| Index: chrome/browser/extensions/extension_bindings_apitest.cc
|
| diff --git a/chrome/browser/extensions/extension_bindings_apitest.cc b/chrome/browser/extensions/extension_bindings_apitest.cc
|
| index 387576f78c9594f291a0b3d98392fb7d0088d19d..ecf35a0eb5157e590f2240a3c55832183adc4848 100644
|
| --- a/chrome/browser/extensions/extension_bindings_apitest.cc
|
| +++ b/chrome/browser/extensions/extension_bindings_apitest.cc
|
| @@ -208,5 +208,59 @@ IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest,
|
| EXPECT_EQ("success", result);
|
| }
|
|
|
| +// This tests that web pages with iframes pointing at chrome-extenison:// urls
|
| +// don't get improper extensions bindings injected while they briefly still
|
| +// point at about:blank and are still scriptable by their parent.
|
| +//
|
| +// The general idea is to load up 2 extensions, one which listens for external
|
| +// messages ("receiver") and one which we'll try first faking a message from in
|
| +// the web page's iframe, as well as actually send a message from later
|
| +// ("sender").
|
| +IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest, IframeBeforeNavigate) {
|
| + // Load the sender and receiver extensions, and make sure they are ready.
|
| + ExtensionTestMessageListener sender_ready("sender_ready", true);
|
| + const Extension* sender = LoadExtension(
|
| + test_data_dir_.AppendASCII("bindings").AppendASCII("message_sender"));
|
| + ASSERT_NE(nullptr, sender);
|
| + sender_ready.set_extension_id(sender->id());
|
| + ASSERT_TRUE(sender_ready.WaitUntilSatisfied());
|
| +
|
| + ExtensionTestMessageListener receiver_ready("receiver_ready", false);
|
| + const Extension* receiver =
|
| + LoadExtension(test_data_dir_.AppendASCII("bindings")
|
| + .AppendASCII("external_message_listener"));
|
| + ASSERT_NE(nullptr, receiver);
|
| + receiver_ready.set_extension_id(receiver->id());
|
| + ASSERT_TRUE(receiver_ready.WaitUntilSatisfied());
|
| +
|
| + // Load the web page which tries to impersonate the sender extension via
|
| + // scripting it's iframe before it finishes navigating to a web_accessible
|
| + // page in the sender.
|
| + ASSERT_TRUE(embedded_test_server()->Start());
|
| + ui_test_utils::NavigateToURL(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "/extensions/api_test/bindings/iframe_before_navigate.html"));
|
| +
|
| + bool page_success = false;
|
| + ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
|
| + browser()->tab_strip_model()->GetActiveWebContents(), "getResult()",
|
| + &page_success));
|
| + ASSERT_TRUE(page_success);
|
| +
|
| + ExtensionTestMessageListener receiver_count(false);
|
| + receiver_count.set_extension_id(receiver->id());
|
| +
|
| + // This should cause |sender| to send a real message over to |receiver|, at
|
| + // which point |receiver| will call test.sendMessage to send over the total
|
| + // count of messages it got.
|
| + sender_ready.Reply(receiver->id());
|
| + ASSERT_TRUE(receiver_count.WaitUntilSatisfied());
|
| +
|
| + // If the code is correct, |receiver| will not have received an impersonated
|
| + // messages sent by iframe_before_navigate.html, so the result should be 1.
|
| + EXPECT_EQ("1", receiver_count.message());
|
| +}
|
| +
|
| } // namespace
|
| } // namespace extensions
|
|
|
Chromium Code Reviews
Issue 2151693002:
Fix extension bindings injection for iframes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master