| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_per_process_browsertest.h" | 5 #include "content/browser/site_per_process_browsertest.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 #include "content/browser/renderer_host/render_widget_host_input_event_router.h" | 30 #include "content/browser/renderer_host/render_widget_host_input_event_router.h" |
| 31 #include "content/browser/web_contents/web_contents_impl.h" | 31 #include "content/browser/web_contents/web_contents_impl.h" |
| 32 #include "content/common/frame_messages.h" | 32 #include "content/common/frame_messages.h" |
| 33 #include "content/common/view_messages.h" | 33 #include "content/common/view_messages.h" |
| 34 #include "content/public/browser/notification_observer.h" | 34 #include "content/public/browser/notification_observer.h" |
| 35 #include "content/public/browser/notification_service.h" | 35 #include "content/public/browser/notification_service.h" |
| 36 #include "content/public/browser/notification_types.h" | 36 #include "content/public/browser/notification_types.h" |
| 37 #include "content/public/browser/resource_dispatcher_host.h" | 37 #include "content/public/browser/resource_dispatcher_host.h" |
| 38 #include "content/public/common/browser_side_navigation_policy.h" | 38 #include "content/public/common/browser_side_navigation_policy.h" |
| 39 #include "content/public/common/content_switches.h" | 39 #include "content/public/common/content_switches.h" |
| 40 #include "content/public/common/url_constants.h" |
| 40 #include "content/public/test/browser_test_utils.h" | 41 #include "content/public/test/browser_test_utils.h" |
| 41 #include "content/public/test/content_browser_test_utils.h" | 42 #include "content/public/test/content_browser_test_utils.h" |
| 42 #include "content/public/test/test_navigation_observer.h" | 43 #include "content/public/test/test_navigation_observer.h" |
| 43 #include "content/public/test/test_utils.h" | 44 #include "content/public/test/test_utils.h" |
| 44 #include "content/shell/browser/shell.h" | 45 #include "content/shell/browser/shell.h" |
| 45 #include "content/test/content_browser_test_utils_internal.h" | 46 #include "content/test/content_browser_test_utils_internal.h" |
| 46 #include "content/test/test_frame_navigation_observer.h" | 47 #include "content/test/test_frame_navigation_observer.h" |
| 47 #include "ipc/ipc_security_test_util.h" | 48 #include "ipc/ipc_security_test_util.h" |
| 48 #include "net/dns/mock_host_resolver.h" | 49 #include "net/dns/mock_host_resolver.h" |
| 49 #include "net/test/embedded_test_server/embedded_test_server.h" | 50 #include "net/test/embedded_test_server/embedded_test_server.h" |
| (...skipping 3502 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3552 // we can't check the opener's location as above since it's cross-origin. | 3553 // we can't check the opener's location as above since it's cross-origin. |
| 3553 bool success = false; | 3554 bool success = false; |
| 3554 EXPECT_TRUE(ExecuteScriptAndExtractBool( | 3555 EXPECT_TRUE(ExecuteScriptAndExtractBool( |
| 3555 cross_site_popup_root->current_frame_host(), | 3556 cross_site_popup_root->current_frame_host(), |
| 3556 "window.domAutomationController.send(" | 3557 "window.domAutomationController.send(" |
| 3557 " window.opener === window.opener.top.frames[0]);", | 3558 " window.opener === window.opener.top.frames[0]);", |
| 3558 &success)); | 3559 &success)); |
| 3559 EXPECT_TRUE(success); | 3560 EXPECT_TRUE(success); |
| 3560 } | 3561 } |
| 3561 | 3562 |
| 3563 // Test that cross-process popups can't be navigated to disallowed URLs by |
| 3564 // their opener. This ensures that proper URL validation is performed when |
| 3565 // RenderFrameProxyHosts are navigated. See https://crbug.com/595339. |
| 3566 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, NavigatePopupToIllegalURL) { |
| 3567 GURL main_url(embedded_test_server()->GetURL("a.com", "/title1.html")); |
| 3568 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| 3569 |
| 3570 // Open a cross-site popup. |
| 3571 GURL popup_url(embedded_test_server()->GetURL("b.com", "/title2.html")); |
| 3572 Shell* popup = OpenPopup(shell()->web_contents(), popup_url, "foo"); |
| 3573 EXPECT_TRUE(popup); |
| 3574 EXPECT_NE(popup->web_contents()->GetSiteInstance(), |
| 3575 shell()->web_contents()->GetSiteInstance()); |
| 3576 |
| 3577 // From the opener, navigate the popup to a file:/// URL. This should be |
| 3578 // disallowed and result in an about:blank navigation. |
| 3579 GURL file_url("file:///"); |
| 3580 NavigateNamedFrame(shell()->web_contents(), file_url, "foo"); |
| 3581 EXPECT_TRUE(WaitForLoadStop(popup->web_contents())); |
| 3582 EXPECT_EQ(GURL(url::kAboutBlankURL), |
| 3583 popup->web_contents()->GetLastCommittedURL()); |
| 3584 |
| 3585 // Navigate popup back to a cross-site URL. |
| 3586 EXPECT_TRUE(NavigateToURL(popup, popup_url)); |
| 3587 EXPECT_NE(popup->web_contents()->GetSiteInstance(), |
| 3588 shell()->web_contents()->GetSiteInstance()); |
| 3589 |
| 3590 // Now try the same test with a chrome:// URL. |
| 3591 GURL chrome_url(std::string(kChromeUIScheme) + "://" + |
| 3592 std::string(kChromeUIGpuHost)); |
| 3593 NavigateNamedFrame(shell()->web_contents(), chrome_url, "foo"); |
| 3594 EXPECT_TRUE(WaitForLoadStop(popup->web_contents())); |
| 3595 EXPECT_EQ(GURL(url::kAboutBlankURL), |
| 3596 popup->web_contents()->GetLastCommittedURL()); |
| 3597 } |
| 3598 |
| 3562 // Verify that named frames are discoverable from their opener's ancestors. | 3599 // Verify that named frames are discoverable from their opener's ancestors. |
| 3563 // See https://crbug.com/511474. | 3600 // See https://crbug.com/511474. |
| 3564 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, | 3601 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, |
| 3565 DiscoverNamedFrameFromAncestorOfOpener) { | 3602 DiscoverNamedFrameFromAncestorOfOpener) { |
| 3566 GURL main_url( | 3603 GURL main_url( |
| 3567 embedded_test_server()->GetURL("a.com", "/site_per_process_main.html")); | 3604 embedded_test_server()->GetURL("a.com", "/site_per_process_main.html")); |
| 3568 NavigateToURL(shell(), main_url); | 3605 NavigateToURL(shell(), main_url); |
| 3569 | 3606 |
| 3570 // It is safe to obtain the root frame tree node here, as it doesn't change. | 3607 // It is safe to obtain the root frame tree node here, as it doesn't change. |
| 3571 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) | 3608 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) |
| (...skipping 1772 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5344 | 5381 |
| 5345 // Force the renderer to generate a new frame. | 5382 // Force the renderer to generate a new frame. |
| 5346 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | 5383 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), |
| 5347 "document.body.style.background = 'black'")); | 5384 "document.body.style.background = 'black'")); |
| 5348 | 5385 |
| 5349 // Waits for the next frame. | 5386 // Waits for the next frame. |
| 5350 observer->Wait(); | 5387 observer->Wait(); |
| 5351 } | 5388 } |
| 5352 | 5389 |
| 5353 } // namespace content | 5390 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1821043005:
Add URL validation to navigations initiated via RenderFrameProxyHosts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2661