| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/macros.h" | 5 #include "base/macros.h" |
| 6 #include "base/strings/pattern.h" | 6 #include "base/strings/pattern.h" |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 #include "content/browser/web_contents/web_contents_impl.h" | 8 #include "content/browser/web_contents/web_contents_impl.h" |
| 9 #include "content/public/test/browser_test_utils.h" | 9 #include "content/public/test/browser_test_utils.h" |
| 10 #include "content/public/test/content_browser_test.h" | 10 #include "content/public/test/content_browser_test.h" |
| 11 #include "content/public/test/content_browser_test_utils.h" | 11 #include "content/public/test/content_browser_test_utils.h" |
| 12 #include "content/public/test/test_utils.h" | 12 #include "content/public/test/test_utils.h" |
| 13 #include "content/shell/browser/shell.h" | 13 #include "content/shell/browser/shell.h" |
| 14 #include "content/test/content_browser_test_utils_internal.h" | 14 #include "content/test/content_browser_test_utils_internal.h" |
| 15 #include "net/dns/mock_host_resolver.h" | 15 #include "net/dns/mock_host_resolver.h" |
| 16 #include "net/test/embedded_test_server/embedded_test_server.h" | 16 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 17 #include "url/gurl.h" | 17 #include "url/gurl.h" |
| 18 #include "url/origin.h" | 18 #include "url/origin.h" |
| 19 | 19 |
| 20 namespace content { | 20 namespace content { |
| 21 | 21 |
| 22 // Tests of the blob: URL scheme. | 22 // Tests of the blob: URL scheme. |
| 23 class BlobUrlBrowserTest : public ContentBrowserTest { | 23 class BlobUrlBrowserTest : public ContentBrowserTest { |
| 24 public: | 24 public: |
| 25 BlobUrlBrowserTest() {} | 25 BlobUrlBrowserTest() { |
| 26 // Run with file:// URLs in unique origins, as is the default for the |
| 27 // browser, but normally relaxed in browsertests. |
| 28 RevokeFileAccessFromFiles(); |
| 29 } |
| 26 | 30 |
| 27 void SetUpOnMainThread() override { | 31 void SetUpOnMainThread() override { |
| 28 host_resolver()->AddRule("*", "127.0.0.1"); | 32 host_resolver()->AddRule("*", "127.0.0.1"); |
| 29 ASSERT_TRUE(embedded_test_server()->Start()); | 33 ASSERT_TRUE(embedded_test_server()->Start()); |
| 30 SetupCrossSiteRedirector(embedded_test_server()); | 34 SetupCrossSiteRedirector(embedded_test_server()); |
| 31 } | 35 } |
| 32 | 36 |
| 33 private: | 37 private: |
| 34 DISALLOW_COPY_AND_ASSIGN(BlobUrlBrowserTest); | 38 DISALLOW_COPY_AND_ASSIGN(BlobUrlBrowserTest); |
| 35 }; | 39 }; |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 "link.target = '_blank';" | 87 "link.target = '_blank';" |
| 84 "link.click()")); | 88 "link.click()")); |
| 85 | 89 |
| 86 // The link should create a new tab. | 90 // The link should create a new tab. |
| 87 Shell* new_shell = new_shell_observer.GetShell(); | 91 Shell* new_shell = new_shell_observer.GetShell(); |
| 88 WebContents* new_contents = new_shell->web_contents(); | 92 WebContents* new_contents = new_shell->web_contents(); |
| 89 WaitForLoadStop(new_contents); | 93 WaitForLoadStop(new_contents); |
| 90 | 94 |
| 91 EXPECT_TRUE(base::MatchPattern(new_contents->GetVisibleURL().spec(), | 95 EXPECT_TRUE(base::MatchPattern(new_contents->GetVisibleURL().spec(), |
| 92 "blob:" + origin.Serialize() + "/*")); | 96 "blob:" + origin.Serialize() + "/*")); |
| 93 std::string page_content; | 97 std::string popup_text; |
| 94 EXPECT_TRUE(ExecuteScriptAndExtractString( | 98 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 95 new_contents, | 99 new_contents, |
| 96 "domAutomationController.send(" | 100 "domAutomationController.send(" |
| 97 " document.origin + ' ' + document.body.innerText);", | 101 " document.origin + ' ' + document.body.innerText);", |
| 98 &page_content)); | 102 &popup_text)); |
| 99 EXPECT_EQ(origin.Serialize() + " potato", page_content); | 103 EXPECT_EQ(origin.Serialize() + " potato", popup_text); |
| 104 |
| 105 // The popup is same origin with its opener, and can script it. |
| 106 std::string opener_text; |
| 107 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 108 new_contents, |
| 109 "domAutomationController.send(window.opener.document.body.innerText);", |
| 110 &opener_text)); |
| 111 EXPECT_EQ("This page has no title. Click Me!", opener_text); |
| 112 } |
| 113 |
| 114 IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginFileBlob) { |
| 115 // Using a file:// page, click a link that opens a popup to a same-origin |
| 116 // blob. |
| 117 GURL url = GetTestUrl(NULL, "title1.html"); |
| 118 EXPECT_EQ("file://", url::Origin(url).Serialize()); |
| 119 NavigateToURL(shell(), url); |
| 120 |
| 121 ShellAddedObserver new_shell_observer; |
| 122 EXPECT_TRUE(ExecuteScript( |
| 123 shell(), |
| 124 "var link = document.body.appendChild(document.createElement('a'));" |
| 125 "link.innerText = 'Click Me!';" |
| 126 "link.href = URL.createObjectURL(new Blob(['potato']));" |
| 127 "link.target = '_blank';" |
| 128 "link.click()")); |
| 129 |
| 130 // The link should create a new tab. |
| 131 Shell* new_shell = new_shell_observer.GetShell(); |
| 132 WebContents* new_contents = new_shell->web_contents(); |
| 133 WaitForLoadStop(new_contents); |
| 134 |
| 135 EXPECT_EQ(new_contents->GetRenderProcessHost(), |
| 136 shell()->web_contents()->GetRenderProcessHost()); |
