Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(492)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/test/data/data_url_navigations.html

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)
Patch Set: Re-block data to data navigations, rebase, address nasko comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/renderer/render_frame_impl.cc ('K') | « content/test/BUILD.gn ('k') | extensions/browser/guest_view/web_view/web_view_apitest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/test/data/data_url_navigations.html
diff --git a/content/test/data/data_url_navigations.html b/content/test/data/data_url_navigations.html
new file mode 100644
index 0000000000000000000000000000000000000000..8b9499f2347b671e86f315f78167aa69051f8ef4
--- /dev/null
+++ b/content/test/data/data_url_navigations.html
@@ -0,0 +1,107 @@
+<html>
+
+<h3>HTML mimetype</h3>
+
+<button id='navigate-top-frame-to-html'
+ onclick='top.location.href=`data:text/html,
+ <script>console.log(&quot;NAVIGATION_SUCCESSFUL&quot;)</script>`'>
+ Navigate top frame to data URL HTML
+</button>
+<br>
+<button id='window-open-html'
+ onclick='window.open(`data:text/html,
+ <script>console.log(&quot;NAVIGATION_SUCCESSFUL&quot;)</script>`);'>
+ Open new window with a data URL HTML
+</button>
+<br>
+<form method="post" action="data:text/html,
+ <script>console.log('NAVIGATION_SUCCESSFUL')</script>">
+ <input type=submit id='form-post-to-html'
+ value="Submit form to data URL HTML">
+</form>
+
+<h3>octet-stream mimetype</h3>
+
+<button id='navigate-top-frame-to-octetstream'
+ onclick='top.location.href=`data:application/octet-stream,test`'>
+ Navigate top frame to data URL octet-stream
+</button>
+<br>
+<button id='window-open-octetstream'
+ onclick='window.open(`data:application/octet-stream,test`)'>
+ Open new window with a data URL octet-stream
+</button>
+<form method="post" action="data:application/octet-stream,test">
+ <input type=submit id='form-post-to-octetstream'
+ value="Submit form to data URL octet-stream">
+</form>
+<h3>PDF mimetype</h3>
+
+<button id='navigate-top-frame-to-pdf'
+ onclick='top.location.href=`data:application/pdf;base64,
+ JVBERi0xLjcKMSAwIG9iaiA8PCAvVHlwZSAvUGFnZSAvUG
+ FyZW50IDMgMCBSIC9SZXNvdXJjZXMgNSAwIFIgL0NvbnRlbnRzIDIgMCBSID4+CmVuZG9iagoy
+ IDAgb2JqIDw8IC9MZW5ndGggNTEgPj4KIHN0cmVhbSBCVAogL0YxIDEyIFRmCiAxIDAgMCAxID
+ EwMCAyMCBUbQogKEhlbGxvIFdvcmxkKVRqCiBFVAogZW5kc3RyZWFtCmVuZG9iagozIDAgb2Jq
+ IDw8IC9UeXBlIC9QYWdlcyAvS2lkcyBbIDEgMCBSIF0gL0NvdW50IDEgL01lZGlhQm94IFsgMC
+ AwIDMwMCA1MF0gPj4KZW5kb2JqCjQgMCBvYmogPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1R5
+ cGUxIC9OYW1lIC9GMSAvQmFzZUZvbnQvQXJpYWwgPj4KZW5kb2JqCjUgMCBvYmogPDwgL1Byb2
+ NTZXRbL1BERi9UZXh0XSAvRm9udCA8PC9GMSA0IDAgUiA+PiA+PgplbmRvYmoKNiAwIG9iaiA8
+ PCAvVHlwZSAvQ2F0YWxvZyAvUGFnZXMgMyAwIFIgPj4KZW5kb2JqCnRyYWlsZXIgPDwgL1Jvb3
