Chromium Code Reviews Chromium Code Reviews
Issue 1970893002:
Fix checking of iframe contents in SSLUITest.TestUnsafeContents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 370 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 381 void SendInterstitialCommand(WebContents* tab, std::string command) { | 381 void SendInterstitialCommand(WebContents* tab, std::string command) { |
| 382 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); | 382 InterstitialPage* interstitial_page = tab->GetInterstitialPage(); |
| 383 ASSERT_TRUE(interstitial_page); | 383 ASSERT_TRUE(interstitial_page); |
| 384 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, | 384 ASSERT_EQ(SSLBlockingPage::kTypeForTesting, |
| 385 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); | 385 interstitial_page->GetDelegateForTesting()->GetTypeForTesting()); |
| 386 SSLBlockingPage* ssl_interstitial = static_cast<SSLBlockingPage*>( | 386 SSLBlockingPage* ssl_interstitial = static_cast<SSLBlockingPage*>( |
| 387 interstitial_page->GetDelegateForTesting()); | 387 interstitial_page->GetDelegateForTesting()); |
| 388 ssl_interstitial->CommandReceived(command); | 388 ssl_interstitial->CommandReceived(command); |
| 389 } | 389 } |
| 390 | 390 |
| 391 bool IsShowingWebContentsModalDialog() const { | |
| 392 return WebContentsModalDialogManager::FromWebContents( | |
| 393 browser()->tab_strip_model()->GetActiveWebContents())-> | |
| 394 IsDialogActive(); | |
| 395 } | |
| 396 | |
| 397 static void GetFilePathWithHostAndPortReplacement( | 391 static void GetFilePathWithHostAndPortReplacement( |
| 398 const std::string& original_file_path, | 392 const std::string& original_file_path, |
| 399 const net::HostPortPair& host_port_pair, | 393 const net::HostPortPair& host_port_pair, |
| 400 std::string* replacement_path) { | 394 std::string* replacement_path) { |
| 401 base::StringPairs replacement_text; | 395 base::StringPairs replacement_text; |
| 402 replacement_text.push_back( | 396 replacement_text.push_back( |
| 403 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); | 397 make_pair("REPLACE_WITH_HOST_AND_PORT", host_port_pair.ToString())); |
| 404 net::test_server::GetFilePathWithReplacements( | 398 net::test_server::GetFilePathWithReplacements( |
| 405 original_file_path, replacement_text, replacement_path); | 399 original_file_path, replacement_text, replacement_path); |
| 406 } | 400 } |
| (...skipping 1134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1541 ASSERT_TRUE(https_server_.Start()); | 1535 ASSERT_TRUE(https_server_.Start()); |
| 1542 | 1536 |
| 1543 ui_test_utils::NavigateToURL( | 1537 ui_test_utils::NavigateToURL( |
| 1544 browser(), https_server_.GetURL("/ssl/page_runs_insecure_content.html")); | 1538 browser(), https_server_.GetURL("/ssl/page_runs_insecure_content.html")); |
| 1545 | 1539 |
| 1546 CheckAuthenticationBrokenState( | 1540 CheckAuthenticationBrokenState( |
| 1547 browser()->tab_strip_model()->GetActiveWebContents(), CertError::NONE, | 1541 browser()->tab_strip_model()->GetActiveWebContents(), CertError::NONE, |
| 1548 AuthState::RAN_INSECURE_CONTENT); | 1542 AuthState::RAN_INSECURE_CONTENT); |
| 1549 } | 1543 } |
| 1550 | 1544 |
| 1551 // Visits a page with unsafe content and make sure that: | 1545 // Visits an SSL page twice, once with subresources served over good SSL and |
| 1552 // - frames content is replaced with warning | 1546 // once over bad SSL. |
| 1553 // - images and scripts are filtered out entirely | 1547 // - For the good SSL case, the iframe and images should be properly displayed. |
| 1548 // - For the bad SSL case, the iframe contents shouldn't be displayed and images | |
| 1549 // and scripts should be filtered out entirely. | |
| 1554 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) { | 1550 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) { |
