content/browser/frame_host/render_frame_host_manager_browsertest.cc - Issue 1887553002: Make sure binding security checks don't pass if the frame is remote.

Side by Side Diff: content/browser/frame_host/render_frame_host_manager_browsertest.cc

Issue 1887553002: Make sure binding security checks don't pass if the frame is remote. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: . Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6 #include <stdint.h>	6 #include <stdint.h>

7	7

8 #include <set>	8 #include <set>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
45 #include "content/public/test/content_browser_test.h"	45 #include "content/public/test/content_browser_test.h"

46 #include "content/public/test/content_browser_test_utils.h"	46 #include "content/public/test/content_browser_test_utils.h"

47 #include "content/public/test/test_navigation_observer.h"	47 #include "content/public/test/test_navigation_observer.h"

48 #include "content/public/test/test_utils.h"	48 #include "content/public/test/test_utils.h"

49 #include "content/shell/browser/shell.h"	49 #include "content/shell/browser/shell.h"

50 #include "content/test/content_browser_test_utils_internal.h"	50 #include "content/test/content_browser_test_utils_internal.h"

51 #include "content/test/test_frame_navigation_observer.h"	51 #include "content/test/test_frame_navigation_observer.h"

52 #include "net/dns/mock_host_resolver.h"	52 #include "net/dns/mock_host_resolver.h"

53 #include "net/test/embedded_test_server/embedded_test_server.h"	53 #include "net/test/embedded_test_server/embedded_test_server.h"

54 #include "net/test/embedded_test_server/request_handler_util.h"	54 #include "net/test/embedded_test_server/request_handler_util.h"

	55 #include "testing/gmock/include/gmock/gmock-matchers.h"

55	56

56 using base::ASCIIToUTF16;	57 using base::ASCIIToUTF16;

57	58

58 namespace content {	59 namespace content {

59	60

60 namespace {	61 namespace {

61	62

62 const char kOpenUrlViaClickTargetFunc[] =	63 const char kOpenUrlViaClickTargetFunc[] =

63 "(function(url) {\n"	64 "(function(url) {\n"

64 " var lnk = document.createElement(\"a\");\n"	65 " var lnk = document.createElement(\"a\");\n"

(...skipping 2545 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2610 EXPECT_TRUE(ExecuteScriptAndExtractString(	2611 EXPECT_TRUE(ExecuteScriptAndExtractString(

2611 new_shell->web_contents(),	2612 new_shell->web_contents(),

2612 "domAutomationController.send(document.origin)", &origin));	2613 "domAutomationController.send(document.origin)", &origin));

2613 EXPECT_EQ("null", origin);	2614 EXPECT_EQ("null", origin);

2614 };	2615 };

2615	2616

2616 click_link_and_verify_popup("clickNoOpenerTargetBlankLink()");	2617 click_link_and_verify_popup("clickNoOpenerTargetBlankLink()");

2617 click_link_and_verify_popup("clickNoRefTargetBlankLink()");	2618 click_link_and_verify_popup("clickNoRefTargetBlankLink()");

2618 }	2619 }

2619	2620

	2621

	2622 // When two frames are same-origin but cross-process; they should behave as if
	Charlie Reis 2016/04/13 06:18:32 nit: Comma rather than semicolon. nit: Comma rather than semicolon. dcheng 2016/04/13 06:33:30 Done. Show quoted text On 2016/04/13 at 06:18:32, Charlie Reis wrote: > nit: Comma rather than semicolon. Done.
	2623 // they are not same-origin, and should not crash.

	2624 IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,

	2625 SameOriginFramesInDifferentProcesses) {

	2626 StartEmbeddedServer();

	2627

	2628 // Load a page with links that open in a new window.

	2629 NavigateToURL(shell(), embedded_test_server()->GetURL(

	2630 "a.com", "/click-noreferrer-links.html"));

	2631

	2632 // Get the original SiteInstance for later comparison.

