Index: content/browser/renderer_host/render_view_host_manager_browsertest.cc |
diff --git a/content/browser/renderer_host/render_view_host_manager_browsertest.cc b/content/browser/renderer_host/render_view_host_manager_browsertest.cc |
index a2ce269c8339e966c66662b60691dffa1251143e..20275f1be5bca51c5d4e79a60fa2b8a71db24577 100644 |
--- a/content/browser/renderer_host/render_view_host_manager_browsertest.cc |
+++ b/content/browser/renderer_host/render_view_host_manager_browsertest.cc |
@@ -879,6 +879,92 @@ IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, ClickLinkAfter204Error) { |
EXPECT_EQ(orig_site_instance, noref_site_instance); |
} |
+// Test for crbug.com/9682. We should show the URL for a pending renderer- |
+// initiated navigation in a new tab, until the content of the initial |
+// about:blank page is modified by another window. At that point, we should |
+// revert to showing about:blank to prevent a URL spoof. |
+IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, ShowLoadingURLUntilSpoof) { |
+ ASSERT_TRUE(test_server()->Start()); |
+ |
+ // Load a page that can open a URL that won't commit in a new window. |
+ NavigateToURL( |
+ shell(), test_server()->GetURL("files/click-nocontent-link.html")); |
+ WebContents* orig_contents = shell()->web_contents(); |
+ |
+ // Click a /nocontent link that opens in a new window but never commits. |
+ ShellAddedObserver new_shell_observer; |
+ bool success = false; |
+ EXPECT_TRUE(ExecuteScriptAndExtractBool( |
+ orig_contents, |
+ "window.domAutomationController.send(clickNoContentTargetedLink());", |
+ &success)); |
+ EXPECT_TRUE(success); |
+ |
+ // Wait for the window to open. |
+ Shell* new_shell = new_shell_observer.GetShell(); |
+ |
+ // Ensure the destination URL is visible, because it is considered the |
+ // initial navigation. |
+ WebContents* contents = new_shell->web_contents(); |
+ EXPECT_TRUE(contents->GetController().IsInitialNavigation()); |
+ EXPECT_EQ("/nocontent", |
+ contents->GetController().GetVisibleEntry()->GetURL().path()); |
+ |
+ // Now modify the contents of the new window from the opener. This will also |
+ // modify the title of the document to give us something to listen for. |
+ WindowedNotificationObserver title_observer( |
+ NOTIFICATION_WEB_CONTENTS_TITLE_UPDATED, |
+ Source<WebContents>(contents)); |
+ success = false; |
+ EXPECT_TRUE(ExecuteScriptAndExtractBool( |
+ orig_contents, |
+ "window.domAutomationController.send(modifyNewWindow());", |
+ &success)); |
+ EXPECT_TRUE(success); |
+ title_observer.Wait(); |
+ EXPECT_EQ(ASCIIToUTF16("Modified Title"), contents->GetTitle()); |
+ |
+ // At this point, we should no longer be showing the destination URL. |
+ // The visible entry should be null, resulting in about:blank in the address |
+ // bar. |
+ EXPECT_FALSE(contents->GetController().GetVisibleEntry()); |
+} |
+ |
+// Test for crbug.com/9682. We should not show the URL for a pending renderer- |
+// initiated navigation in a new tab if it is not the initial navigation. In |
+// this case, the renderer will not notify us of a modification, so we cannot |
+// show the pending URL without allowing a spoof. |
+IN_PROC_BROWSER_TEST_F(RenderViewHostManagerTest, |
+ DontShowLoadingURLIfNotInitialNav) { |
+ ASSERT_TRUE(test_server()->Start()); |
+ |
+ // Load a page that can open a URL that won't commit in a new window. |
+ NavigateToURL( |
+ shell(), test_server()->GetURL("files/click-nocontent-link.html")); |
+ WebContents* orig_contents = shell()->web_contents(); |
+ |
+ // Click a /nocontent link that opens in a new window but never commits. |
+ // By using an onclick handler that first creates the window, the slow |
+ // navigation is not considered an initial navigation. |
+ ShellAddedObserver new_shell_observer; |
+ bool success = false; |
+ EXPECT_TRUE(ExecuteScriptAndExtractBool( |
+ orig_contents, |
+ "window.domAutomationController.send(" |
+ "clickNoContentScriptedTargetedLink());", |
+ &success)); |
+ EXPECT_TRUE(success); |
+ |
+ // Wait for the window to open. |
+ Shell* new_shell = new_shell_observer.GetShell(); |
+ |
+ // Ensure the destination URL is not visible, because it is not the initial |
+ // navigation. |
+ WebContents* contents = new_shell->web_contents(); |
+ EXPECT_FALSE(contents->GetController().IsInitialNavigation()); |
+ EXPECT_FALSE(contents->GetController().GetVisibleEntry()); |
+} |
+ |
// Test for http://crbug.com/93427. Ensure that cross-site navigations |
// do not cause back/forward navigations to be considered stale by the |
// renderer. |