Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(306)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/web_contents/web_contents_impl_browsertest.cc

Issue 1917073002: Block webpages from navigating to view-source URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Delete layout tests Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/macros.h" 5 #include "base/macros.h"
6 #include "base/strings/utf_string_conversions.h" 6 #include "base/strings/utf_string_conversions.h"
7 #include "base/values.h" 7 #include "base/values.h"
8 #include "build/build_config.h" 8 #include "build/build_config.h"
9 #include "content/browser/frame_host/navigation_entry_impl.h" 9 #include "content/browser/frame_host/navigation_entry_impl.h"
10 #include "content/browser/renderer_host/render_widget_host_impl.h" 10 #include "content/browser/renderer_host/render_widget_host_impl.h"
(...skipping 752 matching lines...) Expand 10 before | Expand all | Expand 10 after
763 shell()->web_contents()->SetPageScale(1.5); 763 shell()->web_contents()->SetPageScale(1.5);
764 EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::FloatEq(1.5))); 764 EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::FloatEq(1.5)));
765 observer.WaitForPageScaleUpdate(); 765 observer.WaitForPageScaleUpdate();
766 766
767 // Navigate to reset the page scale factor. 767 // Navigate to reset the page scale factor.
768 shell()->LoadURL(embedded_test_server()->GetURL("/title2.html")); 768 shell()->LoadURL(embedded_test_server()->GetURL("/title2.html"));
769 EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::_)); 769 EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::_));
770 observer.WaitForPageScaleUpdate(); 770 observer.WaitForPageScaleUpdate();
771 } 771 }
772 772
773 // Test that a direct navigation to a view-source URL works.
774 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceDirectNavigation) {
775 ASSERT_TRUE(embedded_test_server()->Start());
776 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
777 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
778 NavigateToURL(shell(), kViewSourceURL);
779 // Displayed view-source URLs don't include the scheme of the effective URL if
780 // the effective URL is HTTP. (e.g. view-source:example.com is displayed
781 // instead of view-source:http://example.com).
782 EXPECT_EQ(base::ASCIIToUTF16(std::string("view-source:") + kUrl.host() + ":" +
783 kUrl.port() + kUrl.path()),
784 shell()->web_contents()->GetTitle());
785 EXPECT_TRUE(shell()
786 ->web_contents()
787 ->GetController()
788 .GetLastCommittedEntry()
789 ->IsViewSourceMode());
790 }
791
792 // Test that window.open to a view-source URL is blocked.
793 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
794 ViewSourceWindowOpen_ShouldBeBlocked) {
795 ASSERT_TRUE(embedded_test_server()->Start());
796 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
797 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
798 NavigateToURL(shell(), kUrl);
799
800 ShellAddedObserver new_shell_observer;
801 EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
802 "window.open('" + kViewSourceURL.spec() + "');"));
803 Shell* new_shell = new_shell_observer.GetShell();
804 WaitForLoadStop(new_shell->web_contents());
805 EXPECT_EQ("", new_shell->web_contents()->GetURL().spec());
806 // No navigation should commit.
807 EXPECT_FALSE(
808 new_shell->web_contents()->GetController().GetLastCommittedEntry());
809 }
810
811 // Test that a content initiated navigation to a view-source URL is blocked.
812 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
813 ViewSourceRedirect_ShouldBeBlocked) {
814 ASSERT_TRUE(embedded_test_server()->Start());
815 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
816 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
817 NavigateToURL(shell(), kUrl);
818
819 std::unique_ptr<ConsoleObserverDelegate> console_delegate(
820 new ConsoleObserverDelegate(
821 shell()->web_contents(),
822 "Not allowed to load local resource: view-source:*"));
823 shell()->web_contents()->SetDelegate(console_delegate.get());
824
825 EXPECT_TRUE(
826 ExecuteScript(shell()->web_contents(),
827 "window.location = '" + kViewSourceURL.spec() + "';"));
828 console_delegate->Wait();
829 // Original page shouldn't navigate away.
830 EXPECT_EQ(kUrl, shell()->web_contents()->GetURL());
831 EXPECT_FALSE(shell()
832 ->web_contents()
833 ->GetController()
834 .GetLastCommittedEntry()
835 ->IsViewSourceMode());
836 }
837
838 // Test that view source mode for a webui page can be opened.
839 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceWebUI) {
840 const char kUrl[] = "view-source:chrome://chrome/settings";
841 const GURL kGURL(kUrl);
842 NavigateToURL(shell(), kGURL);
843 EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle());
844 EXPECT_TRUE(shell()
845 ->web_contents()
846 ->GetController()
847 .GetLastCommittedEntry()
848 ->IsViewSourceMode());
849 }
850
773 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) { 851 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) {
774 ASSERT_TRUE(embedded_test_server()->Start()); 852 ASSERT_TRUE(embedded_test_server()->Start());
775 853
776 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html"); 854 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html");
777 EXPECT_TRUE(NavigateToURL(shell(), url)); 855 EXPECT_TRUE(NavigateToURL(shell(), url));
778 856
779 { 857 {
780 ShellAddedObserver new_shell_observer; 858 ShellAddedObserver new_shell_observer;
781 859
782 // Open a new, named window. 860 // Open a new, named window.
(...skipping 301 matching lines...) Expand 10 before | Expand all | Expand 10 after
1084 // Check that pre-warmed process isn't used. 1162 // Check that pre-warmed process isn't used.
1085 EXPECT_NE(renderer_id, web_contents->GetRenderProcessHost()->GetID()); 1163 EXPECT_NE(renderer_id, web_contents->GetRenderProcessHost()->GetID());
1086 EXPECT_EQ(1, web_contents->GetController().GetEntryCount()); 1164 EXPECT_EQ(1, web_contents->GetController().GetEntryCount());
1087 NavigationEntry* entry = 1165 NavigationEntry* entry =
1088 web_contents->GetController().GetLastCommittedEntry(); 1166 web_contents->GetController().GetLastCommittedEntry();
1089 ASSERT_TRUE(entry); 1167 ASSERT_TRUE(entry);
1090 EXPECT_EQ(web_ui_url, entry->GetURL()); 1168 EXPECT_EQ(web_ui_url, entry->GetURL());
1091 } 1169 }
1092 1170
1093 } // namespace content 1171 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698