	2633 scoped_refptr<SiteInstance> orig_site_instance(

	2634 shell()->web_contents()->GetSiteInstance());

	2635 EXPECT_TRUE(orig_site_instance.get() != NULL);
	Charlie Reis 2016/04/13 06:18:33 nit: nullptr nit: nullptr dcheng 2016/04/13 06:33:30 Changed this EXPECT_NE as well. Show quoted text On 2016/04/13 at 06:18:33, Charlie Reis wrote: > nit: nullptr Changed this EXPECT_NE as well.
	2636

	2637 // Test clicking a target=foo link.

	2638 ShellAddedObserver new_shell_observer;

	2639 bool success = false;

	2640 EXPECT_TRUE(ExecuteScriptAndExtractBool(

	2641 shell()->web_contents(),

	2642 "window.domAutomationController.send(clickSameSiteTargetedLink());"

	2643 "saveWindowReference();",

	2644 &success));

	2645 EXPECT_TRUE(success);

	2646 Shell* new_shell = new_shell_observer.GetShell();

	2647

	2648 // Wait for the navigation in the new tab to finish, if it hasn't.

	2649 WaitForLoadStop(new_shell->web_contents());

	2650 EXPECT_EQ("/navigate_opener.html",

	2651 new_shell->web_contents()->GetLastCommittedURL().path());

	2652

	2653 // Clear the opener.
	Charlie Reis 2016/04/13 06:18:33 This block is unnecessary, given how the test work This block is unnecessary, given how the test works. It only matters when doing a window.open() (to about:blank) and then doing a renderer-initiated cross-site navigation. Instead, this test is doing a browser-initiated cross-site navigation on line 2662, which will go cross process whether the opener is null or not. dcheng 2016/04/13 06:33:48 Done. Show quoted text On 2016/04/13 at 06:18:33, Charlie Reis wrote: > This block is unnecessary, given how the test works. > > It only matters when doing a window.open() (to about:blank) and then doing a renderer-initiated cross-site navigation. Instead, this test is doing a browser-initiated cross-site navigation on line 2662, which will go cross process whether the opener is null or not. Done.
	2654 EXPECT_TRUE(ExecuteScriptAndExtractBool(

	2655 new_shell->web_contents(),

	2656 "window.opener = null;"

	2657 "window.domAutomationController.send(window.opener == null)",

	2658 &success));

	2659 EXPECT_TRUE(success);

	2660

	2661 // Do a cross-site navigation that winds up same-site
	Charlie Reis 2016/04/13 06:18:33 nit: End with period, and mention that it ends up nit: End with period, and mention that it ends up in a different process. dcheng 2016/04/13 06:33:30 Done. Show quoted text On 2016/04/13 at 06:18:33, Charlie Reis wrote: > nit: End with period, and mention that it ends up in a different process. Done.
	2662 NavigateToURL(new_shell, embedded_test_server()->GetURL(

	2663 "b.com", "/cross-site/a.com/title1.html"));

	2664 EXPECT_NE(shell()->web_contents()->GetSiteInstance(),

	2665 new_shell->web_contents()->GetSiteInstance());

	2666

	2667 // Now navigate the new tab to a different site.
	Charlie Reis 2016/04/13 06:18:33 Looks like a stale comment? Looks like a stale comment? dcheng 2016/04/13 06:33:30 Done. Show quoted text On 2016/04/13 at 06:18:33, Charlie Reis wrote: > Looks like a stale comment? Done.
	2668 std::string result;

	2669 EXPECT_TRUE(ExecuteScriptAndExtractString(

	2670 shell()->web_contents(),

	2671 "window.domAutomationController.send((function() {\n"

	2672 " try {\n"

	2673 " getLastOpenedWindowLocation();\n"

	2674 " } catch (e) {\n"

	2675 " return e.toString();\n"

	2676 " }\n"

	2677 "})())",

	2678 &result));

	2679 EXPECT_THAT(result,

	2680 ::testing::MatchesRegex("SecurityError: Blocked a frame with "

	2681 "origin \"http://a.com:\\d+\" from "

	2682 "accessing a cross-origin frame."));

	2683 }

	2684

2620 } // namespace content	2685 } // namespace content

OLD	NEW