Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked, but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture and properly
checks if the popup opened or was blocked. It also adds a sanity check to make sure
subresources served over good SSL aren't blocked.

BUG=611162
Committed: https://crrev.com/416ca89721fe8b3f3559d121d0025b0df5bcbb44
Cr-Commit-Position: refs/heads/master@{#393394}

[meacer, 2016-05-11 20:07:34]

Description was changed from

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check iframe contents using
IsShowingWebContentsModalDialog function but that function doesn't work
properly.
It also tries to open a popup window without a user gesture so the popup doesn't
open in the first place. This CL allows popups without a user gesture and checks
if the popup opened/was blocked properly. It also adds a sanity check to make
sure subresources served over good SSL aren't blocked.

BUG=611162
==========

to

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly checks if the popup opened or was blocked. It also adds a sanity
check to make sure subresources served over good SSL aren't blocked.

BUG=611162
==========

[meacer, 2016-05-11 20:07:54]

Description was changed from

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly checks if the popup opened or was blocked. It also adds a sanity
check to make sure subresources served over good SSL aren't blocked.

BUG=611162
==========

to

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly
checks if the popup opened or was blocked. It also adds a sanity check to make
sure
subresources served over good SSL aren't blocked.

BUG=611162
==========

[meacer, 2016-05-11 20:08:40]

meacer@chromium.org changed reviewers:
+ estark@chromium.org

[estark, 2016-05-12 19:53:21]

lgtm with a couple nits

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
File chrome/browser/ssl/ssl_browser_tests.cc (right):

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1576: int img_width;
nit: initialize to 0 in case ExecuteScriptAndExtractInt() returns false and
doesn't modify |img_width|

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1588: // SSL. Iframe contents shouldn't
be displayed, and images and scripts
nit: I know this wording is taken from the old code but I find it confusing...
how about "Iframes, images, and scripts should all be blocked"?

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1605: int img_width;
same nit about initializing to 0

[meacer, 2016-05-12 22:23:34]

Thanks!

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
File chrome/browser/ssl/ssl_browser_tests.cc (right):

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1576: int img_width;
On 2016/05/12 19:53:21, estark wrote:
> nit: initialize to 0 in case ExecuteScriptAndExtractInt() returns false and
> doesn't modify |img_width|

Done.

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1588: // SSL. Iframe contents shouldn't
be displayed, and images and scripts
On 2016/05/12 19:53:21, estark wrote:
> nit: I know this wording is taken from the old code but I find it confusing...
> how about "Iframes, images, and scripts should all be blocked"?

Done.

https://codereview.chromium.org/1970893002/diff/1/chrome/browser/ssl/ssl_brow...
chrome/browser/ssl/ssl_browser_tests.cc:1605: int img_width;
On 2016/05/12 19:53:20, estark wrote:
> same nit about initializing to 0

Done.

[meacer, 2016-05-12 22:23:39]

The CQ bit was checked by meacer@chromium.org

[meacer, 2016-05-12 22:23:39]

The patchset sent to the CQ was uploaded after l-g-t-m from estark@chromium.org
Link to the patchset: https://codereview.chromium.org/1970893002/#ps20001
(title: "estark comments")

[commit-bot: I haz the power, 2016-05-12 22:24:05]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1970893002/20001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1970893002/20001

[commit-bot: I haz the power, 2016-05-12 23:24:51]

Description was changed from

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly
checks if the popup opened or was blocked. It also adds a sanity check to make
sure
subresources served over good SSL aren't blocked.

BUG=611162
==========

to

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly
checks if the popup opened or was blocked. It also adds a sanity check to make
sure
subresources served over good SSL aren't blocked.

BUG=611162
==========

[commit-bot: I haz the power, 2016-05-12 23:24:53]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-05-12 23:27:44]

Description was changed from

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly
checks if the popup opened or was blocked. It also adds a sanity check to make
sure
subresources served over good SSL aren't blocked.

BUG=611162
==========

to

==========
Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

This test attempts to check if iframe contents served over bad SSL are blocked,
but it has
several problems:
- The page iframed in the test (bad_iframe.html) doesn't actually attempt to
open a popup.
- Even if it did, it wouldn't be able to because it doesn't run inside a user
gesture.
- The test uses IsShowingWebContentsModalDialog function to check if the popup
opened, but
that function doesn't work properly.

This CL adds popup code to bad_iframe.html, allows popups without a user gesture
and properly
checks if the popup opened or was blocked. It also adds a sanity check to make
sure
subresources served over good SSL aren't blocked.

BUG=611162

Committed: https://crrev.com/416ca89721fe8b3f3559d121d0025b0df5bcbb44
Cr-Commit-Position: refs/heads/master@{#393394}
==========

[commit-bot: I haz the power, 2016-05-12 23:27:45]

Patchset 2 (id:??) landed as
https://crrev.com/416ca89721fe8b3f3559d121d0025b0df5bcbb44
Cr-Commit-Position: refs/heads/master@{#393394}