chrome/test/data/extensions/platform_apps/web_view/shim/main.js - Issue 2702503002: Block renderer-initiated main frame navigations to data URLs

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/test/data/extensions/platform_apps/web_view/shim/main.js

Issue 2702503002: Block renderer-initiated main frame navigations to data URLs (Closed)

Patch Set: nasko comments Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/test/data/extensions/platform_apps/web_view/shim/guest_noreferrer.html ('k') | content/browser/BUILD.gn » ('j') | third_party/WebKit/Source/platform/network/NetworkUtils.cpp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/test/data/extensions/platform_apps/web_view/shim/main.js

diff --git a/chrome/test/data/extensions/platform_apps/web_view/shim/main.js b/chrome/test/data/extensions/platform_apps/web_view/shim/main.js

index ddabbcd9030fb80066bfd819e024afe440da5e38..dfab8b9877ae4f55b3df9df78114624268c72d3a 100644

--- a/chrome/test/data/extensions/platform_apps/web_view/shim/main.js

+++ b/chrome/test/data/extensions/platform_apps/web_view/shim/main.js

@@ -430,6 +430,28 @@ function testChromeExtensionRelativePath() {

document.body.appendChild(webview);

}

+// This test verifies that guests are blocked from navigating the webview to a

+// data URL.

+function testContentInitiatedNavigationToDataUrlBlocked() {

+ var navUrl = "data:text/html,foo";

+ var webview = document.createElement('webview');

+ webview.addEventListener('consolemessage', function(e) {

+ if (e.message.startsWith(

+ 'Not allowed to top-level navigate to resource:')) {

+ embedder.test.succeed();

+ }

+ });

+ webview.addEventListener('loadstop', function(e) {

+ if (webview.getAttribute('src') == navUrl) {

+ embedder.test.fail();

+ }

+ });

+ webview.setAttribute('src',

+ 'data:text/html,<script>window.location.href = "' + navUrl +

+ '";</scr' + 'ipt>');

+ document.body.appendChild(webview);

// Tests that a <webview> that starts with "display: none" style loads

// properly.

function testDisplayNoneWebviewLoad() {

@@ -1313,7 +1335,7 @@ function testExecuteScriptIsAbortedWhenWebViewSourceIsChanged() {

webview.addEventListener('loadstop', function onLoadStop(e) {

window.console.log('2. Inject script to trigger a guest-initiated ' +

'navigation.');

- var navUrl = 'data:text/html,trigger nav';

+ var navUrl = embedder.baseGuestURL + "/empty.html";

webview.executeScript({

code: 'window.location.href = "' + navUrl + '";'

});

@@ -3052,6 +3074,8 @@ embedder.test.testList = {

'testAPIMethodExistence': testAPIMethodExistence,

'testChromeExtensionURL': testChromeExtensionURL,

'testChromeExtensionRelativePath': testChromeExtensionRelativePath,

+ 'testContentInitiatedNavigationToDataUrlBlocked':

+ testContentInitiatedNavigationToDataUrlBlocked,

'testDisplayNoneWebviewLoad': testDisplayNoneWebviewLoad,

'testDisplayNoneWebviewRemoveChild': testDisplayNoneWebviewRemoveChild,

'testInlineScriptFromAccessibleResources':