| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/macros.h" | 5 #include "base/macros.h" |
| 6 #include "base/run_loop.h" | 6 #include "base/run_loop.h" |
| 7 #include "base/strings/pattern.h" | 7 #include "base/strings/pattern.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 781 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 792 ASSERT_TRUE(embedded_test_server()->Start()); | 792 ASSERT_TRUE(embedded_test_server()->Start()); |
| 793 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | 793 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); |
| 794 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec()); | 794 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec()); |
| 795 NavigateToURL(shell(), kUrl); | 795 NavigateToURL(shell(), kUrl); |
| 796 | 796 |
| 797 ShellAddedObserver new_shell_observer; | 797 ShellAddedObserver new_shell_observer; |
| 798 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | 798 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), |
| 799 "window.open('" + kViewSourceURL.spec() + "');")); | 799 "window.open('" + kViewSourceURL.spec() + "');")); |
| 800 Shell* new_shell = new_shell_observer.GetShell(); | 800 Shell* new_shell = new_shell_observer.GetShell(); |
| 801 WaitForLoadStop(new_shell->web_contents()); | 801 WaitForLoadStop(new_shell->web_contents()); |
| 802 EXPECT_EQ("", new_shell->web_contents()->GetURL().spec()); | 802 EXPECT_TRUE(new_shell->web_contents()->GetURL().spec().empty()); |
| 803 // No navigation should commit. | 803 // No navigation should commit. |
| 804 EXPECT_FALSE( | 804 EXPECT_FALSE( |
| 805 new_shell->web_contents()->GetController().GetLastCommittedEntry()); | 805 new_shell->web_contents()->GetController().GetLastCommittedEntry()); |
| 806 } | 806 } |
| 807 | 807 |
| 808 // Test that a content initiated navigation to a view-source URL is blocked. | 808 // Test that a content initiated navigation to a view-source URL is blocked. |
| 809 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, | 809 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, |
| 810 ViewSourceRedirect_ShouldBeBlocked) { | 810 ViewSourceRedirect_ShouldBeBlocked) { |
| 811 ASSERT_TRUE(embedded_test_server()->Start()); | 811 ASSERT_TRUE(embedded_test_server()->Start()); |
| 812 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | 812 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 839 const GURL kGURL(kUrl); | 839 const GURL kGURL(kUrl); |
| 840 NavigateToURL(shell(), kGURL); | 840 NavigateToURL(shell(), kGURL); |
| 841 EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle()); | 841 EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle()); |
| 842 EXPECT_TRUE(shell() | 842 EXPECT_TRUE(shell() |
| 843 ->web_contents() | 843 ->web_contents() |
| 844 ->GetController() | 844 ->GetController() |
| 845 .GetLastCommittedEntry() | 845 .GetLastCommittedEntry() |
| 846 ->IsViewSourceMode()); | 846 ->IsViewSourceMode()); |
| 847 } | 847 } |
| 848 | 848 |
| 849 namespace { | |
| 850 const char kDataUrlWarningPattern[] = | |
| 851 "Upcoming versions will block content-initiated top frame navigations*"; | |
| 852 | |
| 853 // This class listens for console messages other than the data: URL warning. It | |
| 854 // fails the test if it sees a data: URL warning. | |
| 855 class NoDataURLWarningConsoleObserverDelegate : public ConsoleObserverDelegate { | |
| 856 public: | |
| 857 using ConsoleObserverDelegate::ConsoleObserverDelegate; | |
| 858 // WebContentsDelegate method: | |
| 859 bool DidAddMessageToConsole(WebContents* source, | |
| 860 int32_t level, | |
| 861 const base::string16& message, | |
| 862 int32_t line_no, | |
| 863 const base::string16& source_id) override { | |
| 864 std::string ascii_message = base::UTF16ToASCII(message); | |
| 865 EXPECT_FALSE(base::MatchPattern(ascii_message, kDataUrlWarningPattern)); | |
| 866 return ConsoleObserverDelegate::DidAddMessageToConsole( | |
| 867 source, level, message, line_no, source_id); | |
| 868 } | |
| 869 }; | |
| 870 | |
| 871 } // namespace | |
| 872 | |
| 873 // Test that a direct navigation to a data URL doesn't show a console warning. | |
| 874 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLDirectNavigation) { | |
