content/browser/frame_host/render_frame_host_manager_browsertest.cc - Issue 2650473002: Don't swap processes for chrome:// subframes.

Side by Side Diff: content/browser/frame_host/render_frame_host_manager_browsertest.cc

Issue 2650473002: Don't swap processes for chrome:// subframes. (Closed)

Patch Set: Fix check correctness and add a test. Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6 #include <stdint.h>	6 #include <stdint.h>

7	7

8 #include <memory>	8 #include <memory>

9 #include <set>	9 #include <set>

10	10

(...skipping 3013 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3024 // With OOPIFs, this navigation used a cross-process transfer. Ensure that	3024 // With OOPIFs, this navigation used a cross-process transfer. Ensure that

3025 // the iframe's old RFH still has correct origin, even though it's pending	3025 // the iframe's old RFH still has correct origin, even though it's pending

3026 // deletion.	3026 // deletion.

3027 if (AreAllSitesIsolatedForTesting()) {	3027 if (AreAllSitesIsolatedForTesting()) {

3028 EXPECT_FALSE(child_rfh_b->is_active());	3028 EXPECT_FALSE(child_rfh_b->is_active());

3029 EXPECT_NE(child_rfh_b, child->current_frame_host());	3029 EXPECT_NE(child_rfh_b, child->current_frame_host());

3030 EXPECT_EQ(url::Origin(url_b), child_rfh_b->GetLastCommittedOrigin());	3030 EXPECT_EQ(url::Origin(url_b), child_rfh_b->GetLastCommittedOrigin());

3031 }	3031 }

3032 }	3032 }

3033	3033

	3034 // Verify that with Site Isolation enabled, chrome:// pages with subframes

	3035 // to other chrome:// URLs all stay in the same process.

	3036 IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,

	3037 ChromeSchemeSubframesStayInProcessWithParent) {

	3038 // Enable Site Isolation so subframes with different chrome:// URLs will be

	3039 // treated as cross-site.

	3040 IsolateAllSitesForTesting(base::CommandLine::ForCurrentProcess());

	3041 StartEmbeddedServer();

	3042

	3043 GURL chrome_top_url = GURL(std::string(kChromeUIScheme) + "://" +

	3044 std::string(kChromeUIBlobInternalsHost));

	3045 GURL chrome_child_url = GURL(std::string(kChromeUIScheme) + "://" +

	3046 std::string(kChromeUIHistogramHost));

	3047 GURL regular_web_url(embedded_test_server()->GetURL("/title1.html"));

	3048

	3049 NavigationControllerImpl& controller = static_cast<NavigationControllerImpl&>(

	3050 shell()->web_contents()->GetController());

	3051 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents())

	3052 ->GetFrameTree()

	3053 ->root();

	3054

	3055 // Navigate the main frame to the top chrome:// URL.

	3056 NavigateToURL(shell(), chrome_top_url);

	3057

	3058 // Inject a frame in the page and navigate it to a chrome:// URL as well.

	3059 {

	3060 std::string script = base::StringPrintf(

	3061 "var frame = document.createElement('iframe');\n"

	3062 "frame.src = '%s';\n"

	3063 "document.body.appendChild(frame);\n",

	3064 chrome_child_url.spec().c_str());
	Charlie Reis 2017/01/20 23:32:11 How did you get around the CSP problem you mention How did you get around the CSP problem you mentioned? nasko 2017/01/20 23:51:58 Found pages with less strict CSP :(. Show quoted text On 2017/01/20 23:32:11, Charlie Reis wrote: > How did you get around the CSP problem you mentioned? Found pages with less strict CSP :(.
	3065

	3066 TestNavigationObserver navigation_observer(shell()->web_contents());

	3067 EXPECT_TRUE(ExecuteScript(shell(), script));

	3068 navigation_observer.Wait();

	3069 EXPECT_EQ(1U, root->child_count());

	3070

	3071 // Ensure the subframe navigated to the expected URL and that it is in the

	3072 // same SiteInstance as the parent frame.

