Block webpages from navigating to view-source URLs

content/browser/web_contents/web_contents_impl_browsertest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/macros.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "build/build_config.h"
 #include "content/browser/frame_host/navigation_entry_impl.h"
 #include "content/browser/renderer_host/render_widget_host_impl.h"
@@ skipping 752 matching lines @@
   shell()->web_contents()->SetPageScale(1.5);
   EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::FloatEq(1.5)));
   observer.WaitForPageScaleUpdate();
 
   // Navigate to reset the page scale factor.
   shell()->LoadURL(embedded_test_server()->GetURL("/title2.html"));
   EXPECT_CALL(observer, OnPageScaleFactorChanged(::testing::_));
   observer.WaitForPageScaleUpdate();
 }
 
+// Test that a direct navigation to a view-source URL works.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceDirectNavigation) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+  const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+  NavigateToURL(shell(), kViewSourceURL);
+  // Displayed view-source URLs don't include the scheme of the effective URL

[Charlie Reis, 2016/05/24 22:54:16]

nit: Just for HTTP, right?

[meacer, 2016/05/31 23:57:54]

Done.

+  // (e.g. view-source:example.com instead of view-source:http://example.com).
+  EXPECT_EQ(base::ASCIIToUTF16(std::string("view-source:") + kUrl.host() + ":" +
+                               kUrl.port() + kUrl.path()),
+            shell()->web_contents()->GetTitle());

[Charlie Reis, 2016/05/24 22:54:16]

Maybe we can also check that we're in view-source mode?

EXPECT_TRUE(shell()->web_contents()->GetController().GetLastCommittedEntry()->IsViewSourceMode());

Similar in the tests below.

[meacer, 2016/05/31 23:57:54]

Done, except for window.open case where there is no committed navigation
(checking for null there).

+}
+
+// Test that window.open to a view-source URL is blocked.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+                       ViewSourceWindowOpen_ShouldBeBlocked) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+  const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+  NavigateToURL(shell(), kUrl);
+
+  ShellAddedObserver new_shell_observer;
+  EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+                            "window.open('" + kViewSourceURL.spec() + "');"));
+  Shell* new_shell = new_shell_observer.GetShell();
+  WaitForLoadStop(new_shell->web_contents());
+  // EXPECT_EQ("", static_cast<WebContentsImpl*>(new_shell->web_contents())

[Charlie Reis, 2016/05/24 22:54:16]

nit: Remove.

[meacer, 2016/05/31 23:57:54]

Done.

+  EXPECT_EQ("", new_shell->web_contents()->GetURL().spec());

[Charlie Reis, 2016/05/24 22:54:16]

Can we use a ConsoleObserverDelegate on shell() in this test as well?

[meacer, 2016/05/31 23:57:54]

Unfortunately no, because the console message gets logged in the new shell. So
we need ConsoleObserverDelegate use the new shell, but by the time
new_shell_observer.GetShell() returns, it's too late for observing the message.

[Charlie Reis, 2016/06/01 22:59:51]

Acknowledged.

+}
+
+// Test that a content initiated navigation to a view-source URL is blocked.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+                       ViewSourceRedirect_ShouldBeBlocked) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+  const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+  NavigateToURL(shell(), kUrl);
+
+  std::unique_ptr<ConsoleObserverDelegate> console_delegate(
+      new ConsoleObserverDelegate(
+          shell()->web_contents(),
+          "Not allowed to load local resource: view-source:*"));
+  shell()->web_contents()->SetDelegate(console_delegate.get());
+
+  EXPECT_TRUE(
+      ExecuteScript(shell()->web_contents(),
+                    "window.location = '" + kViewSourceURL.spec() + "';"));
+  console_delegate->Wait();
+  // Original page shouldn't navigate away.
+  EXPECT_EQ(kUrl, shell()->web_contents()->GetURL());
+}
+
+// Test that view source mode for a webui page can be opened.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceWebUI) {
+  const char kUrl[] = "view-source:chrome://chrome/settings";
+  const GURL kGURL(kUrl);
+  NavigateToURL(shell(), kGURL);
+  EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle());
+}
+
 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) {
   ASSERT_TRUE(embedded_test_server()->Start());
 
   GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html");
   EXPECT_TRUE(NavigateToURL(shell(), url));
 
   {
     ShellAddedObserver new_shell_observer;
 
     // Open a new, named window.
@@ skipping 222 matching lines @@
       content::ExecuteScript(root->current_frame_host(), alert_location));
   dialog_manager.Wait();
   EXPECT_EQ(GURL("http://a.com/title1.html"),
             GURL(dialog_manager.last_message()).ReplaceComponents(clear_port));
 
   wc->SetDelegate(nullptr);
   wc->SetJavaScriptDialogManagerForTesting(nullptr);
 }
 
 }  // namespace content