Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3808)

Unified Diff: chrome/browser/extensions/window_open_apitest.cc

Issue 2454563003: Fix web accessible resource checks in ShouldAllowOpenURL (Closed)
Patch Set: Round 2 of Devlin's comments Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/extensions/window_open_apitest.cc
diff --git a/chrome/browser/extensions/window_open_apitest.cc b/chrome/browser/extensions/window_open_apitest.cc
index fd74795d400469757105e131d63d72e4c9daa33a..b62ab7da435238478b98bbecd936da3debe7f34f 100644
--- a/chrome/browser/extensions/window_open_apitest.cc
+++ b/chrome/browser/extensions/window_open_apitest.cc
@@ -6,6 +6,7 @@
#include "base/path_service.h"
#include "base/strings/stringprintf.h"
+#include "base/test/histogram_tester.h"
#include "build/build_config.h"
#include "chrome/browser/extensions/extension_apitest.h"
#include "chrome/browser/profiles/profile.h"
@@ -15,6 +16,9 @@
#include "chrome/browser/ui/tabs/tab_strip_model.h"
#include "chrome/common/chrome_paths.h"
#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/notification_service.h"
+#include "content/public/browser/notification_types.h"
+#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/result_codes.h"
@@ -284,3 +288,42 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest, WindowOpenNoPrivileges) {
&result));
EXPECT_TRUE(result);
}
+
+// Tests that calling window.open for an extension URL from a non-HTTP or HTTPS
+// URL on a new tab cannot access non-web-accessible resources.
+IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest,
+ WindowOpenInaccessibleResourceFromDataURL) {
+ base::HistogramTester uma;
+ ASSERT_TRUE(LoadExtension(
+ test_data_dir_.AppendASCII("uitest").AppendASCII("window_open")));
+
+ ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,foo"));
+
+ // test.html is not web-accessible and should not be loaded.
+ GURL extension_url(extensions::Extension::GetResourceURL(
+ extensions::Extension::GetBaseURLFromExtensionId(
+ last_loaded_extension_id()),
+ "test.html"));
+
+ content::WindowedNotificationObserver windowed_observer(
+ content::NOTIFICATION_LOAD_STOP,
+ content::NotificationService::AllSources());
+ ASSERT_TRUE(content::ExecuteScript(
+ browser()->tab_strip_model()->GetActiveWebContents(),
+ "window.open('" + extension_url.spec() + "');"));
+ windowed_observer.Wait();
+ content::NavigationController* controller =
+ content::Source<content::NavigationController>(windowed_observer.source())
+ .ptr();
+ content::WebContents* newtab = controller->GetWebContents();
+ ASSERT_TRUE(newtab);
+
+ EXPECT_NE(extension_url, newtab->GetMainFrame()->GetLastCommittedURL());
+ EXPECT_FALSE(newtab->GetMainFrame()->GetSiteInstance()->GetSiteURL().SchemeIs(
+ extensions::kExtensionScheme));
+
+ // Verify that the blocking was recorded correctly in UMA.
+ uma.ExpectUniqueSample("Extensions.ShouldAllowOpenURL.Failure",
+ 2, /* FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION */
+ 1);
+}
« no previous file with comments | « chrome/browser/extensions/process_manager_browsertest.cc ('k') | chrome/test/data/extensions/uitest/window_open/manifest.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698