	3073 NavigationEntryImpl* entry = controller.GetLastCommittedEntry();

	3074 ASSERT_EQ(1U, entry->root_node()->children.size());

	3075 EXPECT_EQ(chrome_child_url,

	3076 entry->root_node()->children[0]->frame_entry->url());

	3077 EXPECT_EQ(root->current_frame_host()->GetSiteInstance(),

	3078 root->child_at(0)->current_frame_host()->GetSiteInstance());

	3079 }

	3080

	3081 // Ensure that non-chrome:// pages get a different SiteInstance and process.

	3082 {

	3083 std::string script = base::StringPrintf(

	3084 "var frame = document.createElement('iframe');\n"

	3085 "frame.src = '%s';\n"

	3086 "document.body.appendChild(frame);\n",

	3087 regular_web_url.spec().c_str());

	3088

	3089 TestNavigationObserver navigation_observer(shell()->web_contents());

	3090 EXPECT_TRUE(ExecuteScript(shell(), script));

	3091 navigation_observer.Wait();

	3092 EXPECT_EQ(2U, root->child_count());

	3093

	3094 // Ensure the subframe navigated to the expected URL and that it is in a

	3095 // different SiteInstance from the parent frame.
	Charlie Reis 2017/01/20 23:32:11 WAT??! I'm shocked this is allowed. (And I'm gla WAT??! I'm shocked this is allowed. (And I'm glad you tested it!) We should not be letting a WebUI page load a web iframe, should we? I hope this crashes after sammc's https://codereview.chromium.org/2566583002/ lands. We should probably upgrade his DCHECK_EQ in RenderFrameHostImpl::AllowBindings to a CHECK_EQ (separate from his CL to avoid any risk of getting it reverted). nasko 2017/01/20 23:51:58 We shouldn't :). Show quoted text On 2017/01/20 23:32:11, Charlie Reis wrote: > WAT??! I'm shocked this is allowed. (And I'm glad you tested it!) We should > not be letting a WebUI page load a web iframe, should we? We shouldn't :). Show quoted text > I hope this crashes after sammc's https://codereview.chromium.org/2566583002/ > lands. We should probably upgrade his DCHECK_EQ in > RenderFrameHostImpl::AllowBindings to a CHECK_EQ (separate from his CL to avoid > any risk of getting it reverted). I think it is also worthwhile to add an explicit check for this as a NavigationThrottle and ensure we just outright block the navigation. Feel free to file a bug and assign it to me to take care of. Charlie Reis 2017/01/20 23:59:31 Agreed. I'll file it. Show quoted text On 2017/01/20 23:51:58, nasko wrote: > On 2017/01/20 23:32:11, Charlie Reis wrote: > > WAT??! I'm shocked this is allowed. (And I'm glad you tested it!) We should > > not be letting a WebUI page load a web iframe, should we? > > We shouldn't :). > > > I hope this crashes after sammc's https://codereview.chromium.org/2566583002/ > > lands. We should probably upgrade his DCHECK_EQ in > > RenderFrameHostImpl::AllowBindings to a CHECK_EQ (separate from his CL to > avoid > > any risk of getting it reverted). > > I think it is also worthwhile to add an explicit check for this as a > NavigationThrottle and ensure we just outright block the navigation. Feel free > to file a bug and assign it to me to take care of. Agreed. I'll file it.
	3096 NavigationEntryImpl* entry = controller.GetLastCommittedEntry();

	3097 ASSERT_EQ(2U, entry->root_node()->children.size());

	3098 EXPECT_EQ(regular_web_url,

	3099 entry->root_node()->children[1]->frame_entry->url());

	3100 EXPECT_NE(root->current_frame_host()->GetSiteInstance(),

	3101 root->child_at(1)->current_frame_host()->GetSiteInstance());

	3102 }

	3103 }

	3104

3034 } // namespace content	3105 } // namespace content

OLD	NEW

« content/browser/frame_host/render_frame_host_manager.cc ('K') | « content/browser/frame_host/render_frame_host_manager.cc ('k') | no next file » | no next file with comments »