| 1555 ASSERT_TRUE(https_server_.Start()); | 1551 ASSERT_TRUE(https_server_.Start()); |
| 1556 ASSERT_TRUE(https_server_expired_.Start()); | 1552 ASSERT_TRUE(https_server_expired_.Start()); |
| 1557 | 1553 // Enable popups without user gesture. |
| 1558 std::string replacement_path; | 1554 HostContentSettingsMapFactory::GetForProfile(browser()->profile()) |
| 1559 GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html", | 1555 ->SetDefaultContentSetting(CONTENT_SETTINGS_TYPE_POPUPS, |
| 1560 https_server_expired_.host_port_pair(), | 1556 CONTENT_SETTING_ALLOW); |
| 1561 &replacement_path); | 1557 { |
| 1562 ui_test_utils::NavigateToURL(browser(), | 1558 // First visit the page with its iframe and subresources served over good |
| 1563 https_server_.GetURL(replacement_path)); | 1559 // SSL. This is a sanity check to make sure these resources aren't already |
| 1564 | 1560 // broken in the good case. |
| 1565 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | 1561 std::string replacement_path; |
| 1566 // When the bad content is filtered, the state is expected to be | 1562 GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html", |
| 1567 // authenticated. | 1563 https_server_.host_port_pair(), |
| 1568 CheckAuthenticatedState(tab, AuthState::NONE); | 1564 &replacement_path); |
| 1569 | 1565 ui_test_utils::BrowserAddedObserver popup_observer; |
| 1570 // Because of cross-frame scripting restrictions, we cannot access the iframe | 1566 ui_test_utils::NavigateToURL(browser(), |
| 1571 // content. So to know if the frame was loaded, we just check if a popup was | 1567 https_server_.GetURL(replacement_path)); |
| 1572 // opened (the iframe content opens one). | 1568 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); |
| 1573 // Note: because of bug 1115868, no web contents modal dialog is opened right | 1569 // The state is expected to be authenticated. |
| 1574 // now. Once the bug is fixed, this will do the real check. | 1570 CheckAuthenticatedState(tab, AuthState::NONE); |
| 1575 EXPECT_FALSE(IsShowingWebContentsModalDialog()); | 1571 // The iframe should be able to open a popup. |
| 1576 | 1572 popup_observer.WaitForSingleNewBrowser(); |
| 1577 int img_width; | 1573 EXPECT_EQ(2u, chrome::GetBrowserCount(browser()->profile())); |
| 1578 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( | 1574 // In order to check that the image was loaded, check its width. |
| 1579 tab, | 1575 // The actual image (Google logo) is 276 pixels wide. |
| 1580 "window.domAutomationController.send(ImageWidth());", | 1576 int img_width; |
|
estark
2016/05/12 19:53:21
nit: initialize to 0 in case ExecuteScriptAndExtra
meacer
2016/05/12 22:23:33
Done.
| |
| 1581 &img_width)); | 1577 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( |
| 1582 // In order to check that the image was not loaded, we check its width. | 1578 tab, "window.domAutomationController.send(ImageWidth());", &img_width)); |
| 1583 // The actual image (Google logo) is 114 pixels wide, we assume the broken | 1579 EXPECT_EQ(img_width, 276); |
| 1584 // image is less than 100. | 1580 // Check that variable |foo| is set. |
| 1585 EXPECT_LT(img_width, 100); | 1581 bool js_result = false; |
| 1586 | 1582 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
| 1587 bool js_result = false; | 1583 tab, "window.domAutomationController.send(IsFooSet());", &js_result)); |
| 1588 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | 1584 EXPECT_TRUE(js_result); |
| 1589 tab, | 1585 } |
| 1590 "window.domAutomationController.send(IsFooSet());", | 1586 { |
| 1591 &js_result)); | 1587 // Now visit the page with its iframe and subresources served over bad |
| 1592 EXPECT_FALSE(js_result); | 1588 // SSL. Iframe contents shouldn't be displayed, and images and scripts |
|
estark
2016/05/12 19:53:21
nit: I know this wording is taken from the old cod
meacer
2016/05/12 22:23:33
Done.
