Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/test/data/extensions/platform_apps/web_view/shim/main.js

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)
Patch Set: nasko comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/shim/guest_noreferrer.html ('k') | content/browser/BUILD.gn » ('j') | third_party/WebKit/Source/platform/network/NetworkUtils.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 var util = {}; 5 var util = {};
6 var embedder = {}; 6 var embedder = {};
7 embedder.baseGuestURL = ''; 7 embedder.baseGuestURL = '';
8 embedder.emptyGuestURL = ''; 8 embedder.emptyGuestURL = '';
9 embedder.windowOpenGuestURL = ''; 9 embedder.windowOpenGuestURL = '';
10 embedder.noReferrerGuestURL = ''; 10 embedder.noReferrerGuestURL = '';
(...skipping 412 matching lines...) Expand 10 before | Expand all | Expand 10 after
423 webview.addEventListener('loadabort', function(e) { 423 webview.addEventListener('loadabort', function(e) {
424 embedder.test.fail(); 424 embedder.test.fail();
425 }); 425 });
426 webview.addEventListener('loadstop', function(e) { 426 webview.addEventListener('loadstop', function(e) {
427 embedder.test.succeed(); 427 embedder.test.succeed();
428 }); 428 });
429 webview.setAttribute('src', 'guest_with_inline_script.html'); 429 webview.setAttribute('src', 'guest_with_inline_script.html');
430 document.body.appendChild(webview); 430 document.body.appendChild(webview);
431 } 431 }
432 432
433 // This test verifies that guests are blocked from navigating the webview to a
434 // data URL.
435 function testContentInitiatedNavigationToDataUrlBlocked() {
436 var navUrl = "data:text/html,foo";
437 var webview = document.createElement('webview');
438 webview.addEventListener('consolemessage', function(e) {
439 if (e.message.startsWith(
440 'Not allowed to top-level navigate to resource:')) {
441 embedder.test.succeed();
442 }
443 });
444 webview.addEventListener('loadstop', function(e) {
445 if (webview.getAttribute('src') == navUrl) {
446 embedder.test.fail();
447 }
448 });
449 webview.setAttribute('src',
450 'data:text/html,<script>window.location.href = "' + navUrl +
451 '";</scr' + 'ipt>');
452 document.body.appendChild(webview);
453 }
454
433 // Tests that a <webview> that starts with "display: none" style loads 455 // Tests that a <webview> that starts with "display: none" style loads
434 // properly. 456 // properly.
435 function testDisplayNoneWebviewLoad() { 457 function testDisplayNoneWebviewLoad() {
436 var webview = document.createElement('webview'); 458 var webview = document.createElement('webview');
437 var visible = false; 459 var visible = false;
438 webview.style.display = 'none'; 460 webview.style.display = 'none';
439 // foobar is a privileged partition according to the manifest file. 461 // foobar is a privileged partition according to the manifest file.
440 webview.partition = 'foobar'; 462 webview.partition = 'foobar';
441 webview.addEventListener('loadabort', function(e) { 463 webview.addEventListener('loadabort', function(e) {
442 embedder.test.fail(); 464 embedder.test.fail();
(...skipping 858 matching lines...) Expand 10 before | Expand all | Expand 10 after
1301 embedder.test.succeed(); 1323 embedder.test.succeed();
1302 }); 1324 });
1303 }); 1325 });
1304 webview.setAttribute('src', 'data:text/html,trigger navigation'); 1326 webview.setAttribute('src', 'data:text/html,trigger navigation');
1305 document.body.appendChild(webview); 1327 document.body.appendChild(webview);
1306 } 1328 }
1307 1329
1308 // This test verifies that the call to executeScript will fail and return null 1330 // This test verifies that the call to executeScript will fail and return null
1309 // if the webview has been navigated between the time the call was made and the 1331 // if the webview has been navigated between the time the call was made and the
1310 // time it arrives in the guest process. 1332 // time it arrives in the guest process.
