Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(302)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/session_history_uitest.cc

Issue 206040: Add test for history HTML escaping issue.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "app/l10n_util.h" 5 #include "app/l10n_util.h"
6 #include "base/file_path.h" 6 #include "base/file_path.h"
7 #include "base/platform_thread.h" 7 #include "base/platform_thread.h"
8 #include "base/string_util.h" 8 #include "base/string_util.h"
9 #include "chrome/common/url_constants.h"
9 #include "chrome/test/automation/tab_proxy.h" 10 #include "chrome/test/automation/tab_proxy.h"
10 #include "chrome/test/automation/browser_proxy.h" 11 #include "chrome/test/automation/browser_proxy.h"
11 #include "chrome/test/ui/ui_test.h" 12 #include "chrome/test/ui/ui_test.h"
12 #include "grit/generated_resources.h" 13 #include "grit/generated_resources.h"
13 #include "net/base/net_util.h" 14 #include "net/base/net_util.h"
14 #include "net/url_request/url_request_unittest.h" 15 #include "net/url_request/url_request_unittest.h"
15 16
16 using std::wstring; 17 using std::wstring;
17 18
18 namespace { 19 namespace {
(...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after
494 // visible. 495 // visible.
495 scoped_refptr<HTTPTestServer> server = 496 scoped_refptr<HTTPTestServer> server =
496 HTTPTestServer::CreateServer(kDocRoot, NULL); 497 HTTPTestServer::CreateServer(kDocRoot, NULL);
497 ASSERT_TRUE(NULL != server.get()); 498 ASSERT_TRUE(NULL != server.get());
498 499
499 ASSERT_TRUE(tab_->NavigateToURL(server->TestServerPage( 500 ASSERT_TRUE(tab_->NavigateToURL(server->TestServerPage(
500 "files/session_history/replace.html?no-title.html"))); 501 "files/session_history/replace.html?no-title.html")));
501 EXPECT_EQ(L"", GetTabTitle()); 502 EXPECT_EQ(L"", GetTabTitle());
502 } 503 }
503 504
505 TEST_F(SessionHistoryTest, HistorySearchXSS) {
506 // about:blank should be loaded first.
507 ASSERT_FALSE(tab_->GoBack());
508 EXPECT_EQ(L"", GetTabTitle());
509
510 GURL url(std::string(chrome::kChromeUIHistoryURL) +
511 "#q=%3Cimg%20src%3Dx%3Ax%20onerror%3D%22document.title%3D'XSS'%22%3E");
512 ASSERT_TRUE(tab_->NavigateToURL(url));
513 // Mainly, this is to ensure we send a synchronous message to the renderer
514 // so that we're not susceptible (less susceptible?) to a race condition.
515 // Should a race condition ever trigger, it won't result in flakiness.
516 int num = tab_->FindInPage(L"<img", FWD, CASE_SENSITIVE, false, NULL);
517 EXPECT_GT(num, 0);
518 EXPECT_EQ(L"History", GetTabTitle());
519 }
520
504 } // namespace 521 } // namespace
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698