Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: extensions/test/data/web_view/apitest/main.js

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)
Patch Set: Re-block data to data navigations, rebase, address nasko comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/test/data/data_url_navigations.html ('K') | « extensions/test/data/web_view/apitest/guest_noreferrer.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: extensions/test/data/web_view/apitest/main.js
diff --git a/extensions/test/data/web_view/apitest/main.js b/extensions/test/data/web_view/apitest/main.js
index b6c734f6c3bc6e5266b33e6f7fc69a0a84ed9165..6b9fe6c0fe62bd369959aa433d962133989d52e7 100644
--- a/extensions/test/data/web_view/apitest/main.js
+++ b/extensions/test/data/web_view/apitest/main.js
@@ -19,6 +19,8 @@ embedder.setUp_ = function(config) {
embedder.redirectGuestURLDest =
embedder.baseGuestURL + '/guest_redirect.html';
embedder.windowOpenGuestURL = embedder.baseGuestURL + '/guest.html';
+ embedder.windowOpenGuestDataURL =
+ embedder.baseGuestURL + '/guest_data_url.html';
embedder.sameDocumentNavigationURL =
embedder.baseGuestURL + '/guest_same_document_navigation.html';
};
@@ -465,6 +467,28 @@ function testChromeExtensionURL() {
document.body.appendChild(webview);
}
+// This test verifies that guests are blocked from navigating the webview to a
+// data URL.
+function testContentInitiatedNavigationToDataUrlBlocked() {
+ var navUrl = "data:text/html,foo";
+ var webview = document.createElement('webview');
+ webview.addEventListener('consolemessage', function(e) {
+ if (e.message.startsWith(
+ 'Not allowed to top-level navigate to resource:')) {
+ embedder.test.succeed();
+ }
+ });
+ webview.addEventListener('loadstop', function(e) {
+ if (webview.getAttribute('src') == navUrl) {
+ embedder.test.fail();
+ }
+ });
+ webview.setAttribute('src',
+ 'data:text/html,<script>window.location.href = "' + navUrl +
+ '";</scr' + 'ipt>');
+ document.body.appendChild(webview);
+}
+
// This test verifies that the load event fires when the a new page is
// loaded.
// TODO(fsamuel): Add a test to verify that subframe loads within a guest
@@ -694,7 +718,7 @@ function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() {
webview.addEventListener('loadstop', function onLoadStop(e) {
window.console.log('2. Inject script to trigger a guest-initiated ' +
'navigation.');
- var navUrl = 'data:text/html,trigger nav';
+ var navUrl = embedder.baseGuestURL + "/empty.html";
webview.executeScript({
code: 'window.location.href = "' + navUrl + '";'
});
@@ -702,7 +726,7 @@ function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() {
window.console.log('3. Listening for the load that will be started as a ' +
'result of 2.');
webview.addEventListener('loadstart', function onLoadStart(e) {
- embedder.test.assertEq('about:blank', webview.src);
+ embedder.test.assertEq('data:text/html, initial page', webview.src);
window.console.log('4. Attempting to inject script into about:blank. ' +
'This is expected to fail.');
webview.executeScript(
@@ -721,7 +745,7 @@ function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() {
});
window.console.log('1. Performing initial navigation.');
- webview.setAttribute('src', 'about:blank');
+ webview.setAttribute('src', 'data:text/html, initial page');
document.body.appendChild(webview);
}
@@ -1229,6 +1253,12 @@ function testNavOnSrcAttributeChange() {
}
// This test verifies that new window attachment functions as expected.
+//
+// TODO(crbug.com/594215) Test that opening a new window with a data URL is
+// blocked. There is currently no way to test this, as the block message is
+// printed on the new window which never gets created, so the message is lost.
+// Also test that opening a new window with a data URL when the webview is
+// already on a data URL is allowed.
function testNewWindow() {
var webview = document.createElement('webview');
webview.addEventListener('newwindow', function(e) {
@@ -1753,6 +1783,8 @@ embedder.test.testList = {
'testCannotMutateEventName': testCannotMutateEventName,
'testChromeExtensionRelativePath': testChromeExtensionRelativePath,
'testChromeExtensionURL': testChromeExtensionURL,
+ 'testContentInitiatedNavigationToDataUrlBlocked':
+ testContentInitiatedNavigationToDataUrlBlocked,
'testContentLoadEvent': testContentLoadEvent,
'testDeclarativeWebRequestAPI': testDeclarativeWebRequestAPI,
'testDeclarativeWebRequestAPISendMessage':
« content/test/data/data_url_navigations.html ('K') | « extensions/test/data/web_view/apitest/guest_noreferrer.html ('k') | third_party/WebKit/LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698