| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/macros.h" | 5 #include "base/macros.h" |
| 6 #include "build/build_config.h" | 6 #include "build/build_config.h" |
| 7 #include "content/browser/frame_host/frame_tree.h" | 7 #include "content/browser/frame_host/frame_tree.h" |
| 8 #include "content/browser/frame_host/frame_tree_node.h" | 8 #include "content/browser/frame_host/frame_tree_node.h" |
| 9 #include "content/browser/renderer_host/render_view_host_impl.h" | 9 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 10 #include "content/browser/web_contents/web_contents_impl.h" | 10 #include "content/browser/web_contents/web_contents_impl.h" |
| (...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 275 EXPECT_TRUE( | 275 EXPECT_TRUE( |
| 276 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( | 276 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( |
| 277 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); | 277 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); |
| 278 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 278 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
| 279 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), | 279 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), |
| 280 GetOriginFromRenderer(root->child_at(0))); | 280 GetOriginFromRenderer(root->child_at(0))); |
| 281 | 281 |
| 282 GURL data_url("data:text/html,foo"); | 282 GURL data_url("data:text/html,foo"); |
| 283 EXPECT_TRUE(NavigateToURL(shell(), data_url)); | 283 EXPECT_TRUE(NavigateToURL(shell(), data_url)); |
| 284 | 284 |
| 285 // Navigating to a data URL should set a unique origin. This is represented | 285 // Navigating to a data URL should set a unique opaque origin. This is |
| 286 // as "null" per RFC 6454. | 286 // represented as "null" per RFC 6454. |
| 287 EXPECT_EQ("null", root->current_origin().Serialize()); | 287 EXPECT_EQ("null", root->current_origin().Serialize()); |
| 288 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 288 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
| 289 EXPECT_EQ("null", GetOriginFromRenderer(root)); | 289 EXPECT_EQ("null", GetOriginFromRenderer(root)); |
| 290 | 290 |
| 291 // Re-navigating to a normal URL should update the origin. | 291 // Re-navigating to a normal URL should update the origin. |
| 292 EXPECT_TRUE(NavigateToURL(shell(), main_url)); | 292 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| 293 EXPECT_EQ(main_url.GetOrigin().spec(), | 293 EXPECT_EQ(main_url.GetOrigin().spec(), |
| 294 root->current_origin().Serialize() + '/'); | 294 root->current_origin().Serialize() + '/'); |
| 295 EXPECT_EQ( | 295 EXPECT_EQ( |
| 296 main_url.GetOrigin().spec(), | 296 main_url.GetOrigin().spec(), |
| 297 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); | 297 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); |
| 298 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 298 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
| 299 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 299 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
| 300 } | 300 } |
| 301 | 301 |
| 302 // Tests a cross-origin navigation to a blob URL. The main frame initiates this | 302 // Tests a cross-origin navigation to a blob URL. The main frame initiates this |
| 303 // navigation on its grandchild. It should wind up in the main frame's process. | 303 // navigation on its grandchild. It should wind up in the main frame's process. |
| 304 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { | 304 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { |
| 305 WebContents* contents = shell()->web_contents(); | 305 WebContents* contents = shell()->web_contents(); |
| 306 FrameTreeNode* root = | 306 FrameTreeNode* root = |
| 307 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); | 307 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); |
| 308 | 308 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 335 " window.parent.parent.postMessage(\"HI\", document.origin);" | 335 " window.parent.parent.postMessage(\"HI\", document.origin);" |
| 336 " </script></body></html>'], {type: 'text/html'});" | 336 " </script></body></html>'], {type: 'text/html'});" |
| 337 "var blob_url = URL.createObjectURL(blob);" | 337 "var blob_url = URL.createObjectURL(blob);" |
| 338 "frames[0][0].location.href = blob_url;", | 338 "frames[0][0].location.href = blob_url;", |
| 339 &blob_url_string)); | 339 &blob_url_string)); |
| 340 // Wait for the RenderFrame to go away, if this will be cross-process. | 340 // Wait for the RenderFrame to go away, if this will be cross-process. |
| 341 if (AreAllSitesIsolatedForTesting()) | 341 if (AreAllSitesIsolatedForTesting()) |
| 342 deleted_observer.WaitUntilDeleted(); | 342 deleted_observer.WaitUntilDeleted(); |
