Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(294)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/test/data/web_view/apitest/main.js

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)
Patch Set: nasko comments, fix most tests Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/public/browser/navigation_handle.h ('K') | « extensions/test/data/web_view/apitest/guest_noreferrer.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 var embedder = {}; 5 var embedder = {};
6 6
7 // TODO(lfg) Move these functions to a common js. 7 // TODO(lfg) Move these functions to a common js.
8 embedder.setUp_ = function(config) { 8 embedder.setUp_ = function(config) {
9 if (!config || !config.testServer) { 9 if (!config || !config.testServer) {
10 return; 10 return;
11 } 11 }
12 embedder.baseGuestURL = 'http://localhost:' + config.testServer.port; 12 embedder.baseGuestURL = 'http://localhost:' + config.testServer.port;
13 embedder.closeSocketURL = embedder.baseGuestURL + '/close-socket'; 13 embedder.closeSocketURL = embedder.baseGuestURL + '/close-socket';
14 embedder.emptyGuestURL = embedder.baseGuestURL + '/empty_guest.html'; 14 embedder.emptyGuestURL = embedder.baseGuestURL + '/empty_guest.html';
15 embedder.noReferrerGuestURL = 15 embedder.noReferrerGuestURL =
16 embedder.baseGuestURL + '/guest_noreferrer.html'; 16 embedder.baseGuestURL + '/guest_noreferrer.html';
17 embedder.detectUserAgentURL = embedder.baseGuestURL + '/detect-user-agent'; 17 embedder.detectUserAgentURL = embedder.baseGuestURL + '/detect-user-agent';
18 embedder.redirectGuestURL = embedder.baseGuestURL + '/server-redirect'; 18 embedder.redirectGuestURL = embedder.baseGuestURL + '/server-redirect';
19 embedder.redirectGuestURLDest = 19 embedder.redirectGuestURLDest =
20 embedder.baseGuestURL + '/guest_redirect.html'; 20 embedder.baseGuestURL + '/guest_redirect.html';
21 embedder.windowOpenGuestURL = embedder.baseGuestURL + '/guest.html'; 21 embedder.windowOpenGuestURL = embedder.baseGuestURL + '/guest.html';
22 embedder.windowOpenGuestDataURL =
23 embedder.baseGuestURL + '/guest_data_url.html';
22 embedder.sameDocumentNavigationURL = 24 embedder.sameDocumentNavigationURL =
23 embedder.baseGuestURL + '/guest_same_document_navigation.html'; 25 embedder.baseGuestURL + '/guest_same_document_navigation.html';
24 }; 26 };
25 27
26 window.runTest = function(testName) { 28 window.runTest = function(testName) {
27 if (!embedder.test.testList[testName]) { 29 if (!embedder.test.testList[testName]) {
28 window.console.warn('Incorrect testName: ' + testName); 30 window.console.warn('Incorrect testName: ' + testName);
29 embedder.test.fail(); 31 embedder.test.fail();
30 return; 32 return;
31 } 33 }
(...skipping 1094 matching lines...) Expand 10 before | Expand all | Expand 10 after
1126 embedder.test.succeed(); 1128 embedder.test.succeed();
1127 }); 1129 });
1128 webview.executeScript({ 1130 webview.executeScript({
1129 code: 'window.location.href = "tel:+12223334444";' 1131 code: 'window.location.href = "tel:+12223334444";'
1130 }, function(results) {}); 1132 }, function(results) {});
1131 }); 1133 });
1132 webview.setAttribute('src', 'data:text/html,navigate to external protocol'); 1134 webview.setAttribute('src', 'data:text/html,navigate to external protocol');
1133 document.body.appendChild(webview); 1135 document.body.appendChild(webview);
1134 } 1136 }
1135 1137
1138 // This test verifies that redirecting a webview to a data URL is blocked.
1139 function testRedirectToDataUrlBlocked() {
1140 var webview = document.createElement('webview');
1141 webview.addEventListener('consolemessage', function(e) {
1142 window.console.log('consolemessage: ' + e.message);
1143 if (e.message.startsWith(
1144 'Not allowed to top-level navigate to resource:')) {
1145 embedder.test.succeed();
1146 }
1147 });
1148 webview.addEventListener('loadstop', function(e) {
1149 if (webview.getAttribute('src').startsWith("data:"))
1150 embedder.test.fail();
1151 });
1152 webview.setAttribute('src', embedder.windowOpenGuestDataURL);
1153 document.body.appendChild(webview);
1154 }
1155
1156 // This test verifies that redirecting a webview to a data URL is allowed if the
1157 // current URL is already a data URL.
