Move file chooser from RenderView(Host) to RenderFrame(Host).

content/browser/security_exploit_browsertest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 
 #include "base/command_line.h"
 #include "base/containers/hash_tables.h"
 #include "base/macros.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 177 matching lines @@
             ",EXCLUDE localhost");
   }
 
   void SetUpOnMainThread() override {
     BrowserThread::PostTask(
         BrowserThread::IO, FROM_HERE,
         base::Bind(&net::URLRequestSlowDownloadJob::AddUrlHandler));
   }
 
  protected:
-  // Tests that a given file path sent in a ViewHostMsg_RunFileChooser will
+  // Tests that a given file path sent in a FrameHostMsg_RunFileChooser will
   // cause renderer to be killed.
   void TestFileChooserWithPath(const base::FilePath& path);
 };
 
 void SecurityExploitBrowserTest::TestFileChooserWithPath(
     const base::FilePath& path) {
   GURL foo("http://foo.com/simple_page.html");
   NavigateToURL(shell(), foo);
   EXPECT_EQ(base::ASCIIToUTF16("OK"), shell()->web_contents()->GetTitle());
 
-  RenderViewHost* compromised_renderer =
-      shell()->web_contents()->GetRenderViewHost();
+  RenderFrameHost* compromised_renderer =
+      shell()->web_contents()->GetMainFrame();
   RenderProcessHostWatcher terminated(
       shell()->web_contents(),
       RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
 
   FileChooserParams params;
   params.default_file_name = path;
 
-  ViewHostMsg_RunFileChooser evil(compromised_renderer->GetRoutingID(), params);
+  FrameHostMsg_RunFileChooser evil(compromised_renderer->GetRoutingID(),
+                                   params);
 
   IpcSecurityTestUtil::PwnMessageReceived(
       compromised_renderer->GetProcess()->GetChannel(), evil);
   terminated.Wait();
 }
 
 // Ensure that we kill the renderer process if we try to give it WebUI
 // properties and it doesn't have enabled WebUI bindings.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, SetWebUIProperty) {
   GURL foo("http://foo.com/simple_page.html");
@@ skipping 59 matching lines @@
   // Since this test executes on the UI thread and hopping threads might cause
   // different timing in the test, let's simulate a CreateNewWidget call coming
   // from the IO thread.  Use the existing window routing id to cause a
   // deliberate collision.
   pending_rvh->CreateNewWidget(duplicate_routing_id, blink::WebPopupTypePage);
 
   // If the above operation doesn't crash, the test has succeeded!
 }
 
 // This is a test for crbug.com/444198. It tries to send a
-// ViewHostMsg_RunFileChooser containing an invalid path. The browser should
+// FrameHostMsg_RunFileChooser containing an invalid path. The browser should
 // correctly terminate the renderer in these cases.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, AttemptRunFileChoosers) {
   TestFileChooserWithPath(base::FilePath(FILE_PATH_LITERAL("../../*.txt")));
   TestFileChooserWithPath(base::FilePath(FILE_PATH_LITERAL("/etc/*.conf")));
 #if defined(OS_WIN)
   TestFileChooserWithPath(
       base::FilePath(FILE_PATH_LITERAL("\\\\evilserver\\evilshare\\*.txt")));
   TestFileChooserWithPath(base::FilePath(FILE_PATH_LITERAL("c:\\*.txt")));
   TestFileChooserWithPath(base::FilePath(FILE_PATH_LITERAL("..\\..\\*.txt")));
 #endif
@@ skipping 240 matching lines @@
   // separate task of the message loop, so ensure that the process is still
   // considered alive.
   EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection());
 
   exit_observer.Wait();
   EXPECT_FALSE(exit_observer.did_exit_normally());
   ResourceDispatcherHost::Get()->SetDelegate(nullptr);
 }
 
 }  // namespace content