Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(697)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/resource_dispatcher_host_uitest.cc

Issue 7748022: Protect sensistive chrome: and chrome-extension: schemes as not being able to be manipulated by b... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/renderer/chrome_content_renderer_client.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <sstream> 5 #include <sstream>
6 #include <string> 6 #include <string>
7 7
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/file_path.h" 9 #include "base/file_path.h"
10 #include "base/path_service.h" 10 #include "base/path_service.h"
11 #include "base/string_util.h" 11 #include "base/string_util.h"
12 #include "base/utf_string_conversions.h"
12 #include "base/test/test_timeouts.h" 13 #include "base/test/test_timeouts.h"
13 #include "chrome/test/automation/automation_proxy.h" 14 #include "chrome/test/automation/automation_proxy.h"
14 #include "chrome/test/automation/browser_proxy.h" 15 #include "chrome/test/automation/browser_proxy.h"
15 #include "chrome/test/automation/tab_proxy.h" 16 #include "chrome/test/automation/tab_proxy.h"
16 #include "chrome/test/ui/ui_test.h" 17 #include "chrome/test/ui/ui_test.h"
17 #include "content/browser/net/url_request_failed_dns_job.h" 18 #include "content/browser/net/url_request_failed_dns_job.h"
18 #include "content/browser/net/url_request_mock_http_job.h" 19 #include "content/browser/net/url_request_mock_http_job.h"
19 #include "content/common/test_url_constants.h" 20 #include "content/common/test_url_constants.h"
20 #include "content/common/url_constants.h" 21 #include "content/common/url_constants.h"
21 #include "net/base/net_util.h" 22 #include "net/base/net_util.h"
(...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after
349 // Check that the cookie was set, meaning that the onunload handler ran. 350 // Check that the cookie was set, meaning that the onunload handler ran.
350 std::string value_result; 351 std::string value_result;
351 EXPECT_TRUE(tab->GetCookieByName(url, "onunloadCookie", &value_result)); 352 EXPECT_TRUE(tab->GetCookieByName(url, "onunloadCookie", &value_result));
352 EXPECT_FALSE(value_result.empty()); 353 EXPECT_FALSE(value_result.empty());
353 EXPECT_STREQ("foo", value_result.c_str()); 354 EXPECT_STREQ("foo", value_result.c_str());
354 355
355 // Check that renderer-initiated navigations still work. In a previous bug, 356 // Check that renderer-initiated navigations still work. In a previous bug,
356 // the ResourceDispatcherHost would think that such navigations were 357 // the ResourceDispatcherHost would think that such navigations were
357 // cross-site, because we didn't clean up from the previous request. Since 358 // cross-site, because we didn't clean up from the previous request. Since
358 // TabContents was in the NORMAL state, it would ignore the attempt to run 359 // TabContents was in the NORMAL state, it would ignore the attempt to run
359 // the onunload handler, and the navigation would fail. 360 // the onunload handler, and the navigation would fail. We would like to
360 // (Test by redirecting to javascript:window.location='someURL'.) 361 // test by redirecting to javascript:window.location='someURL', but
362 // javascript: URLs are prohibited by policy from interacting with sensitive
363 // chrome pages of which the error page is one. Instead, use automation to
364 // kick off the navigation, and wait to see that the tab loads.
Charlie Reis 2011/08/30 16:55:59 This ExecuteAndExtractBool approach looks great.
365 bool success;
361 GURL test_url(test_server.GetURL("files/title2.html")); 366 GURL test_url(test_server.GetURL("files/title2.html"));
362 std::string redirect_url = "javascript:window.location='" + 367 std::string redirect_script = "window.location='" +
363 test_url.possibly_invalid_spec() + "'"; 368 test_url.possibly_invalid_spec() + "';" +
364 ASSERT_EQ(AUTOMATION_MSG_NAVIGATION_SUCCESS, 369 "window.domAutomationController.send(true);";
365 tab->NavigateToURL(GURL(redirect_url))); 370 EXPECT_TRUE(tab->ExecuteAndExtractBool(
366 EXPECT_TRUE(tab->GetTabTitle(&tab_title)); 371 L"", ASCIIToWide(redirect_script), &success));
367 EXPECT_EQ(L"Title Of Awesomeness", tab_title); 372 EXPECT_TRUE(WaitUntilJavaScriptCondition(
Charlie Reis 2011/08/30 16:55:59 I'm a little concerned about this wait being flaky
373 tab.get(), L"", L"window.domAutomationController.send("
374 L"document.title == 'Title Of Awesomeness')",
375 20000));
368 } 376 }
369 377
370 TEST_F(ResourceDispatcherTest, CrossOriginRedirectBlocked) { 378 TEST_F(ResourceDispatcherTest, CrossOriginRedirectBlocked) {
371 // We expect the following URL requests from this test: 379 // We expect the following URL requests from this test:
372 // 1- http://mock.http/cross-origin-redirect-blocked.html 380 // 1- http://mock.http/cross-origin-redirect-blocked.html
373 // 2- http://mock.http/redirect-to-title2.html 381 // 2- http://mock.http/redirect-to-title2.html
374 // 3- http://mock.http/title2.html 382 // 3- http://mock.http/title2.html
375 // 383 //
376 // If the redirect in #2 were not blocked, we'd also see a request 384 // If the redirect in #2 were not blocked, we'd also see a request
377 // for http://mock.http:4000/title2.html, and the title would be different. 385 // for http://mock.http:4000/title2.html, and the title would be different.
(...skipping 18 matching lines...) Expand all
396 GURL broken_url("chrome://theme"); 404 GURL broken_url("chrome://theme");
397 ASSERT_EQ(AUTOMATION_MSG_NAVIGATION_SUCCESS, tab->NavigateToURL(broken_url)); 405 ASSERT_EQ(AUTOMATION_MSG_NAVIGATION_SUCCESS, tab->NavigateToURL(broken_url));
398 406
399 // Make sure the navigation finishes. 407 // Make sure the navigation finishes.
400 std::wstring tab_title; 408 std::wstring tab_title;
401 EXPECT_TRUE(tab->GetTabTitle(&tab_title)); 409 EXPECT_TRUE(tab->GetTabTitle(&tab_title));
402 EXPECT_EQ(L"chrome://theme/ is not available", tab_title); 410 EXPECT_EQ(L"chrome://theme/ is not available", tab_title);
403 } 411 }
404 412
405 } // namespace 413 } // namespace
OLDNEW
« no previous file with comments | « chrome/renderer/chrome_content_renderer_client.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698