1158 function testRedirectToDataUrlFromDataUrlAllowed() {
1159 var webview = document.createElement('webview');
1160 webview.addEventListener('loadstop', function(e) {
1161 if (webview.getAttribute('src').startsWith("data:text/html")) {
1162 webview.executeScript({
1163 code: 'window.location.href = "data:text/plain, success";'
1164 }, function(results) {});
1165 } else if (webview.getAttribute('src').startsWith("data:text/plain")) {
1166 embedder.test.succeed();
1167 }
1168 });
1169 webview.addEventListener('consolemessage', function(e) {
1170 window.console.log('consolemessage: ' + e.message);
1171 if (e.message.startsWith(
1172 'Not allowed to top-level navigate to resource:')) {
1173 embedder.test.fail();
1174 }
1175 });
1176 webview.setAttribute('src', 'data:text/html,navigate to another data url');
1177 document.body.appendChild(webview);
1178 }
1179
1136 // This test ensures if the guest isn't there and we resize the guest (from JS), 1180 // This test ensures if the guest isn't there and we resize the guest (from JS),
1137 // it remembers the size correctly. 1181 // it remembers the size correctly.
1138 function testNavigateAfterResize() { 1182 function testNavigateAfterResize() {
1139 var webview = document.createElement('webview'); 1183 var webview = document.createElement('webview');
1140 1184
1141 var postMessageHandler = function(e) { 1185 var postMessageHandler = function(e) {
1142 var data = JSON.parse(e.data); 1186 var data = JSON.parse(e.data);
1143 webview.removeEventListener('message', postMessageHandler); 1187 webview.removeEventListener('message', postMessageHandler);
1144 if (data[0] == 'dimension-response') { 1188 if (data[0] == 'dimension-response') {
1145 var actualWidth = data[1]; 1189 var actualWidth = data[1];
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
1222 embedder.test.fail(); 1266 embedder.test.fail();
1223 } else { 1267 } else {
1224 webview.src = tests[loadCommitCount]; 1268 webview.src = tests[loadCommitCount];
1225 } 1269 }
1226 }); 1270 });
1227 webview.src = tests[0]; 1271 webview.src = tests[0];
1228 document.body.appendChild(webview); 1272 document.body.appendChild(webview);
1229 } 1273 }
1230 1274
1231 // This test verifies that new window attachment functions as expected. 1275 // This test verifies that new window attachment functions as expected.
1276 //
1277 // TODO(crbug.com/594215) Test that opening a new window with a data URL is
1278 // blocked. There is currently no way to test this, as the block message is
1279 // printed on the new window which never gets created, so the message is lost.
1280 // Also test that opening a new window with a data URL when the webview is
1281 // already on a data URL is allowed.
1232 function testNewWindow() { 1282 function testNewWindow() {
1233 var webview = document.createElement('webview'); 1283 var webview = document.createElement('webview');
1234 webview.addEventListener('newwindow', function(e) { 1284 webview.addEventListener('newwindow', function(e) {
1235 e.preventDefault(); 1285 e.preventDefault();
1236 var newwebview = document.createElement('webview'); 1286 var newwebview = document.createElement('webview');
1237 newwebview.addEventListener('loadstop', function(evt) { 1287 newwebview.addEventListener('loadstop', function(evt) {
1238 // If the new window finishes loading, the test is successful. 1288 // If the new window finishes loading, the test is successful.
