Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(45)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/blob_storage/blob_url_browsertest.cc

Issue 2376083002: BlobUrlBrowserTest: Add a test exercising blob: URLs from file:// documents.
Patch Set: With fix Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/frame_host/render_frame_host_manager.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/blob_storage/blob_url_browsertest.cc
diff --git a/content/browser/blob_storage/blob_url_browsertest.cc b/content/browser/blob_storage/blob_url_browsertest.cc
index f25ee5b258fa24a455d7e1d13e7f6f8f42299705..7a6171db3dab736eab456b0c121558aecd04b1a9 100644
--- a/content/browser/blob_storage/blob_url_browsertest.cc
+++ b/content/browser/blob_storage/blob_url_browsertest.cc
@@ -22,7 +22,11 @@ namespace content {
// Tests of the blob: URL scheme.
class BlobUrlBrowserTest : public ContentBrowserTest {
public:
- BlobUrlBrowserTest() {}
+ BlobUrlBrowserTest() {
+ // Run with file:// URLs in unique origins, as is the default for the
+ // browser, but normally relaxed in browsertests.
+ RevokeFileAccessFromFiles();
+ }
void SetUpOnMainThread() override {
host_resolver()->AddRule("*", "127.0.0.1");
@@ -90,17 +94,77 @@ IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlob) {
EXPECT_TRUE(base::MatchPattern(new_contents->GetVisibleURL().spec(),
"blob:" + origin.Serialize() + "/*"));
- std::string page_content;
+ std::string popup_text;
EXPECT_TRUE(ExecuteScriptAndExtractString(
new_contents,
"domAutomationController.send("
" document.origin + ' ' + document.body.innerText);",
- &page_content));
- EXPECT_EQ(origin.Serialize() + " potato", page_content);
+ &popup_text));
+ EXPECT_EQ(origin.Serialize() + " potato", popup_text);
+
+ // The popup is same origin with its opener, and can script it.
+ std::string opener_text;
+ EXPECT_TRUE(ExecuteScriptAndExtractString(
+ new_contents,
+ "domAutomationController.send(window.opener.document.body.innerText);",
+ &opener_text));
+ EXPECT_EQ("This page has no title. Click Me!", opener_text);
+}
+
+IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginFileBlob) {
+ // Using a file:// page, click a link that opens a popup to a same-origin
+ // blob.
+ GURL url = GetTestUrl(NULL, "title1.html");
+ EXPECT_EQ("file://", url::Origin(url).Serialize());
+ NavigateToURL(shell(), url);
+
+ ShellAddedObserver new_shell_observer;
+ EXPECT_TRUE(ExecuteScript(
+ shell(),
+ "var link = document.body.appendChild(document.createElement('a'));"
+ "link.innerText = 'Click Me!';"
+ "link.href = URL.createObjectURL(new Blob(['potato']));"
+ "link.target = '_blank';"
+ "link.click()"));
+
+ // The link should create a new tab.
+ Shell* new_shell = new_shell_observer.GetShell();
+ WebContents* new_contents = new_shell->web_contents();
+ WaitForLoadStop(new_contents);
+
+ EXPECT_EQ(new_contents->GetRenderProcessHost(),
+ shell()->web_contents()->GetRenderProcessHost());
+
+ EXPECT_TRUE(
+ base::MatchPattern(new_contents->GetVisibleURL().spec(), "blob:null/*"));
+ EXPECT_EQ("file://", shell()
+ ->web_contents()
+ ->GetMainFrame()
+ ->GetLastCommittedOrigin()
+ .Serialize());
+ EXPECT_EQ("null", url::Origin(new_contents->GetVisibleURL()).Serialize());
+ EXPECT_EQ("file://",
+ url::Origin(new_contents->GetMainFrame()->GetLastCommittedOrigin())
+ .Serialize());
+ std::string popup_text;
+ EXPECT_TRUE(ExecuteScriptAndExtractString(
+ new_contents,
+ "domAutomationController.send("
+ " document.origin + ' ' + document.body.innerText);",
+ &popup_text));
+ EXPECT_EQ("null potato", popup_text);
+
+ // The popup is same origin with its opener, and can script it.
+ std::string opener_text;
+ EXPECT_TRUE(ExecuteScriptAndExtractString(
+ new_contents,
+ "domAutomationController.send(window.opener.document.body.innerText);",
+ &opener_text));
+ EXPECT_EQ("This page has no title. Click Me!", opener_text);
}
// Regression test for https://crbug.com/646278
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithAuthority) {
+IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithUsername) {
// Using an http page, click a link that opens a popup to a same-origin blob
// that has a spoofy authority section applied. This should be blocked.
GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html");
@@ -138,7 +202,7 @@ IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, LinkToSameOriginBlobWithAuthority) {
}
// Regression test for https://crbug.com/646278
-IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, ReplaceStateToAddAuthorityToBlob) {
+IN_PROC_BROWSER_TEST_F(BlobUrlBrowserTest, ReplaceStateToAddUsernameToBlob) {
// history.replaceState from a validly loaded blob URL shouldn't allow adding
// an authority to the inner URL, which would be spoofy.
GURL url = embedded_test_server()->GetURL("chromium.org", "/title1.html");
« no previous file with comments | « no previous file | content/browser/frame_host/render_frame_host_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698