(tab, false, false); |
| 601 | 601 |
| 602 // And the frame should be blocked. | 602 // And the frame should be blocked. |
| 603 bool is_content_evil = true; | 603 bool is_content_evil = true; |
| 604 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); | 604 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); |
| 605 std::wstring is_frame_evil_js( | 605 std::wstring is_frame_evil_js( |
| 606 L"window.domAutomationController" | 606 L"window.domAutomationController" |
| 607 L".send(document.getElementById('evilDiv') != null);"); | 607 L".send(document.getElementById('evilDiv') != null);"); |
| 608 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 608 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 609 tab->render_view_host(), |
| 609 content_frame_xpath, | 610 content_frame_xpath, |
| 610 is_frame_evil_js, | 611 is_frame_evil_js, |
| 611 &is_content_evil)); | 612 &is_content_evil)); |
| 612 EXPECT_FALSE(is_content_evil); | 613 EXPECT_FALSE(is_content_evil); |
| 613 | 614 |
| 614 // Now go back, our state should still be OK. | 615 // Now go back, our state should still be OK. |
| 615 tab->controller().GoBack(); | 616 tab->controller().GoBack(); |
| 616 ui_test_utils::WaitForNavigation(&tab->controller()); | 617 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 617 CheckAuthenticatedState(tab, false, false); | 618 CheckAuthenticatedState(tab, false, false); |
| 618 | 619 |
| 619 // Navigate to a page served over HTTP. | 620 // Navigate to a page served over HTTP. |
| 620 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 621 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 622 tab->render_view_host(), |
| 621 L"", | 623 L"", |
| 622 L"window.domAutomationController.send(clickLink('HTTPLink'));", | 624 L"window.domAutomationController.send(clickLink('HTTPLink'));", |
| 623 &success)); | 625 &success)); |
| 624 EXPECT_TRUE(success); | 626 EXPECT_TRUE(success); |
| 625 ui_test_utils::WaitForNavigation(&tab->controller()); | 627 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 626 | 628 |
| 627 // Our state should be mixed-content. | 629 // Our state should be mixed-content. |
| 628 CheckAuthenticatedState(tab, true, false); | 630 CheckAuthenticatedState(tab, true, false); |
| 629 | 631 |
| 630 // Go back, our state should be unchanged. | 632 // Go back, our state should be unchanged. |
| (...skipping 16 matching lines...) Expand all Loading... |
| 647 true); // Interstitial showing | 649 true); // Interstitial showing |
| 648 | 650 |
| 649 // Continue on the interstitial. | 651 // Continue on the interstitial. |
| 650 InterstitialPage* interstitial_page = tab->interstitial_page(); | 652 InterstitialPage* interstitial_page = tab->interstitial_page(); |
| 651 ASSERT_TRUE(interstitial_page); | 653 ASSERT_TRUE(interstitial_page); |
| 652 interstitial_page->Proceed(); | 654 interstitial_page->Proceed(); |
| 653 ui_test_utils::WaitForNavigation(&(tab->controller())); | 655 ui_test_utils::WaitForNavigation(&(tab->controller())); |
| 654 | 656 |
| 655 // Navigate to a good frame. | 657 // Navigate to a good frame. |
| 656 bool success = false; | 658 bool success = false; |
| 657 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 659 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 660 tab->render_view_host(), |
| 658 L"", | 661 L"", |
| 659 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", | 662 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", |
| 660 &success)); | 663 &success)); |
| 661 EXPECT_TRUE(success); | 664 EXPECT_TRUE(success); |
| 662 ui_test_utils::WaitForNavigation(&tab->controller()); | 665 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 663 | 666 |
| 664 // We should still be authentication broken. | 667 // We should still be authentication broken. |
| 665 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false); | 668 CheckAuthenticationBrokenState(tab, net::CERT_STATUS_DATE_INVALID, false); |
| 666 } | 669 } |
| 667 | 670 |
| 668 // From an HTTP top frame, navigate to good and bad HTTPS (security state should | 671 // From an HTTP top frame, navigate to good and bad HTTPS (security state should |
| 669 // stay unauthenticated). | 672 // stay unauthenticated). |
| 670 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) { | 673 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnauthenticatedFrameNavigation) { |
| 671 scoped_refptr<HTTPTestServer> http_server = PlainServer(); | 674 scoped_refptr<HTTPTestServer> http_server = PlainServer(); |
