Revert of Disallow navigations to blob URLs with non-canonical origins.

content/browser/blob_storage/blob_url_browsertest.cc

Index: content/browser/blob_storage/blob_url_browsertest.cc
diff --git a/content/browser/blob_storage/blob_url_browsertest.cc b/content/browser/blob_storage/blob_url_browsertest.cc
deleted file mode 100644
index f25ee5b258fa24a455d7e1d13e7f6f8f42299705..0000000000000000000000000000000000000000
--- a/content/browser/blob_storage/blob_url_browsertest.cc
+++ /dev/null
@@ -1,188 +0,0 @@
-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/macros.h"
-#include "base/strings/pattern.h"
-#include "build/build_config.h"
-#include "content/browser/web_contents/web_contents_impl.h"
-#include "content/public/test/browser_test_utils.h"
-#include "content/public/test/content_browser_test.h"
-#include "content/public/test/content_browser_test_utils.h"
-#include "content/public/test/test_utils.h"
-#include "content/shell/browser/shell.h"
-#include "content/test/content_browser_test_utils_internal.h"
-#include "net/dns/mock_host_resolver.h"
-#include "net/test/embedded_test_server/embedded_test_server.h"
-#include "url/gurl.h"
-#include "url/origin.h"
-
-namespace content {
-
-// Tests of the blob: URL scheme.
-class BlobUrlBrowserTest : public ContentBrowserTest {
- public:
-  BlobUrlBrowserTest() {}
-
-  void SetUpOnMainThread() override {
-    host_resolver()->AddRule("*", "127.0.0.1");
-    ASSERT_TRUE(embedded_test_server()->Start());
-    SetupCrossSiteRedirector(embedded_test_server());
-  }
-
- private:
-  DISALLOW_COPY_AND_ASSIGN(BlobUrlBrowserTest);
-};
-
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToUniqueOriginBlob) {
-  // Use a data URL to obtain a test page in a unique origin. The page
-  // contains a link to a "blob:null/SOME-GUID-STRING" URL.
-  NavigateToURL(
-      shell(),
-      GURL("data:text/html,<body><script>"
-           "var link = document.body.appendChild(document.createElement('a'));"
-           "link.innerText = 'Click Me!';"
-           "link.href = URL.createObjectURL(new Blob(['potato']));"
-           "link.target = '_blank';"
-           "link.id = 'click_me';"
-           "</script></body>"));
-
-  // Click the link.
-  ShellAddedObserver new_shell_observer;
-  EXPECT_TRUE(
-      ExecuteScript(shell(), "document.getElementById('click_me').click()"));
-
-  // The link should create a new tab.
-  Shell* new_shell = new_shell_observer.GetShell();
-  WebContents* new_contents = new_shell->web_contents();
-  WaitForLoadStop(new_contents);
-
-  EXPECT_TRUE(
-      base::MatchPattern(new_contents->GetVisibleURL().spec(), "blob:null/*"));
-  std::string page_content;
-  EXPECT_TRUE(ExecuteScriptAndExtractString(
-      new_contents,
-      "domAutomationController.send("
-      "    document.origin + ' ' + document.body.innerText);",
-      &page_content));
-  EXPECT_EQ("null potato", page_content);
-}
-
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlob) {
-  // Using an http page, click a link that opens a popup to a same-origin blob.
-  GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html");
-  url::Origin origin(url);
-  NavigateToURL(shell(), url);
-
-  ShellAddedObserver new_shell_observer;
-  EXPECT_TRUE(ExecuteScript(
-      shell(),
-      "var link = document.body.appendChild(document.createElement('a'));"
-      "link.innerText = 'Click Me!';"
-      "link.href = URL.createObjectURL(new Blob(['potato']));"
-      "link.target = '_blank';"
-      "link.click()"));
-
-  // The link should create a new tab.
