| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_per_process_browsertest.h" | 5 #include "content/browser/site_per_process_browsertest.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 #include "content/browser/web_contents/web_contents_impl.h" | 33 #include "content/browser/web_contents/web_contents_impl.h" |
| 34 #include "content/common/frame_messages.h" | 34 #include "content/common/frame_messages.h" |
| 35 #include "content/common/input/synthetic_tap_gesture_params.h" | 35 #include "content/common/input/synthetic_tap_gesture_params.h" |
| 36 #include "content/common/view_messages.h" | 36 #include "content/common/view_messages.h" |
| 37 #include "content/public/browser/notification_observer.h" | 37 #include "content/public/browser/notification_observer.h" |
| 38 #include "content/public/browser/notification_service.h" | 38 #include "content/public/browser/notification_service.h" |
| 39 #include "content/public/browser/notification_types.h" | 39 #include "content/public/browser/notification_types.h" |
| 40 #include "content/public/browser/resource_dispatcher_host.h" | 40 #include "content/public/browser/resource_dispatcher_host.h" |
| 41 #include "content/public/common/browser_side_navigation_policy.h" | 41 #include "content/public/common/browser_side_navigation_policy.h" |
| 42 #include "content/public/common/content_switches.h" | 42 #include "content/public/common/content_switches.h" |
| 43 #include "content/public/common/url_constants.h" |
| 43 #include "content/public/test/browser_test_utils.h" | 44 #include "content/public/test/browser_test_utils.h" |
| 44 #include "content/public/test/content_browser_test_utils.h" | 45 #include "content/public/test/content_browser_test_utils.h" |
| 45 #include "content/public/test/test_navigation_observer.h" | 46 #include "content/public/test/test_navigation_observer.h" |
| 46 #include "content/public/test/test_utils.h" | 47 #include "content/public/test/test_utils.h" |
| 47 #include "content/shell/browser/shell.h" | 48 #include "content/shell/browser/shell.h" |
| 48 #include "content/test/content_browser_test_utils_internal.h" | 49 #include "content/test/content_browser_test_utils_internal.h" |
| 49 #include "content/test/test_frame_navigation_observer.h" | 50 #include "content/test/test_frame_navigation_observer.h" |
| 50 #include "ipc/ipc_security_test_util.h" | 51 #include "ipc/ipc_security_test_util.h" |
| 51 #include "net/dns/mock_host_resolver.h" | 52 #include "net/dns/mock_host_resolver.h" |
| 52 #include "net/test/embedded_test_server/embedded_test_server.h" | 53 #include "net/test/embedded_test_server/embedded_test_server.h" |
| (...skipping 3607 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3660 // we can't check the opener's location as above since it's cross-origin. | 3661 // we can't check the opener's location as above since it's cross-origin. |
| 3661 bool success = false; | 3662 bool success = false; |
| 3662 EXPECT_TRUE(ExecuteScriptAndExtractBool( | 3663 EXPECT_TRUE(ExecuteScriptAndExtractBool( |
| 3663 cross_site_popup_root->current_frame_host(), | 3664 cross_site_popup_root->current_frame_host(), |
| 3664 "window.domAutomationController.send(" | 3665 "window.domAutomationController.send(" |
| 3665 " window.opener === window.opener.top.frames[0]);", | 3666 " window.opener === window.opener.top.frames[0]);", |
| 3666 &success)); | 3667 &success)); |
| 3667 EXPECT_TRUE(success); | 3668 EXPECT_TRUE(success); |
| 3668 } | 3669 } |
| 3669 | 3670 |
| 3671 // Test that cross-process popups can't be navigated to disallowed URLs by |
| 3672 // their opener. This ensures that proper URL validation is performed when |
