Index: chrome/browser/ssl/security_state_tab_helper_browser_tests.cc |
diff --git a/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc b/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc |
index 21d269b570b18bd99b873ee7fbcc72f7ee8c4dc4..434bbd4127027f65893931f800b8449095356502 100644 |
--- a/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc |
+++ b/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc |
@@ -63,6 +63,18 @@ enum CertificateStatus { VALID_CERTIFICATE, INVALID_CERTIFICATE }; |
const base::FilePath::CharType kDocRoot[] = |
FILE_PATH_LITERAL("chrome/test/data"); |
+// Inject a script into the page. Used by tests that check for visible |
+// password fields to wait for notifications about these |
+// fields. Notifications about visible password fields are queued at the |
+// end of the event loop, so waiting for a dummy script to run ensures |
+// that these notifcations have been sent. |
+void InjectScript(content::WebContents* contents) { |
+ bool js_result = false; |
+ EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
+ contents, "window.domAutomationController.send(true);", &js_result)); |
+ EXPECT_TRUE(js_result); |
+} |
+ |
// A WebContentsObserver useful for testing the DidChangeVisibleSecurityState() |
// method: it keeps track of the latest security style and explanation that was |
// fired. |
@@ -762,6 +774,29 @@ IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, BrokenHTTPS) { |
true /* expect cert status error */); |
} |
+// Tests that the security level of data: URLs is always downgraded to |
+// HTTP_SHOW_WARNING. |
+IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest, |
+ SecurityLevelDowngradedOnDataUrl) { |
+ content::WebContents* contents = |
+ browser()->tab_strip_model()->GetActiveWebContents(); |
+ ASSERT_TRUE(contents); |
+ |
+ SecurityStateTabHelper* helper = |
+ SecurityStateTabHelper::FromWebContents(contents); |
+ ASSERT_TRUE(helper); |
+ |
+ ui_test_utils::NavigateToURL(browser(), GURL("data:text/html,<html></html>")); |
+ InjectScript(contents); |
estark
2017/01/26 22:46:28
Is this necessary? I would think it's only necessa
meacer
2017/01/26 23:49:24
Done.
|
+ security_state::SecurityInfo security_info; |
+ helper->GetSecurityInfo(&security_info); |
+ EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level); |
+ |
+ content::NavigationEntry* entry = contents->GetController().GetVisibleEntry(); |
+ ASSERT_TRUE(entry); |
+ EXPECT_EQ(content::SSLStatus::NORMAL_CONTENT, entry->GetSSL().content_status); |
+} |
+ |
const char kReportURI[] = "https://report-hpkp.test"; |
class PKPModelClientTest : public SecurityStateTabHelperTest { |
@@ -916,18 +951,6 @@ IN_PROC_BROWSER_TEST_F(SecurityStateLoadingTest, NavigationStateChanges) { |
browser()->tab_strip_model()->GetActiveWebContents()); |
} |
-// Inject a script into the page. Used by tests that check for visible |
-// password fields to wait for notifications about these |
-// fields. Notifications about visible password fields are queued at the |
-// end of the event loop, so waiting for a dummy script to run ensures |
-// that these notifcations have been sent. |
-void InjectScript(content::WebContents* contents) { |
- bool js_result = false; |
- EXPECT_TRUE(content::ExecuteScriptAndExtractBool( |
- contents, "window.domAutomationController.send(true);", &js_result)); |
- EXPECT_TRUE(js_result); |
-} |
- |
// Tests that when a visible password field is detected on an HTTP page |
// load, and when the command-line flag is set, the security level is |
// downgraded to HTTP_SHOW_WARNING. |