| 343 EXPECT_EQ(GURL(blob_url_string), target->current_url()); | 343 EXPECT_EQ(GURL(blob_url_string), target->current_url()); |
| 344 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); | 344 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); |
| 345 EXPECT_FALSE(target->current_origin().unique()); | 345 EXPECT_FALSE(target->current_origin().opaque()); |
| 346 EXPECT_EQ("a.com", target->current_origin().host()); | 346 EXPECT_EQ("a.com", target->current_origin().host()); |
| 347 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 347 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 348 | 348 |
| 349 std::string document_body; | 349 std::string document_body; |
| 350 EXPECT_TRUE(ExecuteScriptAndExtractString( | 350 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 351 target, | 351 target, |
| 352 "domAutomationController.send(document.body.children[0].innerHTML);", | 352 "domAutomationController.send(document.body.children[0].innerHTML);", |
| 353 &document_body)); | 353 &document_body)); |
| 354 EXPECT_EQ("This is blob content.", document_body); | 354 EXPECT_EQ("This is blob content.", document_body); |
| 355 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); | 355 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); |
| (...skipping 28 matching lines...) Expand all Loading... |
| 384 " // Poll the document until it doesn't throw a SecurityError.\n" | 384 " // Poll the document until it doesn't throw a SecurityError.\n" |
| 385 " try {" | 385 " try {" |
| 386 " frames[0].document.write('Hi from ' + document.domain);" | 386 " frames[0].document.write('Hi from ' + document.domain);" |
| 387 " } catch (e) { return; }" | 387 " } catch (e) { return; }" |
| 388 " clearInterval(intervalID);" | 388 " clearInterval(intervalID);" |
| 389 " domAutomationController.send(frames[0].document.origin);" | 389 " domAutomationController.send(frames[0].document.origin);" |
| 390 "}, 16);", | 390 "}, 16);", |
| 391 &about_blank_origin)); | 391 &about_blank_origin)); |
| 392 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 392 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
| 393 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 393 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
| 394 EXPECT_FALSE(target->current_origin().unique()); | 394 EXPECT_FALSE(target->current_origin().opaque()); |
| 395 EXPECT_EQ("b.com", target->current_origin().host()); | 395 EXPECT_EQ("b.com", target->current_origin().host()); |
| 396 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 396 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 397 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 397 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
| 398 | 398 |
| 399 std::string document_body; | 399 std::string document_body; |
| 400 EXPECT_TRUE(ExecuteScriptAndExtractString( | 400 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 401 target, "domAutomationController.send(document.body.innerHTML);", | 401 target, "domAutomationController.send(document.body.innerHTML);", |
| 402 &document_body)); | 402 &document_body)); |
| 403 EXPECT_EQ("Hi from b.com", document_body); | 403 EXPECT_EQ("Hi from b.com", document_body); |
| 404 } | 404 } |
| (...skipping 29 matching lines...) Expand all Loading... |
| 434 " window.open('about:blank', 'target');" | 434 " window.open('about:blank', 'target');" |
| 435 " }" | 435 " }" |
| 436 " // May raise a SecurityError, that's expected.\n" | 436 " // May raise a SecurityError, that's expected.\n" |
| 437 " frames[0][0].document.write('Hi from ' + document.domain);" | 437 " frames[0][0].document.write('Hi from ' + document.domain);" |
| 438 " clearInterval(intervalID);" | 438 " clearInterval(intervalID);" |
| 439 " domAutomationController.send(frames[0][0].document.origin);" | 439 " domAutomationController.send(frames[0][0].document.origin);" |
| 440 "}, 16);", | 440 "}, 16);", |
| 441 &about_blank_origin)); | 441 &about_blank_origin)); |
| 442 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 442 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
| 443 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 443 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
| 444 EXPECT_FALSE(target->current_origin().unique()); | 444 EXPECT_FALSE(target->current_origin().opaque()); |
| 445 EXPECT_EQ("a.com", target->current_origin().host()); | 445 EXPECT_EQ("a.com", target->current_origin().host()); |
| 446 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 446 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 447 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 447 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
| 448 | 448 |
| 449 std::string document_body; | 449 std::string document_body; |
| 450 EXPECT_TRUE(ExecuteScriptAndExtractString( | 450 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 451 target, "domAutomationController.send(document.body.innerHTML);", | 451 target, "domAutomationController.send(document.body.innerHTML);", |
