Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(423)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/navigator_impl_unittest.cc

Issue 1738233002: Disallow was_within_same_page = true for a cross-process navigation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address comments Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/frame_host/navigator_impl.cc ('k') | content/test/test_render_frame_host.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdint.h> 5 #include <stdint.h>
6 6
7 #include "base/macros.h" 7 #include "base/macros.h"
8 #include "base/time/time.h" 8 #include "base/time/time.h"
9 #include "build/build_config.h" 9 #include "build/build_config.h"
10 #include "content/browser/frame_host/navigation_controller_impl.h" 10 #include "content/browser/frame_host/navigation_controller_impl.h"
(...skipping 1128 matching lines...) Expand 10 before | Expand all | Expand 10 after
1139 converted_instance_1->GetSiteURL()); 1139 converted_instance_1->GetSiteURL());
1140 1140
1141 SiteInstance* converted_instance_2 = 1141 SiteInstance* converted_instance_2 =
1142 ConvertToSiteInstance(rfhm, descriptor, unrelated_instance.get()); 1142 ConvertToSiteInstance(rfhm, descriptor, unrelated_instance.get());
1143 // Should return |unrelated_instance| because its site matches and it is 1143 // Should return |unrelated_instance| because its site matches and it is
1144 // unrelated to the current SiteInstance. 1144 // unrelated to the current SiteInstance.
1145 EXPECT_EQ(unrelated_instance.get(), converted_instance_2); 1145 EXPECT_EQ(unrelated_instance.get(), converted_instance_2);
1146 } 1146 }
1147 } 1147 }
1148 1148
1149 namespace {
1150 void SetWithinPage(const GURL& url,
1151 FrameHostMsg_DidCommitProvisionalLoad_Params* params) {
1152 params->was_within_same_page = true;
1153 params->url = url;
1154 }
1155 }
1156
1157 // A renderer process might try and claim that a cross site navigation was
1158 // within the same page by setting was_within_same_page = true for
1159 // FrameHostMsg_DidCommitProvisionalLoad. Such case should be detected on the
1160 // browser side and the renderer process should be killed.
1161 TEST_F(NavigatorTestWithBrowserSideNavigation, CrossSiteClaimWithinPage) {
1162 const GURL kUrl1("http://www.chromium.org/");
1163 const GURL kUrl2("http://www.google.com/");
1164
1165 contents()->NavigateAndCommit(kUrl1);
1166 FrameTreeNode* node = main_test_rfh()->frame_tree_node();
1167
1168 // Navigate to a different site.
1169 int entry_id = RequestNavigation(node, kUrl2);
1170 main_test_rfh()->PrepareForCommit();
1171
1172 // Claim that the navigation was within same page.
1173 int bad_msg_count = process()->bad_msg_count();
1174 GetSpeculativeRenderFrameHost(node)->SendNavigateWithModificationCallback(
1175 0, entry_id, true, kUrl2, base::Bind(SetWithinPage, kUrl1));
1176 EXPECT_EQ(process()->bad_msg_count(), bad_msg_count + 1);
1177 }
1178
1149 } // namespace content 1179 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/frame_host/navigator_impl.cc ('k') | content/test/test_render_frame_host.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698