OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stddef.h> | 5 #include <stddef.h> |
6 | 6 |
7 #include "base/path_service.h" | 7 #include "base/path_service.h" |
8 #include "base/strings/stringprintf.h" | 8 #include "base/strings/stringprintf.h" |
| 9 #include "base/test/histogram_tester.h" |
9 #include "build/build_config.h" | 10 #include "build/build_config.h" |
10 #include "chrome/browser/extensions/extension_apitest.h" | 11 #include "chrome/browser/extensions/extension_apitest.h" |
11 #include "chrome/browser/profiles/profile.h" | 12 #include "chrome/browser/profiles/profile.h" |
12 #include "chrome/browser/ui/browser.h" | 13 #include "chrome/browser/ui/browser.h" |
13 #include "chrome/browser/ui/browser_finder.h" | 14 #include "chrome/browser/ui/browser_finder.h" |
14 #include "chrome/browser/ui/browser_list.h" | 15 #include "chrome/browser/ui/browser_list.h" |
15 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 16 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
16 #include "chrome/common/chrome_paths.h" | 17 #include "chrome/common/chrome_paths.h" |
17 #include "chrome/test/base/ui_test_utils.h" | 18 #include "chrome/test/base/ui_test_utils.h" |
| 19 #include "content/public/browser/notification_service.h" |
| 20 #include "content/public/browser/notification_types.h" |
| 21 #include "content/public/browser/render_frame_host.h" |
18 #include "content/public/browser/render_process_host.h" | 22 #include "content/public/browser/render_process_host.h" |
19 #include "content/public/browser/web_contents.h" | 23 #include "content/public/browser/web_contents.h" |
20 #include "content/public/common/result_codes.h" | 24 #include "content/public/common/result_codes.h" |
21 #include "content/public/common/url_constants.h" | 25 #include "content/public/common/url_constants.h" |
22 #include "content/public/test/browser_test_utils.h" | 26 #include "content/public/test/browser_test_utils.h" |
23 #include "extensions/browser/extension_host.h" | 27 #include "extensions/browser/extension_host.h" |
24 #include "extensions/browser/process_manager.h" | 28 #include "extensions/browser/process_manager.h" |
25 #include "extensions/common/constants.h" | 29 #include "extensions/common/constants.h" |
26 #include "extensions/common/extension.h" | 30 #include "extensions/common/extension.h" |
27 #include "extensions/test/extension_test_message_listener.h" | 31 #include "extensions/test/extension_test_message_listener.h" |
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
277 last_loaded_extension_id() + "/newtab.html"), | 281 last_loaded_extension_id() + "/newtab.html"), |
278 false, | 282 false, |
279 &newtab)); | 283 &newtab)); |
280 | 284 |
281 // Extension API should succeed. | 285 // Extension API should succeed. |
282 bool result = false; | 286 bool result = false; |
283 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", | 287 ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()", |
284 &result)); | 288 &result)); |
285 EXPECT_TRUE(result); | 289 EXPECT_TRUE(result); |
286 } | 290 } |
| 291 |
| 292 // Tests that calling window.open for an extension URL from a non-HTTP or HTTPS |
| 293 // URL on a new tab cannot access non-web-accessible resources. |
| 294 IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, |
| 295 WindowOpenInaccessibleResourceFromDataURL) { |
| 296 base::HistogramTester uma; |
| 297 ASSERT_TRUE(LoadExtension( |
| 298 test_data_dir_.AppendASCII("uitest").AppendASCII("window_open"))); |
| 299 |
| 300 ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,foo")); |
| 301 |
| 302 // test.html is not web-accessible and should not be loaded. |
| 303 GURL extension_url(extensions::Extension::GetResourceURL( |
| 304 extensions::Extension::GetBaseURLFromExtensionId( |
| 305 last_loaded_extension_id()), |
| 306 "test.html")); |
| 307 |
| 308 content::WindowedNotificationObserver windowed_observer( |
| 309 content::NOTIFICATION_LOAD_STOP, |
| 310 content::NotificationService::AllSources()); |
| 311 ASSERT_TRUE(content::ExecuteScript( |
| 312 browser()->tab_strip_model()->GetActiveWebContents(), |
| 313 "window.open('" + extension_url.spec() + "');")); |
| 314 windowed_observer.Wait(); |
| 315 content::NavigationController* controller = |
| 316 content::Source<content::NavigationController>(windowed_observer.source()) |
| 317 .ptr(); |
| 318 content::WebContents* newtab = controller->GetWebContents(); |
| 319 ASSERT_TRUE(newtab); |
| 320 |
| 321 EXPECT_NE(extension_url, newtab->GetMainFrame()->GetLastCommittedURL()); |
| 322 EXPECT_FALSE(newtab->GetMainFrame()->GetSiteInstance()->GetSiteURL().SchemeIs( |
| 323 extensions::kExtensionScheme)); |
| 324 |
| 325 // Verify that the blocking was recorded correctly in UMA. |
| 326 uma.ExpectUniqueSample("Extensions.ShouldAllowOpenURL.Failure", |
| 327 2, /* FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION */ |
| 328 1); |
| 329 } |
OLD | NEW |