| 875 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 876 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 877 | |
| 878 NoDataURLWarningConsoleObserverDelegate console_delegate( | |
| 879 shell()->web_contents(), "FINISH"); | |
| 880 shell()->web_contents()->SetDelegate(&console_delegate); | |
| 881 | |
| 882 NavigateToURL( | |
| 883 shell(), | |
| 884 GURL("data:text/html,<html><script>console.log('FINISH');</script>")); | |
| 885 console_delegate.Wait(); | |
| 886 EXPECT_TRUE(shell()->web_contents()->GetURL().SchemeIs(url::kDataScheme)); | |
| 887 EXPECT_FALSE( | |
| 888 base::MatchPattern(console_delegate.message(), kDataUrlWarningPattern)); | |
| 889 } | |
| 890 | |
| 891 // Test that window.open to a data URL shows a console warning. | |
| 892 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, | |
| 893 DataURLWindowOpen_ShouldWarn) { | |
| 894 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 895 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 896 NavigateToURL(shell(), kUrl); | |
| 897 | |
| 898 ShellAddedObserver new_shell_observer; | |
| 899 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 900 "window.open('data:text/plain,test');")); | |
| 901 Shell* new_shell = new_shell_observer.GetShell(); | |
| 902 | |
| 903 ConsoleObserverDelegate console_delegate( | |
| 904 new_shell->web_contents(), | |
| 905 "Upcoming versions will block content-initiated top frame navigations*"); | |
| 906 new_shell->web_contents()->SetDelegate(&console_delegate); | |
| 907 console_delegate.Wait(); | |
| 908 EXPECT_TRUE(new_shell->web_contents()->GetURL().SchemeIs(url::kDataScheme)); | |
| 909 } | |
| 910 | |
| 911 // Test that a content initiated navigation to a data URL shows a console | |
| 912 // warning. | |
| 913 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLRedirect_ShouldWarn) { | |
| 914 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 915 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 916 NavigateToURL(shell(), kUrl); | |
| 917 | |
| 918 ConsoleObserverDelegate console_delegate( | |
| 919 shell()->web_contents(), | |
| 920 "Upcoming versions will block content-initiated top frame navigations*"); | |
| 921 shell()->web_contents()->SetDelegate(&console_delegate); | |
| 922 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 923 "window.location.href = 'data:text/plain,test';")); | |
| 924 console_delegate.Wait(); | |
| 925 EXPECT_TRUE(shell() | |
| 926 ->web_contents() | |
| 927 ->GetController() | |
| 928 .GetLastCommittedEntry() | |
| 929 ->GetURL() | |
| 930 .SchemeIs(url::kDataScheme)); | |
| 931 } | |
| 932 | |
| 933 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) { | 849 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) { |
| 934 ASSERT_TRUE(embedded_test_server()->Start()); | 850 ASSERT_TRUE(embedded_test_server()->Start()); |
| 935 | 851 |
| 936 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html"); | 852 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html"); |
| 937 EXPECT_TRUE(NavigateToURL(shell(), url)); | 853 EXPECT_TRUE(NavigateToURL(shell(), url)); |
| 938 | 854 |
| 939 { | 855 { |
| 940 ShellAddedObserver new_shell_observer; | 856 ShellAddedObserver new_shell_observer; |
| 941 | 857 |
| 942 // Open a new, named window. | 858 // Open a new, named window. |
| (...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1404 // Make sure the WebContents cleaned up the previous pending request. A new | 1320 // Make sure the WebContents cleaned up the previous pending request. A new |
| 1405 // request should be forwarded to the WebContentsDelegate. | 1321 // request should be forwarded to the WebContentsDelegate. |
| 1406 delegate.get()->request_to_lock_mouse_called_ = false; | 1322 delegate.get()->request_to_lock_mouse_called_ = false; |
| 1407 ASSERT_TRUE(ExecuteScript(shell(), | 1323 ASSERT_TRUE(ExecuteScript(shell(), |
| 1408 "window.domAutomationController.send(document.body." | 1324 "window.domAutomationController.send(document.body." |
| 1409 "requestPointerLock());")); | 1325 "requestPointerLock());")); |
| 1410 EXPECT_TRUE(delegate.get()->request_to_lock_mouse_called_); | 1326 EXPECT_TRUE(delegate.get()->request_to_lock_mouse_called_); |
| 1411 } | 1327 } |
| 1412 | 1328 |
| 1413 } // namespace content | 1329 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
