Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Side by Side Diff: third_party/WebKit/Source/web/tests/WebFrameTest.cpp

Issue 2683583003: Bindings: perform security check before downcasting to LocalDOMWindow. (Closed)
Patch Set: . Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 8452 matching lines...) Expand 10 before | Expand all | Expand 10 after
8463 registerMockedHttpURLLoad("subframe-a.html"); 8463 registerMockedHttpURLLoad("subframe-a.html");
8464 registerMockedHttpURLLoad("subframe-b.html"); 8464 registerMockedHttpURLLoad("subframe-b.html");
8465 registerMockedHttpURLLoad("subframe-c.html"); 8465 registerMockedHttpURLLoad("subframe-c.html");
8466 registerMockedHttpURLLoad("subframe-hello.html"); 8466 registerMockedHttpURLLoad("subframe-hello.html");
8467 8467
8468 m_webViewHelper.initializeAndLoad(m_baseURL + "frame-a-b-c.html", true); 8468 m_webViewHelper.initializeAndLoad(m_baseURL + "frame-a-b-c.html", true);
8469 } 8469 }
8470 8470
8471 void reset() { m_webViewHelper.reset(); } 8471 void reset() { m_webViewHelper.reset(); }
8472 WebFrame* mainFrame() const { return m_webViewHelper.webView()->mainFrame(); } 8472 WebFrame* mainFrame() const { return m_webViewHelper.webView()->mainFrame(); }
8473 WebView* webView() const { return m_webViewHelper.webView(); } 8473 WebViewImpl* webView() const { return m_webViewHelper.webView(); }
8474 8474
8475 private: 8475 private:
8476 FrameTestHelpers::WebViewHelper m_webViewHelper; 8476 FrameTestHelpers::WebViewHelper m_webViewHelper;
8477 }; 8477 };
8478 8478
8479 TEST_F(WebFrameSwapTest, SwapMainFrame) { 8479 TEST_F(WebFrameSwapTest, SwapMainFrame) {
8480 WebRemoteFrame* remoteFrame = 8480 WebRemoteFrame* remoteFrame =
8481 WebRemoteFrame::create(WebTreeScopeType::Document, nullptr); 8481 WebRemoteFrame::create(WebTreeScopeType::Document, nullptr);
8482 mainFrame()->swap(remoteFrame); 8482 mainFrame()->swap(remoteFrame);
8483 8483
(...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after
8809 v8::Local<v8::Value> localWindowTop = 8809 v8::Local<v8::Value> localWindowTop =
8810 mainFrame()->executeScriptAndReturnValue(WebScriptSource( 8810 mainFrame()->executeScriptAndReturnValue(WebScriptSource(
8811 "document.querySelector('#frame2').contentWindow.top;")); 8811 "document.querySelector('#frame2').contentWindow.top;"));
8812 EXPECT_TRUE(windowTop->StrictEquals(localWindowTop)); 8812 EXPECT_TRUE(windowTop->StrictEquals(localWindowTop));
8813 8813
8814 // Manually reset to break WebViewHelper's dependency on the stack allocated 8814 // Manually reset to break WebViewHelper's dependency on the stack allocated
8815 // TestWebFrameClient. 8815 // TestWebFrameClient.
8816 reset(); 8816 reset();
8817 } 8817 }
8818 8818
8819 TEST_F(WebFrameSwapTest, SetTimeoutAfterSwap) {
8820 v8::Isolate* isolate = v8::Isolate::GetCurrent();
8821 v8::HandleScope scope(isolate);
8822 mainFrame()->executeScript(
8823 WebScriptSource("savedSetTimeout = window[0].setTimeout"));
8824
8825 // Swap the frame to a remote frame.
8826 FrameTestHelpers::TestWebRemoteFrameClient remoteClient;
8827 WebRemoteFrame* remoteFrame = remoteClient.frame();
8828 WebFrame* targetFrame = mainFrame()->firstChild();
8829 targetFrame->swap(remoteFrame);
8830 remoteFrame->setReplicatedOrigin(SecurityOrigin::createUnique());
8831
8832 // Invoking setTimeout should throw a security error.
8833 {
8834 v8::Local<v8::Value> exception = mainFrame()->executeScriptAndReturnValue(
8835 WebScriptSource("try {\n"
8836 " savedSetTimeout.call(window[0], () => {}, 0);\n"
8837 "} catch (e) { e; }"));
8838 ASSERT_TRUE(!exception.IsEmpty());
8839 EXPECT_EQ(
8840 "SecurityError: Failed to execute 'setTimeout' on 'Window': Blocked a "
8841 "frame with origin \"http://internal.test\" from accessing a "
8842 "cross-origin frame.",
8843 toCoreString(exception
8844 ->ToString(ScriptState::forMainWorld(
8845 webView()->mainFrameImpl()->frame())
8846 ->context())
8847 .ToLocalChecked()));
8848 }
8849
8850 reset();
8851 }
8852
8819 TEST_F(WebFrameSwapTest, SwapInitializesGlobal) { 8853 TEST_F(WebFrameSwapTest, SwapInitializesGlobal) {
8820 v8::HandleScope scope(v8::Isolate::GetCurrent()); 8854 v8::HandleScope scope(v8::Isolate::GetCurrent());
8821 8855
8822 v8::Local<v8::Value> windowTop = 8856 v8::Local<v8::Value> windowTop =
8823 mainFrame()->executeScriptAndReturnValue(WebScriptSource("window")); 8857 mainFrame()->executeScriptAndReturnValue(WebScriptSource("window"));
8824 ASSERT_TRUE(windowTop->IsObject()); 8858 ASSERT_TRUE(windowTop->IsObject());
8825 8859
8826 v8::Local<v8::Value> lastChild = mainFrame()->executeScriptAndReturnValue( 8860 v8::Local<v8::Value> lastChild = mainFrame()->executeScriptAndReturnValue(
8827 WebScriptSource("saved = window[2]")); 8861 WebScriptSource("saved = window[2]"));
8828 ASSERT_TRUE(lastChild->IsObject()); 8862 ASSERT_TRUE(lastChild->IsObject());
(...skipping 2508 matching lines...) Expand 10 before | Expand all | Expand 10 after
11337 11371
11338 EXPECT_TRUE(mainFrameClient.childClient().didCallFrameDetached()); 11372 EXPECT_TRUE(mainFrameClient.childClient().didCallFrameDetached());
11339 EXPECT_TRUE(mainFrameClient.childClient().didCallDidStopLoading()); 11373 EXPECT_TRUE(mainFrameClient.childClient().didCallDidStopLoading());
11340 EXPECT_TRUE(mainFrameClient.childClient().didCallDidFinishDocumentLoad()); 11374 EXPECT_TRUE(mainFrameClient.childClient().didCallDidFinishDocumentLoad());
11341 EXPECT_TRUE(mainFrameClient.childClient().didCallDidHandleOnloadEvents()); 11375 EXPECT_TRUE(mainFrameClient.childClient().didCallDidHandleOnloadEvents());
11342 11376
11343 webViewHelper.reset(); 11377 webViewHelper.reset();
11344 } 11378 }
11345 11379
11346 } // namespace blink 11380 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/bindings/templates/methods.cpp.tmpl ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698