| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/macros.h" | 5 #include "base/macros.h" |
| 6 #include "base/run_loop.h" | 6 #include "base/run_loop.h" |
| 7 #include "base/strings/pattern.h" | 7 #include "base/strings/pattern.h" |
| 8 #include "base/strings/utf_string_conversions.h" | 8 #include "base/strings/utf_string_conversions.h" |
| 9 #include "base/values.h" | 9 #include "base/values.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 783 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 794 ASSERT_TRUE(embedded_test_server()->Start()); | 794 ASSERT_TRUE(embedded_test_server()->Start()); |
| 795 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | 795 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); |
| 796 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec()); | 796 const GURL kViewSourceURL(kViewSourceScheme + std::string(":") + kUrl.spec()); |
| 797 NavigateToURL(shell(), kUrl); | 797 NavigateToURL(shell(), kUrl); |
| 798 | 798 |
| 799 ShellAddedObserver new_shell_observer; | 799 ShellAddedObserver new_shell_observer; |
| 800 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | 800 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), |
| 801 "window.open('" + kViewSourceURL.spec() + "');")); | 801 "window.open('" + kViewSourceURL.spec() + "');")); |
| 802 Shell* new_shell = new_shell_observer.GetShell(); | 802 Shell* new_shell = new_shell_observer.GetShell(); |
| 803 WaitForLoadStop(new_shell->web_contents()); | 803 WaitForLoadStop(new_shell->web_contents()); |
| 804 EXPECT_EQ("", new_shell->web_contents()->GetURL().spec()); | 804 EXPECT_TRUE(new_shell->web_contents()->GetURL().spec().empty()); |
| 805 // No navigation should commit. | 805 // No navigation should commit. |
| 806 EXPECT_FALSE( | 806 EXPECT_FALSE( |
| 807 new_shell->web_contents()->GetController().GetLastCommittedEntry()); | 807 new_shell->web_contents()->GetController().GetLastCommittedEntry()); |
| 808 } | 808 } |
| 809 | 809 |
| 810 // Test that a content initiated navigation to a view-source URL is blocked. | 810 // Test that a content initiated navigation to a view-source URL is blocked. |
| 811 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, | 811 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, |
| 812 ViewSourceRedirect_ShouldBeBlocked) { | 812 ViewSourceRedirect_ShouldBeBlocked) { |
| 813 ASSERT_TRUE(embedded_test_server()->Start()); | 813 ASSERT_TRUE(embedded_test_server()->Start()); |
| 814 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | 814 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 841 const GURL kGURL(kUrl); | 841 const GURL kGURL(kUrl); |
| 842 NavigateToURL(shell(), kGURL); | 842 NavigateToURL(shell(), kGURL); |
| 843 EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle()); | 843 EXPECT_EQ(base::ASCIIToUTF16(kUrl), shell()->web_contents()->GetTitle()); |
| 844 EXPECT_TRUE(shell() | 844 EXPECT_TRUE(shell() |
| 845 ->web_contents() | 845 ->web_contents() |
| 846 ->GetController() | 846 ->GetController() |
| 847 .GetLastCommittedEntry() | 847 .GetLastCommittedEntry() |
| 848 ->IsViewSourceMode()); | 848 ->IsViewSourceMode()); |
| 849 } | 849 } |
| 850 | 850 |
| 851 namespace { | |
| 852 const char kDataUrlWarningPattern[] = | |
| 853 "Upcoming versions will block content-initiated top frame navigations*"; | |
| 854 | |
| 855 // This class listens for console messages other than the data: URL warning. It | |
| 856 // fails the test if it sees a data: URL warning. | |
| 857 class NoDataURLWarningConsoleObserverDelegate : public ConsoleObserverDelegate { | |
| 858 public: | |
| 859 using ConsoleObserverDelegate::ConsoleObserverDelegate; | |
| 860 // WebContentsDelegate method: | |
| 861 bool DidAddMessageToConsole(WebContents* source, | |
| 862 int32_t level, | |
| 863 const base::string16& message, | |
| 864 int32_t line_no, | |
| 865 const base::string16& source_id) override { | |
| 866 std::string ascii_message = base::UTF16ToASCII(message); | |
| 867 EXPECT_FALSE(base::MatchPattern(ascii_message, kDataUrlWarningPattern)); | |
| 868 return ConsoleObserverDelegate::DidAddMessageToConsole( | |
| 869 source, level, message, line_no, source_id); | |
| 870 } | |
| 871 }; | |
| 872 | |
| 873 } // namespace | |
| 874 | |
