Fix web accessible resource checks in ShouldAllowOpenURL for M55

chrome/browser/extensions/window_open_apitest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stddef.h>
 
 #include "base/path_service.h"
 #include "base/strings/stringprintf.h"
+#include "base/test/histogram_tester.h"
 #include "build/build_config.h"
 #include "chrome/browser/extensions/extension_apitest.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/common/chrome_paths.h"
+#include "chrome/common/url_constants.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/notification_service.h"
+#include "content/public/browser/notification_types.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/result_codes.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/test/browser_test_utils.h"
+#include "content/public/test/test_navigation_observer.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/process_manager.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "extensions/test/extension_test_message_listener.h"
 #include "extensions/test/result_catcher.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ skipping 244 matching lines @@
                      last_loaded_extension_id() + "/newtab.html"),
                  false,
                  &newtab));
 
   // Extension API should succeed.
   bool result = false;
   ASSERT_TRUE(content::ExecuteScriptAndExtractBool(newtab, "testExtensionApi()",
                                                    &result));
   EXPECT_TRUE(result);
 }
+
+// Tests that calling window.open for an extension URL from a non-HTTP or HTTPS
+// URL on a new tab cannot access non-web-accessible resources.
+IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest,
+                       WindowOpenInaccessibleResourceFromDataURL) {
+  base::HistogramTester uma;
+  const extensions::Extension* extension = LoadExtension(
+      test_data_dir_.AppendASCII("uitest").AppendASCII("window_open"));
+  ASSERT_TRUE(extension);
+
+  ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,foo"));
+
+  // test.html is not web-accessible and should not be loaded.
+  GURL extension_url(extension->GetResourceURL("test.html"));
+  content::WindowedNotificationObserver windowed_observer(
+      content::NOTIFICATION_LOAD_STOP,
+      content::NotificationService::AllSources());
+  ASSERT_TRUE(content::ExecuteScript(
+      browser()->tab_strip_model()->GetActiveWebContents(),
+      "window.open('" + extension_url.spec() + "');"));
+  windowed_observer.Wait();
+  content::NavigationController* controller =
+      content::Source<content::NavigationController>(windowed_observer.source())
+          .ptr();
+  content::WebContents* newtab = controller->GetWebContents();
+  ASSERT_TRUE(newtab);
+
+  EXPECT_NE(extension_url, newtab->GetMainFrame()->GetLastCommittedURL());
+  EXPECT_FALSE(newtab->GetMainFrame()->GetSiteInstance()->GetSiteURL().SchemeIs(
+      extensions::kExtensionScheme));
+
+  // Verify that the blocking was recorded correctly in UMA.
+  uma.ExpectUniqueSample("Extensions.ShouldAllowOpenURL.Failure",
+                         2, /* FAILURE_SCHEME_NOT_HTTP_OR_HTTPS_OR_EXTENSION */
+                         1);
+}
+
+// Test that navigating to an extension URL is allowed on chrome:// and
+// chrome-search:// pages, even for URLs that are not web-accessible.
+// See https://crbug.com/662602.
+IN_PROC_BROWSER_TEST_F(ExtensionBrowserTest,
+                       NavigateToInaccessibleResourceFromChromeURL) {
+  // Mint an extension URL which is not web-accessible.
+  const extensions::Extension* extension = LoadExtension(
+      test_data_dir_.AppendASCII("uitest").AppendASCII("window_open"));
+  ASSERT_TRUE(extension);
+  GURL extension_url(extension->GetResourceURL("test.html"));
+
+  content::WebContents* tab =
+      browser()->tab_strip_model()->GetActiveWebContents();
+
+  // Navigate to the non-web-accessible URL from chrome:// and
+  // chrome-search:// pages.  Verify that the page loads correctly.
+  GURL history_url(chrome::kChromeUIHistoryURL);
+  GURL ntp_url(chrome::kChromeSearchLocalNtpUrl);
+  ASSERT_TRUE(history_url.SchemeIs(content::kChromeUIScheme));
+  ASSERT_TRUE(ntp_url.SchemeIs(chrome::kChromeSearchScheme));
+  GURL start_urls[] = {history_url, ntp_url};
+  for (size_t i = 0; i < arraysize(start_urls); i++) {
+    ui_test_utils::NavigateToURL(browser(), start_urls[i]);
+    EXPECT_EQ(start_urls[i], tab->GetMainFrame()->GetLastCommittedURL());
+
+    content::TestNavigationObserver observer(tab);
+    ASSERT_TRUE(content::ExecuteScript(
+        tab, "location.href = '" + extension_url.spec() + "';"));
+    observer.Wait();
+    EXPECT_EQ(extension_url, tab->GetMainFrame()->GetLastCommittedURL());
+    std::string result;
+    ASSERT_TRUE(content::ExecuteScriptAndExtractString(
+        tab, "domAutomationController.send(document.body.innerText)", &result));
+    EXPECT_EQ("HOWDIE!!!", result);
+  }
+}