1311 function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() { 1333 function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() {
meacer 2017/04/06 18:14:19 This test is flaky and will be disabled in https:/
1312 var webview = document.createElement('webview'); 1334 var webview = document.createElement('webview');
1313 webview.addEventListener('loadstop', function onLoadStop(e) { 1335 webview.addEventListener('loadstop', function onLoadStop(e) {
1314 window.console.log('2. Inject script to trigger a guest-initiated ' + 1336 window.console.log('2. Inject script to trigger a guest-initiated ' +
1315 'navigation.'); 1337 'navigation.');
1316 var navUrl = 'data:text/html,trigger nav'; 1338 var navUrl = embedder.baseGuestURL + "/empty.html";
1317 webview.executeScript({ 1339 webview.executeScript({
1318 code: 'window.location.href = "' + navUrl + '";' 1340 code: 'window.location.href = "' + navUrl + '";'
1319 }); 1341 });
1320 1342
1321 window.console.log('3. Listening for the load that will be started as a ' + 1343 window.console.log('3. Listening for the load that will be started as a ' +
1322 'result of 2.'); 1344 'result of 2.');
1323 webview.addEventListener('loadstart', function onLoadStart(e) { 1345 webview.addEventListener('loadstart', function onLoadStart(e) {
1324 embedder.test.assertEq('about:blank', webview.src); 1346 embedder.test.assertEq('about:blank', webview.src);
1325 window.console.log('4. Attempting to inject script into about:blank. ' + 1347 window.console.log('4. Attempting to inject script into about:blank. ' +
1326 'This is expected to fail.'); 1348 'This is expected to fail.');
(...skipping 1718 matching lines...) Expand 10 before | Expand all | Expand 10 after
3045 embedder.test.testList = { 3067 embedder.test.testList = {
3046 'testAllowTransparencyAttribute': testAllowTransparencyAttribute, 3068 'testAllowTransparencyAttribute': testAllowTransparencyAttribute,
3047 'testAutosizeHeight': testAutosizeHeight, 3069 'testAutosizeHeight': testAutosizeHeight,
3048 'testAutosizeAfterNavigation': testAutosizeAfterNavigation, 3070 'testAutosizeAfterNavigation': testAutosizeAfterNavigation,
3049 'testAutosizeBeforeNavigation': testAutosizeBeforeNavigation, 3071 'testAutosizeBeforeNavigation': testAutosizeBeforeNavigation,
3050 'testAutosizeRemoveAttributes': testAutosizeRemoveAttributes, 3072 'testAutosizeRemoveAttributes': testAutosizeRemoveAttributes,
3051 'testAutosizeWithPartialAttributes': testAutosizeWithPartialAttributes, 3073 'testAutosizeWithPartialAttributes': testAutosizeWithPartialAttributes,
3052 'testAPIMethodExistence': testAPIMethodExistence, 3074 'testAPIMethodExistence': testAPIMethodExistence,
3053 'testChromeExtensionURL': testChromeExtensionURL, 3075 'testChromeExtensionURL': testChromeExtensionURL,
3054 'testChromeExtensionRelativePath': testChromeExtensionRelativePath, 3076 'testChromeExtensionRelativePath': testChromeExtensionRelativePath,
3077 'testContentInitiatedNavigationToDataUrlBlocked':
3078 testContentInitiatedNavigationToDataUrlBlocked,
3055 'testDisplayNoneWebviewLoad': testDisplayNoneWebviewLoad, 3079 'testDisplayNoneWebviewLoad': testDisplayNoneWebviewLoad,
3056 'testDisplayNoneWebviewRemoveChild': testDisplayNoneWebviewRemoveChild, 3080 'testDisplayNoneWebviewRemoveChild': testDisplayNoneWebviewRemoveChild,
3057 'testInlineScriptFromAccessibleResources': 3081 'testInlineScriptFromAccessibleResources':
3058 testInlineScriptFromAccessibleResources, 3082 testInlineScriptFromAccessibleResources,
3059 'testInvalidChromeExtensionURL': testInvalidChromeExtensionURL, 3083 'testInvalidChromeExtensionURL': testInvalidChromeExtensionURL,
3060 'testWebRequestAPIExistence': testWebRequestAPIExistence, 3084 'testWebRequestAPIExistence': testWebRequestAPIExistence,
3061 'testWebRequestAPIAddListener': testWebRequestAPIAddListener, 3085 'testWebRequestAPIAddListener': testWebRequestAPIAddListener,
3062 'testEventName': testEventName, 3086 'testEventName': testEventName,
3063 'testOnEventProperties': testOnEventProperties, 3087 'testOnEventProperties': testOnEventProperties,
3064 'testLoadProgressEvent': testLoadProgressEvent, 3088 'testLoadProgressEvent': testLoadProgressEvent,
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
3158 testRendererNavigationRedirectWhileUnattached, 3182 testRendererNavigationRedirectWhileUnattached,
3159 'testBlobURL': testBlobURL 3183 'testBlobURL': testBlobURL
3160 }; 3184 };
3161 3185
3162 onload = function() { 3186 onload = function() {
3163 chrome.test.getConfig(function(config) { 3187 chrome.test.getConfig(function(config) {
3164 embedder.setUp_(config); 3188 embedder.setUp_(config);
3165 chrome.test.sendMessage("Launched"); 3189 chrome.test.sendMessage("Launched");
3166 }); 3190 });
3167 }; 3191 };
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/shim/guest_noreferrer.html ('k') | content/browser/BUILD.gn » ('j') | third_party/WebKit/Source/platform/network/NetworkUtils.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698