content/browser/frame_host/render_frame_host_manager_browsertest.cc - Issue 1887553002: Make sure binding security checks don't pass if the frame is remote.

Side by Side Diff: content/browser/frame_host/render_frame_host_manager_browsertest.cc

Issue 1887553002: Make sure binding security checks don't pass if the frame is remote. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Test fixes for --site-per-process and more periods. Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6 #include <stdint.h>	6 #include <stdint.h>

7	7

8 #include <set>	8 #include <set>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
45 #include "content/public/test/content_browser_test.h"	45 #include "content/public/test/content_browser_test.h"

46 #include "content/public/test/content_browser_test_utils.h"	46 #include "content/public/test/content_browser_test_utils.h"

47 #include "content/public/test/test_navigation_observer.h"	47 #include "content/public/test/test_navigation_observer.h"

48 #include "content/public/test/test_utils.h"	48 #include "content/public/test/test_utils.h"

49 #include "content/shell/browser/shell.h"	49 #include "content/shell/browser/shell.h"

50 #include "content/test/content_browser_test_utils_internal.h"	50 #include "content/test/content_browser_test_utils_internal.h"

51 #include "content/test/test_frame_navigation_observer.h"	51 #include "content/test/test_frame_navigation_observer.h"

52 #include "net/dns/mock_host_resolver.h"	52 #include "net/dns/mock_host_resolver.h"

53 #include "net/test/embedded_test_server/embedded_test_server.h"	53 #include "net/test/embedded_test_server/embedded_test_server.h"

54 #include "net/test/embedded_test_server/request_handler_util.h"	54 #include "net/test/embedded_test_server/request_handler_util.h"

	55 #include "testing/gmock/include/gmock/gmock-matchers.h"

55	56

56 using base::ASCIIToUTF16;	57 using base::ASCIIToUTF16;

57	58

58 namespace content {	59 namespace content {

59	60

60 namespace {	61 namespace {

61	62

62 const char kOpenUrlViaClickTargetFunc[] =	63 const char kOpenUrlViaClickTargetFunc[] =

63 "(function(url) {\n"	64 "(function(url) {\n"

64 " var lnk = document.createElement(\"a\");\n"	65 " var lnk = document.createElement(\"a\");\n"

(...skipping 2545 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2610 EXPECT_TRUE(ExecuteScriptAndExtractString(	2611 EXPECT_TRUE(ExecuteScriptAndExtractString(

2611 new_shell->web_contents(),	2612 new_shell->web_contents(),

2612 "domAutomationController.send(document.origin)", &origin));	2613 "domAutomationController.send(document.origin)", &origin));

2613 EXPECT_EQ("null", origin);	2614 EXPECT_EQ("null", origin);

2614 };	2615 };

2615	2616

2616 click_link_and_verify_popup("clickNoOpenerTargetBlankLink()");	2617 click_link_and_verify_popup("clickNoOpenerTargetBlankLink()");

2617 click_link_and_verify_popup("clickNoRefTargetBlankLink()");	2618 click_link_and_verify_popup("clickNoRefTargetBlankLink()");

2618 }	2619 }

2619	2620

	2621 // When two frames are same-origin but cross-process, they should behave as if

	2622 // they are not same-origin and should not crash.

	2623 IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,

	2624 SameOriginFramesInDifferentProcesses) {

	2625 StartEmbeddedServer();

	2626

	2627 // Load a page with links that open in a new window.

	2628 NavigateToURL(shell(), embedded_test_server()->GetURL(

	2629 "a.com", "/click-noreferrer-links.html"));

	2630

	2631 // Get the original SiteInstance for later comparison.

	2632 scoped_refptr<SiteInstance> orig_site_instance(

	2633 shell()->web_contents()->GetSiteInstance());

	2634 EXPECT_NE(nullptr, orig_site_instance.get());

	2635

	2636 // Test clicking a target=foo link.

	2637 ShellAddedObserver new_shell_observer;

	2638 bool success = false;

	2639 EXPECT_TRUE(ExecuteScriptAndExtractBool(

	2640 shell()->web_contents(),

	2641 "window.domAutomationController.send(clickSameSiteTargetedLink());"

	2642 "saveWindowReference();",

	2643 &success));

	2644 EXPECT_TRUE(success);

	2645 Shell* new_shell = new_shell_observer.GetShell();

	2646

	2647 // Wait for the navigation in the new tab to finish, if it hasn't.

	2648 WaitForLoadStop(new_shell->web_contents());

	2649 EXPECT_EQ("/navigate_opener.html",

	2650 new_shell->web_contents()->GetLastCommittedURL().path());

	2651

	2652 // Do a cross-site navigation that winds up same-site. The same-site

	2653 // navigation to a.com will commit in a different process than the original

	2654 // a.com window.

	2655 NavigateToURL(new_shell, embedded_test_server()->GetURL(

	2656 "b.com", "/cross-site/a.com/title1.html"));

	2657 if (AreAllSitesIsolatedForTesting()) {

	2658 EXPECT_EQ(shell()->web_contents()->GetSiteInstance(),

	2659 new_shell->web_contents()->GetSiteInstance());

	2660 } else {

	2661 EXPECT_NE(shell()->web_contents()->GetSiteInstance(),

	2662 new_shell->web_contents()->GetSiteInstance());

	2663 }

	2664

	2665 // Accessing a property with normal security checks should throw a

	2666 // SecurityError.
	Charlie Reis 2016/04/13 17:43:25 nit: , unless we're in --site-per-process mode. ( nit: , unless we're in --site-per-process mode. (Or just move this comment into the else branch below.) dcheng 2016/04/13 18:07:03 Done. Show quoted text On 2016/04/13 at 17:43:25, Charlie Reis wrote: > nit: , unless we're in --site-per-process mode. > > (Or just move this comment into the else branch below.) Done.
	2667 std::string result;

	2668 EXPECT_TRUE(ExecuteScriptAndExtractString(

	2669 shell()->web_contents(),

	2670 "window.domAutomationController.send((function() {\n"

	2671 " try {\n"

	2672 " return getLastOpenedWindowLocation();\n"

	2673 " } catch (e) {\n"

	2674 " return e.toString();\n"

	2675 " }\n"

	2676 "})())",

	2677 &result));

	2678 if (AreAllSitesIsolatedForTesting()) {

	2679 EXPECT_THAT(result,

	2680 ::testing::MatchesRegex("http://a.com:\\d+/title1.html"));

	2681 } else {

	2682 EXPECT_THAT(result,

	2683 ::testing::MatchesRegex("SecurityError: Blocked a frame with "

	2684 "origin \"http://a.com:\\d+\" from "

	2685 "accessing a cross-origin frame."));

	2686 }

	2687 }

	2688

2620 } // namespace content	2689 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | third_party/WebKit/Source/bindings/core/v8/BindingSecurity.cpp » ('j') | no next file with comments »