| 137 |
| 138 EXPECT_TRUE( |
| 139 base::MatchPattern(new_contents->GetVisibleURL().spec(), "blob:null/*")); |
| 140 EXPECT_EQ("file://", shell() |
| 141 ->web_contents() |
| 142 ->GetMainFrame() |
| 143 ->GetLastCommittedOrigin() |
| 144 .Serialize()); |
| 145 EXPECT_EQ("null", url::Origin(new_contents->GetVisibleURL()).Serialize()); |
| 146 EXPECT_EQ("file://", |
| 147 url::Origin(new_contents->GetMainFrame()->GetLastCommittedOrigin()) |
| 148 .Serialize()); |
| 149 std::string popup_text; |
| 150 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 151 new_contents, |
| 152 "domAutomationController.send(" |
| 153 " document.origin + ' ' + document.body.innerText);", |
| 154 &popup_text)); |
| 155 EXPECT_EQ("null potato", popup_text); |
| 156 |
| 157 // The popup is same origin with its opener, and can script it. |
| 158 std::string opener_text; |
| 159 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 160 new_contents, |
| 161 "domAutomationController.send(window.opener.document.body.innerText);", |
| 162 &opener_text)); |
| 163 EXPECT_EQ("This page has no title. Click Me!", opener_text); |
| 100 } | 164 } |
| 101 | 165 |
| 102 // Regression test for https://crbug.com/646278 | 166 // Regression test for https://crbug.com/646278 |
| 103 IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithAuthority) { | 167 IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithUsername) { |
| 104 // Using an http page, click a link that opens a popup to a same-origin blob | 168 // Using an http page, click a link that opens a popup to a same-origin blob |
| 105 // that has a spoofy authority section applied. This should be blocked. | 169 // that has a spoofy authority section applied. This should be blocked. |
| 106 GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html"); | 170 GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html"); |
| 107 url::Origin origin(url); | 171 url::Origin origin(url); |
| 108 NavigateToURL(shell(), url); | 172 NavigateToURL(shell(), url); |
| 109 | 173 |
| 110 ShellAddedObserver new_shell_observer; | 174 ShellAddedObserver new_shell_observer; |
| 111 EXPECT_TRUE(ExecuteScript( | 175 EXPECT_TRUE(ExecuteScript( |
| 112 shell(), | 176 shell(), |
| 113 "var link = document.body.appendChild(document.createElement('a'));" | 177 "var link = document.body.appendChild(document.createElement('a'));" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 131 std::string page_content; | 195 std::string page_content; |
| 132 EXPECT_TRUE(ExecuteScriptAndExtractString( | 196 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 133 new_contents, | 197 new_contents, |
| 134 "domAutomationController.send(" | 198 "domAutomationController.send(" |
| 135 " document.origin + ' ' + document.body.innerText);", | 199 " document.origin + ' ' + document.body.innerText);", |
| 136 &page_content)); | 200 &page_content)); |
| 137 EXPECT_EQ(origin.Serialize() + " ", page_content); // no potato | 201 EXPECT_EQ(origin.Serialize() + " ", page_content); // no potato |
| 138 } | 202 } |
| 139 | 203 |
| 140 // Regression test for https://crbug.com/646278 | 204 // Regression test for https://crbug.com/646278 |
| 141 IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, ReplaceStateToAddAuthorityToBlob) { | 205 IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, ReplaceStateToAddUsernameToBlob) { |
| 142 // history.replaceState from a validly loaded blob URL shouldn't allow adding | 206 // history.replaceState from a validly loaded blob URL shouldn't allow adding |
| 143 // an authority to the inner URL, which would be spoofy. | 207 // an authority to the inner URL, which would be spoofy. |
| 144 GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html"); | 208 GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html"); |
| 145 url::Origin origin(url); | 209 url::Origin origin(url); |
| 146 NavigateToURL(shell(), url); | 210 NavigateToURL(shell(), url); |
| 147 | 211 |
| 148 ShellAddedObserver new_shell_observer; | 212 ShellAddedObserver new_shell_observer; |
| 149 EXPECT_TRUE(ExecuteScript( | 213 EXPECT_TRUE(ExecuteScript( |
| 150 shell(), | 214 shell(), |
| 151 "var spoof_fn = function () {\n" | 215 "var spoof_fn = function () {\n" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 179 // TODO(nick): Currently, window.location still reflects the spoof URL. | 243 // TODO(nick): Currently, window.location still reflects the spoof URL. |
| 180 // This seems unfortunate -- can we fix it? | 244 // This seems unfortunate -- can we fix it? |
| 181 std::string window_location; | 245 std::string window_location; |
| 182 EXPECT_TRUE(ExecuteScriptAndExtractString( | 246 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 183 new_contents, "domAutomationController.send(window.location.href);", | 247 new_contents, "domAutomationController.send(window.location.href);", |
| 184 &window_location)); | 248 &window_location)); |
| 185 EXPECT_TRUE(base::MatchPattern(window_location, "*spoof*")); | 249 EXPECT_TRUE(base::MatchPattern(window_location, "*spoof*")); |
| 186 } | 250 } |
| 187 | 251 |
| 188 } // namespace content | 252 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2376083002:
BlobUrlBrowserTest: Add a test exercising blob: URLs from file:// documents.