1239 embedder.test.succeed(); 1289 embedder.test.succeed();
1240 }); 1290 });
1241 document.body.appendChild(newwebview); 1291 document.body.appendChild(newwebview);
(...skipping 536 matching lines...) Expand 10 before | Expand all | Expand 10 after
1778 'testLoadAbortIllegalChromeURL': testLoadAbortIllegalChromeURL, 1828 'testLoadAbortIllegalChromeURL': testLoadAbortIllegalChromeURL,
1779 'testLoadAbortIllegalFileURL': testLoadAbortIllegalFileURL, 1829 'testLoadAbortIllegalFileURL': testLoadAbortIllegalFileURL,
1780 'testLoadAbortIllegalJavaScriptURL': testLoadAbortIllegalJavaScriptURL, 1830 'testLoadAbortIllegalJavaScriptURL': testLoadAbortIllegalJavaScriptURL,
1781 'testLoadAbortInvalidNavigation': testLoadAbortInvalidNavigation, 1831 'testLoadAbortInvalidNavigation': testLoadAbortInvalidNavigation,
1782 'testLoadAbortNonWebSafeScheme': testLoadAbortNonWebSafeScheme, 1832 'testLoadAbortNonWebSafeScheme': testLoadAbortNonWebSafeScheme,
1783 'testLoadEventsSameDocumentNavigation': testLoadEventsSameDocumentNavigation, 1833 'testLoadEventsSameDocumentNavigation': testLoadEventsSameDocumentNavigation,
1784 'testLoadProgressEvent': testLoadProgressEvent, 1834 'testLoadProgressEvent': testLoadProgressEvent,
1785 'testLoadStartLoadRedirect': testLoadStartLoadRedirect, 1835 'testLoadStartLoadRedirect': testLoadStartLoadRedirect,
1786 'testNavigateAfterResize': testNavigateAfterResize, 1836 'testNavigateAfterResize': testNavigateAfterResize,
1787 'testNavigationToExternalProtocol': testNavigationToExternalProtocol, 1837 'testNavigationToExternalProtocol': testNavigationToExternalProtocol,
1838 'testRedirectToDataUrlBlocked': testRedirectToDataUrlBlocked,
1839 'testRedirectToDataUrlFromDataUrlAllowed':
1840 testRedirectToDataUrlFromDataUrlAllowed,
1788 'testNavOnConsecutiveSrcAttributeChanges': 1841 'testNavOnConsecutiveSrcAttributeChanges':
1789 testNavOnConsecutiveSrcAttributeChanges, 1842 testNavOnConsecutiveSrcAttributeChanges,
1790 'testNavOnSrcAttributeChange': testNavOnSrcAttributeChange, 1843 'testNavOnSrcAttributeChange': testNavOnSrcAttributeChange,
1791 'testNewWindow': testNewWindow, 1844 'testNewWindow': testNewWindow,
1792 'testNewWindowNoPreventDefault': testNewWindowNoPreventDefault, 1845 'testNewWindowNoPreventDefault': testNewWindowNoPreventDefault,
1793 'testNewWindowNoReferrerLink': testNewWindowNoReferrerLink, 1846 'testNewWindowNoReferrerLink': testNewWindowNoReferrerLink,
1794 'testNewWindowTwoListeners': testNewWindowTwoListeners, 1847 'testNewWindowTwoListeners': testNewWindowTwoListeners,
1795 'testOnEventProperties': testOnEventProperties, 1848 'testOnEventProperties': testOnEventProperties,
1796 'testPartitionChangeAfterNavigation': testPartitionChangeAfterNavigation, 1849 'testPartitionChangeAfterNavigation': testPartitionChangeAfterNavigation,
1797 'testPartitionRemovalAfterNavigationFails': 1850 'testPartitionRemovalAfterNavigationFails':
(...skipping 12 matching lines...) Expand all
1810 'testWebRequestAPIGoogleProperty': testWebRequestAPIGoogleProperty, 1863 'testWebRequestAPIGoogleProperty': testWebRequestAPIGoogleProperty,
1811 'testCaptureVisibleRegion': testCaptureVisibleRegion 1864 'testCaptureVisibleRegion': testCaptureVisibleRegion
1812 }; 1865 };
1813 1866
1814 onload = function() { 1867 onload = function() {
1815 chrome.test.getConfig(function(config) { 1868 chrome.test.getConfig(function(config) {
1816 embedder.setUp_(config); 1869 embedder.setUp_(config);
1817 chrome.test.sendMessage('LAUNCHED'); 1870 chrome.test.sendMessage('LAUNCHED');
1818 }); 1871 });
1819 }; 1872 };
OLDNEW
« content/public/browser/navigation_handle.h ('K') | « extensions/test/data/web_view/apitest/guest_noreferrer.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin-window-open.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698