OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | 5 #include <stdint.h> |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/time/time.h" | 8 #include "base/time/time.h" |
9 #include "build/build_config.h" | 9 #include "build/build_config.h" |
10 #include "content/browser/frame_host/navigation_controller_impl.h" | 10 #include "content/browser/frame_host/navigation_controller_impl.h" |
(...skipping 1128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1139 converted_instance_1->GetSiteURL()); | 1139 converted_instance_1->GetSiteURL()); |
1140 | 1140 |
1141 SiteInstance* converted_instance_2 = | 1141 SiteInstance* converted_instance_2 = |
1142 ConvertToSiteInstance(rfhm, descriptor, unrelated_instance.get()); | 1142 ConvertToSiteInstance(rfhm, descriptor, unrelated_instance.get()); |
1143 // Should return |unrelated_instance| because its site matches and it is | 1143 // Should return |unrelated_instance| because its site matches and it is |
1144 // unrelated to the current SiteInstance. | 1144 // unrelated to the current SiteInstance. |
1145 EXPECT_EQ(unrelated_instance.get(), converted_instance_2); | 1145 EXPECT_EQ(unrelated_instance.get(), converted_instance_2); |
1146 } | 1146 } |
1147 } | 1147 } |
1148 | 1148 |
| 1149 namespace { |
| 1150 void SetWithinPage(const GURL& url, |
| 1151 FrameHostMsg_DidCommitProvisionalLoad_Params* params) { |
| 1152 params->was_within_same_page = true; |
| 1153 params->url = url; |
| 1154 } |
| 1155 } |
| 1156 |
| 1157 // A renderer process might try and claim that a cross site navigation was |
| 1158 // within the same page by setting was_within_same_page = true for |
| 1159 // FrameHostMsg_DidCommitProvisionalLoad. Such case should be detected on the |
| 1160 // browser side and the renderer process should be killed. |
| 1161 TEST_F(NavigatorTestWithBrowserSideNavigation, CrossSiteClaimWithinPage) { |
| 1162 const GURL kUrl1("http://www.chromium.org/"); |
| 1163 const GURL kUrl2("http://www.google.com/"); |
| 1164 |
| 1165 contents()->NavigateAndCommit(kUrl1); |
| 1166 FrameTreeNode* node = main_test_rfh()->frame_tree_node(); |
| 1167 |
| 1168 // Navigate to a different site. |
| 1169 int entry_id = RequestNavigation(node, kUrl2); |
| 1170 main_test_rfh()->PrepareForCommit(); |
| 1171 |
| 1172 // Claim that the navigation was within same page. |
| 1173 int bad_msg_count = process()->bad_msg_count(); |
| 1174 GetSpeculativeRenderFrameHost(node)->SendNavigateWithModificationCallback( |
| 1175 0, entry_id, true, kUrl2, base::Bind(SetWithinPage, kUrl1)); |
| 1176 EXPECT_EQ(process()->bad_msg_count(), bad_msg_count + 1); |
| 1177 } |
| 1178 |
1149 } // namespace content | 1179 } // namespace content |
OLD | NEW |