Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(99)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/extension_bindings_apitest.cc

Issue 2151693002: Fix extension bindings injection for iframes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('j') | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Contains holistic tests of the bindings infrastructure 5 // Contains holistic tests of the bindings infrastructure
6 6
7 #include "chrome/browser/extensions/api/permissions/permissions_api.h" 7 #include "chrome/browser/extensions/api/permissions/permissions_api.h"
8 #include "chrome/browser/extensions/extension_apitest.h" 8 #include "chrome/browser/extensions/extension_apitest.h"
9 #include "chrome/browser/net/url_request_mock_util.h" 9 #include "chrome/browser/net/url_request_mock_util.h"
10 #include "chrome/browser/ui/browser.h" 10 #include "chrome/browser/ui/browser.h"
(...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after
201 browser()->tab_strip_model()->GetActiveWebContents(); 201 browser()->tab_strip_model()->GetActiveWebContents();
202 EXPECT_FALSE(web_contents->IsCrashed()); 202 EXPECT_FALSE(web_contents->IsCrashed());
203 // See function_interceptions.html. 203 // See function_interceptions.html.
204 std::string result; 204 std::string result;
205 EXPECT_TRUE(content::ExecuteScriptAndExtractString( 205 EXPECT_TRUE(content::ExecuteScriptAndExtractString(
206 web_contents, "window.domAutomationController.send(window.testStatus);", 206 web_contents, "window.domAutomationController.send(window.testStatus);",
207 &result)); 207 &result));
208 EXPECT_EQ("success", result); 208 EXPECT_EQ("success", result);
209 } 209 }
210 210
211 // This tests that web pages with iframes pointing at chrome-extenison:// urls
212 // don't get improper extensions bindings injected while they briefly still
213 // point at about:blank and are still scriptable by their parent.
214 //
215 // The general idea is to load up 2 extensions, one which listens for external
216 // messages ("receiver") and one which we'll try first faking a message from in
217 // the web page's iframe, as well as actually send a message from later
218 // ("sender").
219 IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest, IframeBeforeNavigate) {
220 // Load the sender and receiver extensions, and make sure they are ready.
221 ExtensionTestMessageListener sender_ready("sender_ready", true);
222 const Extension* sender = LoadExtension(
223 test_data_dir_.AppendASCII("bindings").AppendASCII("message_sender"));
224 ASSERT_NE(nullptr, sender);
225 sender_ready.set_extension_id(sender->id());
226 ASSERT_TRUE(sender_ready.WaitUntilSatisfied());
227
228 ExtensionTestMessageListener receiver_ready("receiver_ready", false);
229 const Extension* receiver =
230 LoadExtension(test_data_dir_.AppendASCII("bindings")
231 .AppendASCII("external_message_listener"));
232 ASSERT_NE(nullptr, receiver);
233 receiver_ready.set_extension_id(receiver->id());
234 ASSERT_TRUE(receiver_ready.WaitUntilSatisfied());
235
236 // Load the web page which tries to impersonate the sender extension via
237 // scripting it's iframe before it finishes navigating to a web_accessible
238 // page in the sender.
239 ASSERT_TRUE(embedded_test_server()->Start());
240 ui_test_utils::NavigateToURL(
241 browser(),
242 embedded_test_server()->GetURL(
243 "/extensions/api_test/bindings/iframe_before_navigate.html"));
244
245 bool page_success = false;
246 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
247 browser()->tab_strip_model()->GetActiveWebContents(), "getResult()",
248 &page_success));
249 ASSERT_TRUE(page_success);
250
251 ExtensionTestMessageListener receiver_count(false);
252 receiver_count.set_extension_id(receiver->id());
253
254 // This should cause |sender| to send a real message over to |receiver|, at
255 // which point |receiver| will call test.sendMessage to send over the total
256 // count of messages it got.
257 sender_ready.Reply(receiver->id());
258 ASSERT_TRUE(receiver_count.WaitUntilSatisfied());
259
260 // If the code is correct, |receiver| will not have received an impersonated
261 // messages sent by iframe_before_navigate.html, so the result should be 1.
262 EXPECT_EQ("1", receiver_count.message());
263 }
264
211 } // namespace 265 } // namespace
212 } // namespace extensions 266 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('j') | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('J')

Powered by Google App Engine
This is Rietveld 408576698