Disallow navigation to documents not explicitly listed as web accessible.

chrome/browser/extensions/extension_resource_request_policy_apitest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
+#include "chrome/test/base/test_switches.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/browser/web_contents_observer.h"
 #include "content/public/test/browser_test_utils.h"
 #include "extensions/common/switches.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "url/gurl.h"
 
 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest {
  protected:
   void SetUpCommandLine(base::CommandLine* command_line) override {
     ExtensionApiTest::SetUpCommandLine(command_line);
@@ skipping 289 matching lines @@
 
 #if defined(OS_MACOSX)
 #define MAYBE_ExtensionAccessibleResources DISABLED_ExtensionAccessibleResources
 #else
 #define MAYBE_ExtensionAccessibleResources ExtensionAccessibleResources
 #endif
 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
                        MAYBE_ExtensionAccessibleResources) {
   ASSERT_TRUE(RunExtensionSubtest("accessible_cer", "main.html")) << message_;
 }
+
+class NavigationErrorObserver : public content::WebContentsObserver {
+ public:
+  NavigationErrorObserver(content::WebContents* web_contents, const GURL& url)
+      : content::WebContentsObserver(web_contents),
+        url_(url),
+        saw_navigation_(false) {}
+
+  void DidFinishNavigation(content::NavigationHandle* handle) override {
+    if (handle->GetURL() != url_)
+      return;
+    EXPECT_TRUE(handle->IsErrorPage());
+    saw_navigation_ = true;
+    if (run_loop_.running())
+      run_loop_.Quit();
+  }
+
+  void Wait() {
+    if (!saw_navigation_)
+      run_loop_.Run();
+  }
+
+ private:
+  // The url we want to see a navigation for.
+  GURL url_;
+
+  // Have we seen the navigation for |url_| yet?
+  bool saw_navigation_;
+
+  base::RunLoop run_loop_;
+
+  DISALLOW_COPY_AND_ASSIGN(NavigationErrorObserver);
+};
+
+IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
+                       IframeNavigateToInaccessible) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  ASSERT_TRUE(LoadExtension(
+      test_data_dir_.AppendASCII("extension_resource_request_policy")
+          .AppendASCII("some_accessible")));
+
+  GURL iframe_navigate_url(embedded_test_server()->GetURL(
+      "/extensions/api_test/extension_resource_request_policy/"
+      "iframe_navigate.html"));
+
+  ui_test_utils::NavigateToURL(browser(), iframe_navigate_url);
+
+  content::WebContents* web_contents =
+      browser()->tab_strip_model()->GetActiveWebContents();
+
+  GURL private_page(
+      "chrome-extension://kegmjfcnjamahdnldjmlpachmpielcdk/private.html");
+  NavigationErrorObserver observer(web_contents, private_page);
+  ASSERT_TRUE(content::ExecuteScript(web_contents, "navigateFrameNow()"));
+  observer.Wait();
+}