-  Shell* new_shell = new_shell_observer.GetShell();
-  WebContents* new_contents = new_shell->web_contents();
-  WaitForLoadStop(new_contents);
-
-  EXPECT_TRUE(base::MatchPattern(new_contents->GetVisibleURL().spec(),
-                                 "blob:" + origin.Serialize() + "/*"));
-  std::string page_content;
-  EXPECT_TRUE(ExecuteScriptAndExtractString(
-      new_contents,
-      "domAutomationController.send("
-      "    document.origin + ' ' + document.body.innerText);",
-      &page_content));
-  EXPECT_EQ(origin.Serialize() + " potato", page_content);
-}
-
-// Regression test for https://crbug.com/646278
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithAuthority) {
-  // Using an http page, click a link that opens a popup to a same-origin blob
-  // that has a spoofy authority section applied. This should be blocked.
-  GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html");
-  url::Origin origin(url);
-  NavigateToURL(shell(), url);
-
-  ShellAddedObserver new_shell_observer;
-  EXPECT_TRUE(ExecuteScript(
-      shell(),
-      "var link = document.body.appendChild(document.createElement('a'));"
-      "link.innerText = 'Click Me!';"
-      "link.href = 'blob:http://spoof.com@' + "
-      "    URL.createObjectURL(new Blob(['potato'])).split('://')[1];"
-      "link.target = '_blank';"
-      "link.click()"));
-
-  // The link should create a new tab.
-  Shell* new_shell = new_shell_observer.GetShell();
-  WebContents* new_contents = new_shell->web_contents();
-  WaitForLoadStop(new_contents);
-
-  // The spoofy URL should not be shown to the user.
-  EXPECT_FALSE(
-      base::MatchPattern(new_contents->GetVisibleURL().spec(), "*spoof*"));
-  // The currently implemented behavior is that the URL gets rewritten to
-  // about:blank.
-  EXPECT_EQ("about:blank", new_contents->GetVisibleURL().spec());
-  std::string page_content;
-  EXPECT_TRUE(ExecuteScriptAndExtractString(
-      new_contents,
-      "domAutomationController.send("
-      "    document.origin + ' ' + document.body.innerText);",
-      &page_content));
-  EXPECT_EQ(origin.Serialize() + " ", page_content);  // no potato
-}
-
-// Regression test for https://crbug.com/646278
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, ReplaceStateToAddAuthorityToBlob) {
-  // history.replaceState from a validly loaded blob URL shouldn't allow adding
-  // an authority to the inner URL, which would be spoofy.
-  GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html");
-  url::Origin origin(url);
-  NavigateToURL(shell(), url);
-
-  ShellAddedObserver new_shell_observer;
-  EXPECT_TRUE(ExecuteScript(
-      shell(),
-      "var spoof_fn = function () {\n"
-      "  host_port = document.origin.split('://')[1];\n"
-      "  spoof_url = 'blob:http://spoof.com@' + host_port + '/abcd';\n"
-      "  window.history.replaceState({}, '', spoof_url);\n"
-      "};\n"
-      "args = ['<body>potato<scr', 'ipt>(', spoof_fn, ')();</scri', 'pt>'];\n"
-      "b = new Blob(args, {type: 'text/html'});"
-      "window.open(URL.createObjectURL(b));"));
-
-  Shell* new_shell = new_shell_observer.GetShell();
-  WebContents* new_contents = new_shell->web_contents();
-  WaitForLoadStop(new_contents);
-
-  // The spoofy URL should not be shown to the user.
-  EXPECT_FALSE(
-      base::MatchPattern(new_contents->GetVisibleURL().spec(), "*spoof*"));
-
-  // The currently implemented behavior is that the URL gets rewritten to
-  // about:blank. The content of the page stays the same.
-  EXPECT_EQ("about:blank", new_contents->GetVisibleURL().spec());
-  std::string page_content;
-  EXPECT_TRUE(ExecuteScriptAndExtractString(
-      new_contents,
-      "domAutomationController.send("
-      "    document.origin + ' ' + document.body.innerText);",
-      &page_content));
-  EXPECT_EQ(origin.Serialize() + " potato", page_content);
-
-  // TODO(nick): Currently, window.location still reflects the spoof URL.
-  // This seems unfortunate -- can we fix it?
-  std::string window_location;
-  EXPECT_TRUE(ExecuteScriptAndExtractString(
-      new_contents, "domAutomationController.send(window.location.href);",
-      &window_location));
-  EXPECT_TRUE(base::MatchPattern(window_location, "*spoof*"));
-}
-
-}  // namespace content