Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4331)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/extension_bindings_apitest.cc

Issue 2151693002: Fix extension bindings injection for iframes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: hacker_case -> camelCase Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('j') | chrome/test/data/extensions/api_test/bindings/frames_before_navigation.html » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_bindings_apitest.cc
diff --git a/chrome/browser/extensions/extension_bindings_apitest.cc b/chrome/browser/extensions/extension_bindings_apitest.cc
index 387576f78c9594f291a0b3d98392fb7d0088d19d..00bfe49efa2225b8e46166e40e490290076b7528 100644
--- a/chrome/browser/extensions/extension_bindings_apitest.cc
+++ b/chrome/browser/extensions/extension_bindings_apitest.cc
@@ -9,6 +9,7 @@
#include "chrome/browser/net/url_request_mock_util.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
#include "chrome/test/base/ui_test_utils.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/test/browser_test_utils.h"
@@ -208,5 +209,60 @@ IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest,
EXPECT_EQ("success", result);
}
+// This tests that web pages with iframes or child windows pointing at
+// chrome-extenison:// urls, both web_accessible and nonexistent pages, don't
+// get improper extensions bindings injected while they briefly still point at
+// about:blank and are still scriptable by their parent.
+//
+// The general idea is to load up 2 extensions, one which listens for external
+// messages ("receiver") and one which we'll try first faking messages from in
+// the web page's iframe, as well as actually send a message from later
+// ("sender").
+IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest, FramesBeforeNavigation) {
+ base::CommandLine::ForCurrentProcess()->AppendSwitch(
+ switches::kDisablePopupBlocking);
+
+ // Load the sender and receiver extensions, and make sure they are ready.
+ ExtensionTestMessageListener sender_ready("sender_ready", true);
+ const Extension* sender = LoadExtension(
+ test_data_dir_.AppendASCII("bindings").AppendASCII("message_sender"));
+ ASSERT_NE(nullptr, sender);
+ ASSERT_TRUE(sender_ready.WaitUntilSatisfied());
+
+ ExtensionTestMessageListener receiver_ready("receiver_ready", false);
+ const Extension* receiver =
+ LoadExtension(test_data_dir_.AppendASCII("bindings")
+ .AppendASCII("external_message_listener"));
+ ASSERT_NE(nullptr, receiver);
+ ASSERT_TRUE(receiver_ready.WaitUntilSatisfied());
+
+ // Load the web page which tries to impersonate the sender extension via
+ // scripting iframes/child windows before they finish navigating to pages
+ // within the sender extension.
+ ASSERT_TRUE(embedded_test_server()->Start());
+ ui_test_utils::NavigateToURL(
+ browser(),
+ embedded_test_server()->GetURL(
+ "/extensions/api_test/bindings/frames_before_navigation.html"));
+
+ bool page_success = false;
+ ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
+ browser()->tab_strip_model()->GetWebContentsAt(0), "getResult()",
+ &page_success));
+ EXPECT_TRUE(page_success);
+
+ // Reply to |sender|, causing it to send a message over to |receiver|, and
+ // then ask |receiver| for the total message count. It should be 1 since
+ // |receiver| should not have received any impersonated messages.
+ sender_ready.Reply(receiver->id());
+ int message_count;
Devlin 2016/07/21 22:20:34 nit: initialize this.
asargent_no_longer_on_chrome 2016/07/22 17:36:51 Done.
+ ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+ extensions::ProcessManager::Get(profile())
Devlin 2016/07/21 22:20:34 nit: already in extensions::.
asargent_no_longer_on_chrome 2016/07/22 17:36:51 Done.
+ ->GetBackgroundHostForExtension(receiver->id())
+ ->host_contents(),
+ "getMessageCountAfterReceivingRealSenderMessage()", &message_count));
+ EXPECT_EQ(1, message_count);
+}
+
} // namespace
} // namespace extensions
« no previous file with comments | « no previous file | chrome/test/data/extensions/api_test/bindings/external_message_listener/background.js » ('j') | chrome/test/data/extensions/api_test/bindings/frames_before_navigation.html » ('J')

Powered by Google App Engine
This is Rietveld 408576698