| 672 scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer(); | 675 scoped_refptr<HTTPSTestServer> good_https_server = GoodCertServer(); |
| 673 scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer(); | 676 scoped_refptr<HTTPSTestServer> bad_https_server = BadCertServer(); |
| 674 | 677 |
| 675 TabContents* tab = browser()->GetSelectedTabContents(); | 678 TabContents* tab = browser()->GetSelectedTabContents(); |
| 676 ui_test_utils::NavigateToURL( | 679 ui_test_utils::NavigateToURL( |
| 677 browser(), | 680 browser(), |
| 678 http_server->TestServerPageW(L"files/ssl/top_frame.html")); | 681 http_server->TestServerPageW(L"files/ssl/top_frame.html")); |
| 679 CheckUnauthenticatedState(tab); | 682 CheckUnauthenticatedState(tab); |
| 680 | 683 |
| 681 // Now navigate inside the frame to a secure HTTPS frame. | 684 // Now navigate inside the frame to a secure HTTPS frame. |
| 682 bool success = false; | 685 bool success = false; |
| 683 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 686 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 684 L"", | 687 tab->render_view_host(), L"", |
| 685 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", | 688 L"window.domAutomationController.send(clickLink('goodHTTPSLink'));", |
| 686 &success)); | 689 &success)); |
| 687 EXPECT_TRUE(success); | 690 EXPECT_TRUE(success); |
| 688 ui_test_utils::WaitForNavigation(&tab->controller()); | 691 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 689 | 692 |
| 690 // We should still be unauthenticated. | 693 // We should still be unauthenticated. |
| 691 CheckUnauthenticatedState(tab); | 694 CheckUnauthenticatedState(tab); |
| 692 | 695 |
| 693 // Now navigate to a bad HTTPS frame. | 696 // Now navigate to a bad HTTPS frame. |
| 694 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 697 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 698 tab->render_view_host(), |
| 695 L"", | 699 L"", |
| 696 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", | 700 L"window.domAutomationController.send(clickLink('badHTTPSLink'));", |
| 697 &success)); | 701 &success)); |
| 698 EXPECT_TRUE(success); | 702 EXPECT_TRUE(success); |
| 699 ui_test_utils::WaitForNavigation(&tab->controller()); | 703 ui_test_utils::WaitForNavigation(&tab->controller()); |
| 700 | 704 |
| 701 // State should not have changed. | 705 // State should not have changed. |
| 702 CheckUnauthenticatedState(tab); | 706 CheckUnauthenticatedState(tab); |
| 703 | 707 |
| 704 // And the frame should have been blocked (see bug #2316). | 708 // And the frame should have been blocked (see bug #2316). |
| 705 bool is_content_evil = true; | 709 bool is_content_evil = true; |
| 706 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); | 710 std::wstring content_frame_xpath(L"html/frameset/frame[2]"); |
| 707 std::wstring is_frame_evil_js( | 711 std::wstring is_frame_evil_js( |
| 708 L"window.domAutomationController" | 712 L"window.domAutomationController" |
| 709 L".send(document.getElementById('evilDiv') != null);"); | 713 L".send(document.getElementById('evilDiv') != null);"); |
| 710 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool(tab, | 714 EXPECT_TRUE(ui_test_utils::ExecuteJavaScriptAndExtractBool( |
| 711 content_frame_xpath, is_frame_evil_js, &is_content_evil)); | 715 tab->render_view_host(), content_frame_xpath, is_frame_evil_js, |
| 716 &is_content_evil)); |
| 712 EXPECT_FALSE(is_content_evil); | 717 EXPECT_FALSE(is_content_evil); |
| 713 } | 718 } |
| 714 | 719 |
| 715 // TODO(jcampan): more tests to do below. | 720 // TODO(jcampan): more tests to do below. |
| 716 | 721 |
| 717 // Visit a page over https that contains a frame with a redirect. | 722 // Visit a page over https that contains a frame with a redirect. |
| 718 | 723 |
| 719 // XMLHttpRequest mixed in synchronous mode. | 724 // XMLHttpRequest mixed in synchronous mode. |
| 720 | 725 |
| 721 // XMLHttpRequest mixed in asynchronous mode. | 726 // XMLHttpRequest mixed in asynchronous mode. |
| 722 | 727 |
| 723 // XMLHttpRequest over bad ssl in synchronous mode. | 728 // XMLHttpRequest over bad ssl in synchronous mode. |
| 724 | 729 |
| 725 // XMLHttpRequest over OK ssl in synchronous mode. | 730 // XMLHttpRequest over OK ssl in synchronous mode. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 150213:
Add a ExtensionBrowserTest base class (Closed)