| 875 // Test that a direct navigation to a data URL doesn't show a console warning. | |
| 876 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLDirectNavigation) { | |
| 877 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 878 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 879 | |
| 880 NoDataURLWarningConsoleObserverDelegate console_delegate( | |
| 881 shell()->web_contents(), "FINISH"); | |
| 882 shell()->web_contents()->SetDelegate(&console_delegate); | |
| 883 | |
| 884 NavigateToURL( | |
| 885 shell(), | |
| 886 GURL("data:text/html,<html><script>console.log('FINISH');</script>")); | |
| 887 console_delegate.Wait(); | |
| 888 EXPECT_TRUE(shell()->web_contents()->GetURL().SchemeIs(url::kDataScheme)); | |
| 889 EXPECT_FALSE( | |
| 890 base::MatchPattern(console_delegate.message(), kDataUrlWarningPattern)); | |
| 891 } | |
| 892 | |
| 893 // Test that window.open to a data URL shows a console warning. | |
| 894 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, | |
| 895 DataURLWindowOpen_ShouldWarn) { | |
| 896 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 897 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 898 NavigateToURL(shell(), kUrl); | |
| 899 | |
| 900 ShellAddedObserver new_shell_observer; | |
| 901 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 902 "window.open('data:text/plain,test');")); | |
| 903 Shell* new_shell = new_shell_observer.GetShell(); | |
| 904 | |
| 905 ConsoleObserverDelegate console_delegate( | |
| 906 new_shell->web_contents(), | |
| 907 "Upcoming versions will block content-initiated top frame navigations*"); | |
| 908 new_shell->web_contents()->SetDelegate(&console_delegate); | |
| 909 console_delegate.Wait(); | |
| 910 EXPECT_TRUE(new_shell->web_contents()->GetURL().SchemeIs(url::kDataScheme)); | |
| 911 } | |
| 912 | |
| 913 // Test that a content initiated navigation to a data URL shows a console | |
| 914 // warning. | |
| 915 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLRedirect_ShouldWarn) { | |
| 916 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 917 const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html")); | |
| 918 NavigateToURL(shell(), kUrl); | |
| 919 | |
| 920 ConsoleObserverDelegate console_delegate( | |
| 921 shell()->web_contents(), | |
| 922 "Upcoming versions will block content-initiated top frame navigations*"); | |
| 923 shell()->web_contents()->SetDelegate(&console_delegate); | |
| 924 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 925 "window.location.href = 'data:text/plain,test';")); | |
| 926 console_delegate.Wait(); | |
| 927 EXPECT_TRUE(shell() | |
| 928 ->web_contents() | |
| 929 ->GetController() | |
| 930 .GetLastCommittedEntry() | |
| 931 ->GetURL() | |
| 932 .SchemeIs(url::kDataScheme)); | |
| 933 } | |
| 934 | |
| 935 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) { | 851 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) { |
| 936 ASSERT_TRUE(embedded_test_server()->Start()); | 852 ASSERT_TRUE(embedded_test_server()->Start()); |
| 937 | 853 |
| 938 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html"); | 854 GURL url = embedded_test_server()->GetURL("/click-noreferrer-links.html"); |
| 939 EXPECT_TRUE(NavigateToURL(shell(), url)); | 855 EXPECT_TRUE(NavigateToURL(shell(), url)); |
| 940 | 856 |
| 941 { | 857 { |
| 942 ShellAddedObserver new_shell_observer; | 858 ShellAddedObserver new_shell_observer; |
| 943 | 859 |
| 944 // Open a new, named window. | 860 // Open a new, named window. |
| (...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1473 ASSERT_TRUE(saw_override); | 1389 ASSERT_TRUE(saw_override); |
| 1474 | 1390 |
| 1475 BrowserThread::PostTask( | 1391 BrowserThread::PostTask( |
| 1476 BrowserThread::IO, FROM_HERE, | 1392 BrowserThread::IO, FROM_HERE, |
| 1477 base::Bind(&ResourceDispatcherHost::SetDelegate, | 1393 base::Bind(&ResourceDispatcherHost::SetDelegate, |
| 1478 base::Unretained(ResourceDispatcherHostImpl::Get()), | 1394 base::Unretained(ResourceDispatcherHostImpl::Get()), |
| 1479 old_delegate)); | 1395 old_delegate)); |
| 1480 } | 1396 } |
| 1481 | 1397 |
| 1482 } // namespace content | 1398 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702503002:
Block renderer-initiated main frame navigations to data URLs (Closed)