| 3673 // RenderFrameProxyHosts are navigated. See https://crbug.com/595339. |
| 3674 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, NavigatePopupToIllegalURL) { |
| 3675 GURL main_url(embedded_test_server()->GetURL("a.com", "/title1.html")); |
| 3676 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| 3677 |
| 3678 // Open a cross-site popup. |
| 3679 GURL popup_url(embedded_test_server()->GetURL("b.com", "/title2.html")); |
| 3680 Shell* popup = OpenPopup(shell()->web_contents(), popup_url, "foo"); |
| 3681 EXPECT_TRUE(popup); |
| 3682 EXPECT_NE(popup->web_contents()->GetSiteInstance(), |
| 3683 shell()->web_contents()->GetSiteInstance()); |
| 3684 |
| 3685 // From the opener, navigate the popup to a file:/// URL. This should be |
| 3686 // disallowed and result in an about:blank navigation. |
| 3687 GURL file_url("file:///"); |
| 3688 NavigateNamedFrame(shell()->web_contents(), file_url, "foo"); |
| 3689 EXPECT_TRUE(WaitForLoadStop(popup->web_contents())); |
| 3690 EXPECT_EQ(GURL(url::kAboutBlankURL), |
| 3691 popup->web_contents()->GetLastCommittedURL()); |
| 3692 |
| 3693 // Navigate popup back to a cross-site URL. |
| 3694 EXPECT_TRUE(NavigateToURL(popup, popup_url)); |
| 3695 EXPECT_NE(popup->web_contents()->GetSiteInstance(), |
| 3696 shell()->web_contents()->GetSiteInstance()); |
| 3697 |
| 3698 // Now try the same test with a chrome:// URL. |
| 3699 GURL chrome_url(std::string(kChromeUIScheme) + "://" + |
| 3700 std::string(kChromeUIGpuHost)); |
| 3701 NavigateNamedFrame(shell()->web_contents(), chrome_url, "foo"); |
| 3702 EXPECT_TRUE(WaitForLoadStop(popup->web_contents())); |
| 3703 EXPECT_EQ(GURL(url::kAboutBlankURL), |
| 3704 popup->web_contents()->GetLastCommittedURL()); |
| 3705 } |
| 3706 |
| 3670 // Verify that named frames are discoverable from their opener's ancestors. | 3707 // Verify that named frames are discoverable from their opener's ancestors. |
| 3671 // See https://crbug.com/511474. | 3708 // See https://crbug.com/511474. |
| 3672 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, | 3709 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, |
| 3673 DiscoverNamedFrameFromAncestorOfOpener) { | 3710 DiscoverNamedFrameFromAncestorOfOpener) { |
| 3674 GURL main_url( | 3711 GURL main_url( |
| 3675 embedded_test_server()->GetURL("a.com", "/site_per_process_main.html")); | 3712 embedded_test_server()->GetURL("a.com", "/site_per_process_main.html")); |
| 3676 NavigateToURL(shell(), main_url); | 3713 NavigateToURL(shell(), main_url); |
| 3677 | 3714 |
| 3678 // It is safe to obtain the root frame tree node here, as it doesn't change. | 3715 // It is safe to obtain the root frame tree node here, as it doesn't change. |
| 3679 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) | 3716 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) |
| (...skipping 2191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5871 script.c_str(), &root_value)); | 5908 script.c_str(), &root_value)); |
| 5872 | 5909 |
| 5873 EXPECT_TRUE(ExecuteScriptAndExtractInt(child->current_frame_host(), | 5910 EXPECT_TRUE(ExecuteScriptAndExtractInt(child->current_frame_host(), |
| 5874 script.c_str(), &child_value)); | 5911 script.c_str(), &child_value)); |
| 5875 | 5912 |
| 5876 EXPECT_EQ(root_value, child_value); | 5913 EXPECT_EQ(root_value, child_value); |
| 5877 } | 5914 } |
| 5878 } | 5915 } |
| 5879 | 5916 |
| 5880 } // namespace content | 5917 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1812723002:
Add URL validation to navigations initiated via RenderFrameProxyHosts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master