OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stddef.h> | 5 #include <stddef.h> |
6 | 6 |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
9 #include "base/test/histogram_tester.h" | |
9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
10 #include "chrome/browser/extensions/extension_apitest.h" | 11 #include "chrome/browser/extensions/extension_apitest.h" |
11 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/browser/ui/browser.h" | 13 #include "chrome/browser/ui/browser.h" |
13 #include "chrome/browser/ui/browser_finder.h" | 14 #include "chrome/browser/ui/browser_finder.h" |
14 #include "chrome/browser/ui/browser_list.h" | 15 #include "chrome/browser/ui/browser_list.h" |
15 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 16 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
16 #include "chrome/common/chrome_paths.h" | 17 #include "chrome/common/chrome_paths.h" |
17 #include "chrome/test/base/ui_test_utils.h" | 18 #include "chrome/test/base/ui_test_utils.h" |
19 #include "content/public/browser/notification_service.h" | |
20 #include "content/public/browser/notification_types.h" | |
21 #include "content/public/browser/render_frame_host.h" | |
18 #include "content/public/browser/render_process_host.h" | 22 #include "content/public/browser/render_process_host.h" |
19 #include "content/public/browser/web_contents.h" | 23 #include "content/public/browser/web_contents.h" |
20 #include "content/public/common/result_codes.h" | 24 #include "content/public/common/result_codes.h" |
21 #include "content/public/common/url_constants.h" | 25 #include "content/public/common/url_constants.h" |
22 #include "content/public/test/browser_test_utils.h" | 26 #include "content/public/test/browser_test_utils.h" |
23 #include "extensions/browser/extension_host.h" | 27 #include "extensions/browser/extension_host.h" |
24 #include "extensions/browser/process_manager.h" | 28 #include "extensions/browser/process_manager.h" |
25 #include "extensions/common/constants.h" | 29 #include "extensions/common/constants.h" |
26 #include "extensions/common/extension.h" | 30 #include "extensions/common/extension.h" |
27 #include "extensions/test/extension_test_message_listener.h" | 31 #include "extensions/test/extension_test_message_listener.h" |
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
277 last_loaded_extension_id() + "/newtab.html"), | 281 last_loaded_extension_id() + "/newtab.html"), |
278 false, | 282 false, |
279 &newtab)); | 283 &newtab)); |
280 | 284 |
281 // Extension API should succeed. | 285 // Extension API should succeed. |
282 bool result = false; | 286 bool result = false; |
283 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", | 287 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", |
284 &result)); | 288 &result)); |
285 EXPECT_TRUE(result); | 289 EXPECT_TRUE(result); |
286 } | 290 } |
291 | |
292 // Tests that calling window.open for an extension URL from a non-HTTP or HTTPS | |
293 // URL on a new tab cannot access non-web-accessible resources. | |
294 IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, | |
295 WindowOpenInaccessibleResourceFromDataURL) { | |
296 base::HistogramTester uma; | |
297 ASSERT_TRUE(LoadExtension( | |
298 test_data_dir_.AppendASCII("uitest").AppendASCII("window_open"))); | |
299 | |
300 ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,foo")); | |
301 | |
302 // test.html is not web-accessible and should not be loaded. | |
303 GURL extension_url(extensions::Extension::GetResourceURL( | |
304 extensions::Extension::GetBaseURLFromExtensionId( | |
305 last_loaded_extension_id()), | |
306 "test.html")); | |
307 | |
308 content::WindowedNotificationObserver windowed_observer( | |
309 content::NOTIFICATION_LOAD_STOP, | |
310 content::NotificationService::AllSources()); | |
311 ASSERT_TRUE(content::ExecuteScript( | |
312 browser()->tab_strip_model()->GetActiveWebContents(), | |
313 "window.open('" + extension_url.spec() + "');")); | |
314 windowed_observer.Wait(); | |
315 content::NavigationController* controller = | |
316 content::Source<content::NavigationController>(windowed_observer.source()) | |
317 .ptr(); | |
318 content::WebContents* newtab = controller->GetWebContents(); | |
319 ASSERT_TRUE(newtab); | |
320 | |
321 EXPECT_NE(extension_url, newtab->GetMainFrame()->GetLastCommittedURL()); | |
322 EXPECT_NE(std::string(extensions::kExtensionScheme), | |
Devlin
2016/11/02 20:50:57
nit: EXPECT_FALSE(GetSiteUrl().SchemeIs(kExtension
alexmos
2016/11/03 00:43:26
Done.
| |
323 newtab->GetMainFrame()->GetSiteInstance()->GetSiteURL().scheme()); | |
324 | |
325 // Verify that the blocking was recorded correctly in UMA. | |
326 uma.ExpectUniqueSample("Extensions.ShouldAllowOpenURL.Failure", | |
327 2, /* FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION */ | |
328 1); | |
329 } | |
OLD | NEW |