Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(99)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/iframe_browsertest.cc

Issue 2102883002: Update FileSelectHelper to use RenderFrameHost notifications. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Remove unneeded cleanup calls and disable test while investigating. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/file_select_helper_mac.mm ('k') | chrome/test/data/file_input.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/files/file_path.h" 5 #include "base/files/file_path.h"
6 #include "base/strings/utf_string_conversions.h" 6 #include "base/strings/utf_string_conversions.h"
7 #include "chrome/browser/ui/browser.h" 7 #include "chrome/browser/ui/browser.h"
8 #include "chrome/browser/ui/tabs/tab_strip_model.h" 8 #include "chrome/browser/ui/tabs/tab_strip_model.h"
9 #include "chrome/test/base/in_process_browser_test.h" 9 #include "chrome/test/base/in_process_browser_test.h"
10 #include "chrome/test/base/ui_test_utils.h" 10 #include "chrome/test/base/ui_test_utils.h"
11 #include "content/public/browser/render_frame_host.h"
11 #include "content/public/browser/web_contents.h" 12 #include "content/public/browser/web_contents.h"
13 #include "content/public/test/browser_test_utils.h"
12 #include "url/gurl.h" 14 #include "url/gurl.h"
13 15
14 class IFrameTest : public InProcessBrowserTest { 16 class IFrameTest : public InProcessBrowserTest {
17 public:
18 void SetUpOnMainThread() override {
19 ASSERT_TRUE(embedded_test_server()->Start());
20 }
21
15 protected: 22 protected:
16 void NavigateAndVerifyTitle(const char* file, const char* page_title) { 23 void NavigateAndVerifyTitle(const char* file, const char* page_title) {
17 GURL url = ui_test_utils::GetTestUrl( 24 GURL url = ui_test_utils::GetTestUrl(
18 base::FilePath(), base::FilePath().AppendASCII(file)); 25 base::FilePath(), base::FilePath().AppendASCII(file));
19 26
20 ui_test_utils::NavigateToURL(browser(), url); 27 ui_test_utils::NavigateToURL(browser(), url);
21 EXPECT_EQ(base::ASCIIToUTF16(page_title), 28 EXPECT_EQ(base::ASCIIToUTF16(page_title),
22 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle()); 29 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle());
23 } 30 }
24 }; 31 };
25 32
26 IN_PROC_BROWSER_TEST_F(IFrameTest, Crash) { 33 IN_PROC_BROWSER_TEST_F(IFrameTest, Crash) {
27 NavigateAndVerifyTitle("iframe.html", "iframe test"); 34 NavigateAndVerifyTitle("iframe.html", "iframe test");
28 } 35 }
29 36
30 IN_PROC_BROWSER_TEST_F(IFrameTest, InEmptyFrame) { 37 IN_PROC_BROWSER_TEST_F(IFrameTest, InEmptyFrame) {
31 NavigateAndVerifyTitle("iframe_in_empty_frame.html", "iframe test"); 38 NavigateAndVerifyTitle("iframe_in_empty_frame.html", "iframe test");
32 } 39 }
40
41 // Test for https://crbug.com/621076. It ensures that file chooser triggered
42 // by an iframe, which is destroyed before the chooser is closed, does not
43 // result in a use-after-free condition.
44 IN_PROC_BROWSER_TEST_F(IFrameTest, DISABLED_FileChooserInDestroyedSubframe) {
Lei Zhang 2016/06/28 22:00:56 Please add a comment to explain why it's disabled.
45 content::WebContents* tab =
46 browser()->tab_strip_model()->GetActiveWebContents();
47 GURL file_input_url(embedded_test_server()->GetURL("/file_input.html"));
48
49 // Navigate to a page, which contains an iframe, and navigate the iframe
50 // to a document containing a file input field.
51 // Note: For the bug to occur, the parent and child frame need to be in
52 // the same site, otherwise they would each get a RenderWidgetHost and
53 // existing code will properly clear the internal state.
54 ui_test_utils::NavigateToURL(browser(),
55 embedded_test_server()->GetURL("/iframe.html"));
56 NavigateIframeToURL(tab, "test", file_input_url);
57
58 // Invoke the file chooser and remove the iframe from the main document.
59 content::RenderFrameHost* frame = ChildFrameAt(tab->GetMainFrame(), 0);
60 EXPECT_TRUE(frame);
61 EXPECT_EQ(frame->GetSiteInstance(), tab->GetMainFrame()->GetSiteInstance());
62 EXPECT_TRUE(
63 ExecuteScript(frame, "document.getElementById('fileinput').click();"));
64 EXPECT_TRUE(ExecuteScript(tab->GetMainFrame(),
65 "document.body.removeChild("
66 "document.querySelectorAll('iframe')[0])"));
67 ASSERT_EQ(nullptr, ChildFrameAt(tab->GetMainFrame(), 0));
68
69 // On ASan bots, this test should succeed without reporting use-after-free
70 // condition.
71 }
OLDNEW
« no previous file with comments | « chrome/browser/file_select_helper_mac.mm ('k') | chrome/test/data/file_input.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698