| |
| 1589 // should be filtered out. | |
| 1590 std::string replacement_path; | |
| 1591 GetFilePathWithHostAndPortReplacement( | |
| 1592 "/ssl/page_with_unsafe_contents.html", | |
| 1593 https_server_expired_.host_port_pair(), | |
| 1594 &replacement_path); | |
| 1595 ui_test_utils::NavigateToURL(browser(), | |
| 1596 https_server_.GetURL(replacement_path)); | |
| 1597 WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents(); | |
| 1598 // When the bad content is filtered, the state is expected to be | |
| 1599 // authenticated. | |
| 1600 CheckAuthenticatedState(tab, AuthState::NONE); | |
| 1601 // The iframe attempts to open a popup window, but it shouldn't be able to. | |
| 1602 // Previous popup is still open. | |
| 1603 EXPECT_EQ(2u, chrome::GetBrowserCount(browser()->profile())); | |
| 1604 // Assume the broken image width is less than 100. | |
| 1605 int img_width; | |
|
estark
2016/05/12 19:53:20
same nit about initializing to 0
meacer
2016/05/12 22:23:33
Done.
| |
| 1606 EXPECT_TRUE(content::ExecuteScriptAndExtractInt( | |
| 1607 tab, "window.domAutomationController.send(ImageWidth());", &img_width)); | |
| 1608 EXPECT_LT(img_width, 100); | |
| 1609 // Check that variable |foo| is not set. | |
| 1610 bool js_result = false; | |
| 1611 EXPECT_TRUE(content::ExecuteScriptAndExtractBool( | |
| 1612 tab, "window.domAutomationController.send(IsFooSet());", &js_result)); | |
| 1613 EXPECT_FALSE(js_result); | |
| 1614 } | |
| 1593 } | 1615 } |
| 1594 | 1616 |
| 1595 // Visits a page with insecure content loaded by JS (after the initial page | 1617 // Visits a page with insecure content loaded by JS (after the initial page |
| 1596 // load). | 1618 // load). |
| 1597 #if defined(OS_LINUX) | 1619 #if defined(OS_LINUX) |
| 1598 // flaky http://crbug.com/396462 | 1620 // flaky http://crbug.com/396462 |
| 1599 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \ | 1621 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \ |
| 1600 DISABLED_TestDisplaysInsecureContentLoadedFromJS | 1622 DISABLED_TestDisplaysInsecureContentLoadedFromJS |
| 1601 #else | 1623 #else |
| 1602 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \ | 1624 #define MAYBE_TestDisplaysInsecureContentLoadedFromJS \ |
| (...skipping 1410 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3013 | 3035 |
| 3014 // Visit a page over https that contains a frame with a redirect. | 3036 // Visit a page over https that contains a frame with a redirect. |
| 3015 | 3037 |
| 3016 // XMLHttpRequest insecure content in synchronous mode. | 3038 // XMLHttpRequest insecure content in synchronous mode. |
| 3017 | 3039 |
| 3018 // XMLHttpRequest insecure content in asynchronous mode. | 3040 // XMLHttpRequest insecure content in asynchronous mode. |
| 3019 | 3041 |
| 3020 // XMLHttpRequest over bad ssl in synchronous mode. | 3042 // XMLHttpRequest over bad ssl in synchronous mode. |
| 3021 | 3043 |
| 3022 // XMLHttpRequest over OK ssl in synchronous mode. | 3044 // XMLHttpRequest over OK ssl in synchronous mode. |
| OLD | NEW |