+ QgNiAwIFIgPj4K`'>
+ Navigate top frame to data URL PDF
+</button>
+<br>
+<button id='window-open-pdf'
+ onclick='window.open(`data:application/pdf;base64,
+ JVBERi0xLjcKMSAwIG9iaiA8PCAvVHlwZSAvUGFnZSAvUG
+ FyZW50IDMgMCBSIC9SZXNvdXJjZXMgNSAwIFIgL0NvbnRlbnRzIDIgMCBSID4+CmVuZG9iagoy
+ IDAgb2JqIDw8IC9MZW5ndGggNTEgPj4KIHN0cmVhbSBCVAogL0YxIDEyIFRmCiAxIDAgMCAxID
+ EwMCAyMCBUbQogKEhlbGxvIFdvcmxkKVRqCiBFVAogZW5kc3RyZWFtCmVuZG9iagozIDAgb2Jq
+ IDw8IC9UeXBlIC9QYWdlcyAvS2lkcyBbIDEgMCBSIF0gL0NvdW50IDEgL01lZGlhQm94IFsgMC
+ AwIDMwMCA1MF0gPj4KZW5kb2JqCjQgMCBvYmogPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1R5
+ cGUxIC9OYW1lIC9GMSAvQmFzZUZvbnQvQXJpYWwgPj4KZW5kb2JqCjUgMCBvYmogPDwgL1Byb2
+ NTZXRbL1BERi9UZXh0XSAvRm9udCA8PC9GMSA0IDAgUiA+PiA+PgplbmRvYmoKNiAwIG9iaiA8
+ PCAvVHlwZSAvQ2F0YWxvZyAvUGFnZXMgMyAwIFIgPj4KZW5kb2JqCnRyYWlsZXIgPDwgL1Jvb3
+ QgNiAwIFIgPj4K`)'>
+ Open new window with a data URL PDF
+</button>
+<br>
+<form method="post" action='data:application/pdf;base64,
+ JVBERi0xLjcKMSAwIG9iaiA8PCAvVHlwZSAvUGFnZSAvUG
+ FyZW50IDMgMCBSIC9SZXNvdXJjZXMgNSAwIFIgL0NvbnRlbnRzIDIgMCBSID4+CmVuZG9iagoy
+ IDAgb2JqIDw8IC9MZW5ndGggNTEgPj4KIHN0cmVhbSBCVAogL0YxIDEyIFRmCiAxIDAgMCAxID
+ EwMCAyMCBUbQogKEhlbGxvIFdvcmxkKVRqCiBFVAogZW5kc3RyZWFtCmVuZG9iagozIDAgb2Jq
+ IDw8IC9UeXBlIC9QYWdlcyAvS2lkcyBbIDEgMCBSIF0gL0NvdW50IDEgL01lZGlhQm94IFsgMC
+ AwIDMwMCA1MF0gPj4KZW5kb2JqCjQgMCBvYmogPDwgL1R5cGUgL0ZvbnQgL1N1YnR5cGUgL1R5
+ cGUxIC9OYW1lIC9GMSAvQmFzZUZvbnQvQXJpYWwgPj4KZW5kb2JqCjUgMCBvYmogPDwgL1Byb2
+ NTZXRbL1BERi9UZXh0XSAvRm9udCA8PC9GMSA0IDAgUiA+PiA+PgplbmRvYmoKNiAwIG9iaiA8
+ PCAvVHlwZSAvQ2F0YWxvZyAvUGFnZXMgMyAwIFIgPj4KZW5kb2JqCnRyYWlsZXIgPDwgL1Jvb3
+ QgNiAwIFIgPj4K'>
+ <input type=submit id='form-post-to-pdf'
+ value="Submit form to data URL PDF">
+</form>
+
+<h3>Unknown mimetype</h3>
+
+<button id='navigate-top-frame-to-unknown-mimetype'
+ onclick='top.location.href=`data:application/octet-stream,test`'>
nasko 2017/04/05 23:55:19 Shouldn't this be a different mime type? We alread
meacer 2017/04/06 01:25:42 Done.
+ Navigate top frame to data URL unknown mimetype
+</button>
+<br>
+<button id='window-open-unknown-mimetype'
+ onclick='window.open(`data:application/octet-stream,test`)'>
+ Open new window with a data URL unknown mimetype
+</button>
+<form method="post" action="data:application/octet-stream,test">
+ <input type=submit id='form-post-to-unknown-mimetype'
+ value='Submit form to data URL unkown mimetype'>
+</form>
+
+<script>
+if (window.domAutomationController) {
+ window.domAutomationController.setAutomationId(0);
+ window.domAutomationController.send(true);
+}
+</script>
+</html>
« content/renderer/render_frame_impl.cc ('K') | « content/test/BUILD.gn ('k') | extensions/browser/guest_view/web_view/web_view_apitest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698