Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(294)

Unified Diff: chrome/browser/extensions/extension_bindings_apitest.cc

Issue 2208483002: Fix extension bindings injection for iframes (reland) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: addressed review comments, fixed lint Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_messages_apitest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_bindings_apitest.cc
diff --git a/chrome/browser/extensions/extension_bindings_apitest.cc b/chrome/browser/extensions/extension_bindings_apitest.cc
index 387576f78c9594f291a0b3d98392fb7d0088d19d..5006270d002ce5fe4773e37690021637c02fe7fa 100644
--- a/chrome/browser/extensions/extension_bindings_apitest.cc
+++ b/chrome/browser/extensions/extension_bindings_apitest.cc
@@ -9,6 +9,7 @@
#include "chrome/browser/net/url_request_mock_util.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
#include "chrome/test/base/ui_test_utils.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/test/browser_test_utils.h"
@@ -208,5 +209,65 @@ IN_PROC_BROWSER_TEST_F(ExtensionBindingsApiTest,
EXPECT_EQ("success", result);
}
+class FramesExtensionBindingsApiTest : public ExtensionBindingsApiTest {
+ public:
+ void SetUpCommandLine(base::CommandLine* command_line) override {
+ ExtensionBindingsApiTest::SetUpCommandLine(command_line);
+ command_line->AppendSwitch(switches::kDisablePopupBlocking);
+ }
+};
+
+// This tests that web pages with iframes or child windows pointing at
+// chrome-extenison:// urls, both web_accessible and nonexistent pages, don't
+// get improper extensions bindings injected while they briefly still point at
+// about:blank and are still scriptable by their parent.
+//
+// The general idea is to load up 2 extensions, one which listens for external
+// messages ("receiver") and one which we'll try first faking messages from in
+// the web page's iframe, as well as actually send a message from later
+// ("sender").
+IN_PROC_BROWSER_TEST_F(FramesExtensionBindingsApiTest, FramesBeforeNavigation) {
+ // Load the sender and receiver extensions, and make sure they are ready.
+ ExtensionTestMessageListener sender_ready("sender_ready", true);
+ const Extension* sender = LoadExtension(
+ test_data_dir_.AppendASCII("bindings").AppendASCII("message_sender"));
+ ASSERT_NE(nullptr, sender);
+ ASSERT_TRUE(sender_ready.WaitUntilSatisfied());
+
+ ExtensionTestMessageListener receiver_ready("receiver_ready", false);
+ const Extension* receiver =
+ LoadExtension(test_data_dir_.AppendASCII("bindings")
+ .AppendASCII("external_message_listener"));
+ ASSERT_NE(nullptr, receiver);
+ ASSERT_TRUE(receiver_ready.WaitUntilSatisfied());
+
+ // Load the web page which tries to impersonate the sender extension via
+ // scripting iframes/child windows before they finish navigating to pages
+ // within the sender extension.
+ ASSERT_TRUE(embedded_test_server()->Start());
+ ui_test_utils::NavigateToURL(
+ browser(),
+ embedded_test_server()->GetURL(
+ "/extensions/api_test/bindings/frames_before_navigation.html"));
+
+ bool page_success = false;
+ ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
+ browser()->tab_strip_model()->GetWebContentsAt(0), "getResult()",
+ &page_success));
+ EXPECT_TRUE(page_success);
+
+ // Reply to |sender|, causing it to send a message over to |receiver|, and
+ // then ask |receiver| for the total message count. It should be 1 since
+ // |receiver| should not have received any impersonated messages.
+ sender_ready.Reply(receiver->id());
+ int message_count = 0;
+ ASSERT_TRUE(content::ExecuteScriptAndExtractInt(
+ ProcessManager::Get(profile())
+ ->GetBackgroundHostForExtension(receiver->id())
+ ->host_contents(),
+ "getMessageCountAfterReceivingRealSenderMessage()", &message_count));
+ EXPECT_EQ(1, message_count);
+}
+
} // namespace
} // namespace extensions
« no previous file with comments | « no previous file | chrome/browser/extensions/extension_messages_apitest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698