Chromium Code Reviews Chromium Code Reviews
Issue 2454563003:
Fix web accessible resource checks in ShouldAllowOpenURL (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 | 6 |
| 7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
| 8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "base/test/histogram_tester.h" | |
| 9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 10 #include "chrome/browser/extensions/extension_apitest.h" | 11 #include "chrome/browser/extensions/extension_apitest.h" |
| 11 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
| 12 #include "chrome/browser/ui/browser.h" | 13 #include "chrome/browser/ui/browser.h" |
| 13 #include "chrome/browser/ui/browser_finder.h" | 14 #include "chrome/browser/ui/browser_finder.h" |
| 14 #include "chrome/browser/ui/browser_list.h" | 15 #include "chrome/browser/ui/browser_list.h" |
| 15 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 16 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 16 #include "chrome/common/chrome_paths.h" | 17 #include "chrome/common/chrome_paths.h" |
| 17 #include "chrome/test/base/ui_test_utils.h" | 18 #include "chrome/test/base/ui_test_utils.h" |
| 19 #include "content/public/browser/notification_service.h" | |
| 20 #include "content/public/browser/notification_types.h" | |
| 21 #include "content/public/browser/render_frame_host.h" | |
| 18 #include "content/public/browser/render_process_host.h" | 22 #include "content/public/browser/render_process_host.h" |
| 19 #include "content/public/browser/web_contents.h" | 23 #include "content/public/browser/web_contents.h" |
| 20 #include "content/public/common/result_codes.h" | 24 #include "content/public/common/result_codes.h" |
| 21 #include "content/public/common/url_constants.h" | 25 #include "content/public/common/url_constants.h" |
| 22 #include "content/public/test/browser_test_utils.h" | 26 #include "content/public/test/browser_test_utils.h" |
| 23 #include "extensions/browser/extension_host.h" | 27 #include "extensions/browser/extension_host.h" |
| 24 #include "extensions/browser/process_manager.h" | 28 #include "extensions/browser/process_manager.h" |
| 25 #include "extensions/common/constants.h" | 29 #include "extensions/common/constants.h" |
| 26 #include "extensions/common/extension.h" | 30 #include "extensions/common/extension.h" |
| 27 #include "extensions/test/extension_test_message_listener.h" | 31 #include "extensions/test/extension_test_message_listener.h" |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 277 last_loaded_extension_id() + "/newtab.html"), | 281 last_loaded_extension_id() + "/newtab.html"), |
| 278 false, | 282 false, |
| 279 &newtab)); | 283 &newtab)); |
| 280 | 284 |
| 281 // Extension API should succeed. | 285 // Extension API should succeed. |
| 282 bool result = false; | 286 bool result = false; |
| 283 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", | 287 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", |
| 284 &result)); | 288 &result)); |
| 285 EXPECT_TRUE(result); | 289 EXPECT_TRUE(result); |
| 286 } | 290 } |
| 291 | |
| 292 // Tests that calling window.open for an extension URL from a non-HTTP or HTTPS | |
| 293 // URL on a new tab cannot access non-web-accessible resources. | |
| 294 IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, | |
| 295 WindowOpenInaccessibleResourceFromDataURL) { | |
| 296 base::HistogramTester uma; | |
| 297 ASSERT_TRUE(LoadExtension( | |
| 298 test_data_dir_.AppendASCII("uitest").AppendASCII("window_open"))); | |
| 299 | |
| 300 ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,foo")); | |
| 301 | |
| 302 // test.html is not web-accessible and should not be loaded. | |
| 303 GURL extension_url(extensions::Extension::GetResourceURL( | |
| 304 extensions::Extension::GetBaseURLFromExtensionId( | |
| 305 last_loaded_extension_id()), | |
| 306 "test.html")); | |
| 307 | |
| 308 content::WindowedNotificationObserver windowed_observer( | |
| 309 content::NOTIFICATION_LOAD_STOP, | |
| 310 content::NotificationService::AllSources()); | |
| 311 ASSERT_TRUE(content::ExecuteScript( | |
| 312 browser()->tab_strip_model()->GetActiveWebContents(), | |
| 313 "window.open('" + extension_url.spec() + "');")); | |
| 314 windowed_observer.Wait(); | |
| 315 content::NavigationController* controller = | |
| 316 content::Source<content::NavigationController>(windowed_observer.source()) | |
| 317 .ptr(); | |
| 318 content::WebContents* newtab = controller->GetWebContents(); | |
| 319 ASSERT_TRUE(newtab); | |
| 320 | |
| 321 EXPECT_NE(extension_url, newtab->GetMainFrame()->GetLastCommittedURL()); | |
| 322 EXPECT_NE(std::string(extensions::kExtensionScheme), | |
|
Devlin
2016/11/02 20:50:57
nit: EXPECT_FALSE(GetSiteUrl().SchemeIs(kExtension
alexmos
2016/11/03 00:43:26
Done.
| |
| 323 newtab->GetMainFrame()->GetSiteInstance()->GetSiteURL().scheme()); | |
| 324 | |
| 325 // Verify that the blocking was recorded correctly in UMA. | |
| 326 uma.ExpectUniqueSample("Extensions.ShouldAllowOpenURL.Failure", | |
| 327 2, /* FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION */ | |
| 328 1); | |
| 329 } | |
| OLD | NEW |
