Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(500)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/web_contents/web_contents_impl_browsertest.cc

Issue 1917073002: Block webpages from navigating to view-source URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Delete layout tests Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/web_contents_impl_browsertest.cc
diff --git a/content/browser/web_contents/web_contents_impl_browsertest.cc b/content/browser/web_contents/web_contents_impl_browsertest.cc
index b6593d3f18c8a9b00b14021f32c408b5f3482760..39e816a9339a12421ecc9ea6899b3b0c451ec1cc 100644
--- a/content/browser/web_contents/web_contents_impl_browsertest.cc
+++ b/content/browser/web_contents/web_contents_impl_browsertest.cc
@@ -770,6 +770,84 @@ IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ChangePageScale) {
observer.WaitForPageScaleUpdate();
}
+// Test that a direct navigation to a view-source URL works.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceDirectNavigation) {
+ ASSERT_TRUE(embedded_test_server()->Start());
+ const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+ const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+ NavigateToURL(shell(), kViewSourceURL);
+ // Displayed view-source URLs don't include the scheme of the effective URL if
+ // the effective URL is HTTP. (e.g. view-source:example.com is displayed
+ // instead of view-source:http://example.com).
+ EXPECT_EQ(base::ASCIIToUTF16(std::string("view-source:") + kUrl.host() + ":" +
+ kUrl.port() + kUrl.path()),
+ shell()->web_contents()->GetTitle());
+ EXPECT_TRUE(shell()
+ ->web_contents()
+ ->GetController()
+ .GetLastCommittedEntry()
+ ->IsViewSourceMode());
+}
+
+// Test that window.open to a view-source URL is blocked.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+ ViewSourceWindowOpen_ShouldBeBlocked) {
+ ASSERT_TRUE(embedded_test_server()->Start());
+ const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+ const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+ NavigateToURL(shell(), kUrl);
+
+ ShellAddedObserver new_shell_observer;
+ EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+ "window.open('" + kViewSourceURL.spec() + "');"));
+ Shell* new_shell = new_shell_observer.GetShell();
+ WaitForLoadStop(new_shell->web_contents());
+ EXPECT_EQ("", new_shell->web_contents()->GetURL().spec());
+ // No navigation should commit.
+ EXPECT_FALSE(
+ new_shell->web_contents()->GetController().GetLastCommittedEntry());
+}
+
+// Test that a content initiated navigation to a view-source URL is blocked.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+ ViewSourceRedirect_ShouldBeBlocked) {
+ ASSERT_TRUE(embedded_test_server()->Start());
+ const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+ const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec());
+ NavigateToURL(shell(), kUrl);
+
+ std::unique_ptr<ConsoleObserverDelegate> console_delegate(
+ new ConsoleObserverDelegate(
+ shell()->web_contents(),
+ "Not allowed to load local resource: view-source:*"));
+ shell()->web_contents()->SetDelegate(console_delegate.get());
+
+ EXPECT_TRUE(
+ ExecuteScript(shell()->web_contents(),
+ "window.location = '" + kViewSourceURL.spec() + "';"));
+ console_delegate->Wait();
+ // Original page shouldn't navigate away.
+ EXPECT_EQ(kUrl, shell()->web_contents()->GetURL());
+ EXPECT_FALSE(shell()
+ ->web_contents()
+ ->GetController()
+ .GetLastCommittedEntry()
+ ->IsViewSourceMode());
+}
+
+// Test that view source mode for a webui page can be opened.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceWebUI) {
+ const char kUrl[] = "view-source:chrome://chrome/settings";
+ const GURL kGURL(kUrl);
+ NavigateToURL(shell(), kGURL);
+ EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle());
+ EXPECT_TRUE(shell()
+ ->web_contents()
+ ->GetController()
+ .GetLastCommittedEntry()
+ ->IsViewSourceMode());
+}
+
IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) {
ASSERT_TRUE(embedded_test_server()->Start());
« no previous file with comments | « content/browser/site_per_process_browsertest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698