Fix checking of iframe contents in SSLUITest.TestUnsafeContents.

chrome/browser/ssl/ssl_browser_tests.cc

Index: chrome/browser/ssl/ssl_browser_tests.cc
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index 25759a31858a3b0c891d9924361edc8155289e89..4465014b85cc9348fc1b74b72966f4678024a6d7 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -388,12 +388,6 @@ class SSLUITest
     ssl_interstitial->CommandReceived(command);
   }
 
-  bool IsShowingWebContentsModalDialog() const {
-    return WebContentsModalDialogManager::FromWebContents(
-        browser()->tab_strip_model()->GetActiveWebContents())->
-            IsDialogActive();
-  }
-
   static void GetFilePathWithHostAndPortReplacement(
       const std::string& original_file_path,
       const net::HostPortPair& host_port_pair,
@@ -1548,48 +1542,76 @@ IN_PROC_BROWSER_TEST_F(SSLUITest,
       AuthState::RAN_INSECURE_CONTENT);
 }
 
-// Visits a page with unsafe content and make sure that:
-// - frames content is replaced with warning
-// - images and scripts are filtered out entirely
+// Visits an SSL page twice, once with subresources served over good SSL and
+// once over bad SSL.
+// - For the good SSL case, the iframe and images should be properly displayed.
+// - For the bad SSL case, the iframe contents shouldn't be displayed and images
+//   and scripts should be filtered out entirely.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContents) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
-
-  std::string replacement_path;
-  GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html",
-                                        https_server_expired_.host_port_pair(),
-                                        &replacement_path);
-  ui_test_utils::NavigateToURL(browser(),
-                               https_server_.GetURL(replacement_path));
-
-  WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
-  // When the bad content is filtered, the state is expected to be
-  // authenticated.
-  CheckAuthenticatedState(tab, AuthState::NONE);
-
-  // Because of cross-frame scripting restrictions, we cannot access the iframe
-  // content.  So to know if the frame was loaded, we just check if a popup was
-  // opened (the iframe content opens one).
-  // Note: because of bug 1115868, no web contents modal dialog is opened right
-  //       now.  Once the bug is fixed, this will do the real check.
-  EXPECT_FALSE(IsShowingWebContentsModalDialog());
-
-  int img_width;
-  EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
-      tab,
-      "window.domAutomationController.send(ImageWidth());",
-      &img_width));
-  // In order to check that the image was not loaded, we check its width.
-  // The actual image (Google logo) is 114 pixels wide, we assume the broken
-  // image is less than 100.
-  EXPECT_LT(img_width, 100);
-
-  bool js_result = false;
-  EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
-      tab,
-      "window.domAutomationController.send(IsFooSet());",
-      &js_result));
-  EXPECT_FALSE(js_result);
+  // Enable popups without user gesture.
+  HostContentSettingsMapFactory::GetForProfile(browser()->profile())
+      ->SetDefaultContentSetting(CONTENT_SETTINGS_TYPE_POPUPS,
+                                 CONTENT_SETTING_ALLOW);
+  {
+    // First visit the page with its iframe and subresources served over good
+    // SSL. This is a sanity check to make sure these resources aren't already
+    // broken in the good case.
+    std::string replacement_path;
+    GetFilePathWithHostAndPortReplacement("/ssl/page_with_unsafe_contents.html",
+                                          https_server_.host_port_pair(),
+                                          &replacement_path);
+    ui_test_utils::BrowserAddedObserver popup_observer;
+    ui_test_utils::NavigateToURL(browser(),
+                                 https_server_.GetURL(replacement_path));
+    WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+    // The state is expected to be authenticated.
+    CheckAuthenticatedState(tab, AuthState::NONE);
+    // The iframe should be able to open a popup.
+    popup_observer.WaitForSingleNewBrowser();
+    EXPECT_EQ(2u, chrome::GetBrowserCount(browser()->profile()));
+    // In order to check that the image was loaded, check its width.
+    // The actual image (Google logo) is 276 pixels wide.
+    int img_width;

[estark, 2016/05/12 19:53:21]

nit: initialize to 0 in case ExecuteScriptAndExtractInt() returns false and
doesn't modify |img_width|

[meacer, 2016/05/12 22:23:33]

Done.

+    EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
+        tab, "window.domAutomationController.send(ImageWidth());", &img_width));
+    EXPECT_EQ(img_width, 276);
+    // Check that variable |foo| is set.
+    bool js_result = false;
+    EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
+        tab, "window.domAutomationController.send(IsFooSet());", &js_result));
+    EXPECT_TRUE(js_result);
+  }
+  {
+    // Now visit the page with its iframe and subresources served over bad
+    // SSL. Iframe contents shouldn't be displayed, and images and scripts

[estark, 2016/05/12 19:53:21]

nit: I know this wording is taken from the old code but I find it confusing...
how about "Iframes, images, and scripts should all be blocked"?

[meacer, 2016/05/12 22:23:33]

Done.

+    // should be filtered out.
+    std::string replacement_path;
+    GetFilePathWithHostAndPortReplacement(
+        "/ssl/page_with_unsafe_contents.html",
+        https_server_expired_.host_port_pair(),
+        &replacement_path);
+    ui_test_utils::NavigateToURL(browser(),
+                                 https_server_.GetURL(replacement_path));
+    WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
+    // When the bad content is filtered, the state is expected to be
+    // authenticated.
+    CheckAuthenticatedState(tab, AuthState::NONE);
+    // The iframe attempts to open a popup window, but it shouldn't be able to.
+    // Previous popup is still open.
+    EXPECT_EQ(2u, chrome::GetBrowserCount(browser()->profile()));
+    // Assume the broken image width is less than 100.
+    int img_width;

[estark, 2016/05/12 19:53:20]

same nit about initializing to 0

[meacer, 2016/05/12 22:23:33]

Done.

+    EXPECT_TRUE(content::ExecuteScriptAndExtractInt(
+        tab, "window.domAutomationController.send(ImageWidth());", &img_width));
+    EXPECT_LT(img_width, 100);
+    // Check that variable |foo| is not set.
+    bool js_result = false;
+    EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
+        tab, "window.domAutomationController.send(IsFooSet());", &js_result));
+    EXPECT_FALSE(js_result);
+  }
 }
 
 // Visits a page with insecure content loaded by JS (after the initial page