| 452 &document_body)); | 452 &document_body)); |
| 453 EXPECT_EQ("Hi from a.com", document_body); | 453 EXPECT_EQ("Hi from a.com", document_body); |
| 454 } | 454 } |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 532 EXPECT_EQ(blink::WebSandboxFlags::All, | 532 EXPECT_EQ(blink::WebSandboxFlags::All, |
| 533 root->child_at(0)->effective_sandbox_flags()); | 533 root->child_at(0)->effective_sandbox_flags()); |
| 534 EXPECT_EQ(blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts & | 534 EXPECT_EQ(blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts & |
| 535 ~blink::WebSandboxFlags::AutomaticFeatures, | 535 ~blink::WebSandboxFlags::AutomaticFeatures, |
| 536 root->child_at(1)->effective_sandbox_flags()); | 536 root->child_at(1)->effective_sandbox_flags()); |
| 537 EXPECT_EQ(blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts & | 537 EXPECT_EQ(blink::WebSandboxFlags::All & ~blink::WebSandboxFlags::Scripts & |
| 538 ~blink::WebSandboxFlags::AutomaticFeatures & | 538 ~blink::WebSandboxFlags::AutomaticFeatures & |
| 539 ~blink::WebSandboxFlags::Origin, | 539 ~blink::WebSandboxFlags::Origin, |
| 540 root->child_at(2)->effective_sandbox_flags()); | 540 root->child_at(2)->effective_sandbox_flags()); |
| 541 | 541 |
| 542 // Sandboxed frames should set a unique origin unless they have the | 542 // Sandboxed frames should set a unique opaque origin unless they have the |
| 543 // "allow-same-origin" directive. | 543 // "allow-same-origin" directive. |
| 544 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); | 544 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); |
| 545 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); | 545 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); |
| 546 EXPECT_EQ(main_url.GetOrigin().spec(), | 546 EXPECT_EQ(main_url.GetOrigin().spec(), |
| 547 root->child_at(2)->current_origin().Serialize() + "/"); | 547 root->child_at(2)->current_origin().Serialize() + "/"); |
| 548 | 548 |
| 549 // Navigating to a different URL should not clear sandbox flags. | 549 // Navigating to a different URL should not clear sandbox flags. |
| 550 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); | 550 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); |
| 551 NavigateFrameToURL(root->child_at(0), frame_url); | 551 NavigateFrameToURL(root->child_at(0), frame_url); |
| 552 EXPECT_EQ(blink::WebSandboxFlags::All, | 552 EXPECT_EQ(blink::WebSandboxFlags::All, |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 686 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', | 686 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', |
| 687 cross_site_url.GetOrigin().spec()); | 687 cross_site_url.GetOrigin().spec()); |
| 688 | 688 |
| 689 // The root's origin shouldn't have changed. | 689 // The root's origin shouldn't have changed. |
| 690 EXPECT_EQ(root->current_origin().Serialize() + '/', | 690 EXPECT_EQ(root->current_origin().Serialize() + '/', |
| 691 main_url.GetOrigin().spec()); | 691 main_url.GetOrigin().spec()); |
| 692 | 692 |
| 693 GURL data_url("data:text/html,foo"); | 693 GURL data_url("data:text/html,foo"); |
| 694 NavigateFrameToURL(root->child_at(1), data_url); | 694 NavigateFrameToURL(root->child_at(1), data_url); |
| 695 | 695 |
| 696 // Navigating to a data URL should set a unique origin. This is represented | 696 // Navigating to a data URL should set a unique opaque origin. This is |
| 697 // as "null" per RFC 6454. | 697 // represented as "null" per RFC 6454. |
| 698 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); | 698 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); |
| 699 } | 699 } |
| 700 | 700 |
| 701 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top | 701 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top |
| 702 // level domain. This is an analogue to --isolate-extensions that we use inside | 702 // level domain. This is an analogue to --isolate-extensions that we use inside |
| 703 // of content_browsertests, where extensions don't exist. Iceland, like an | 703 // of content_browsertests, where extensions don't exist. Iceland, like an |
| 704 // extension process, is a special place with magical powers; we want to protect | 704 // extension process, is a special place with magical powers; we want to protect |
| 705 // it from outsiders. | 705 // it from outsiders. |
| 706 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { | 706 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { |
| 707 public: | 707 public: |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 755 // Make sure we did a process transfer back to "b.is". | 755 // Make sure we did a process transfer back to "b.is". |
| 756 EXPECT_EQ( | 756 EXPECT_EQ( |
| 757 " Site A ------------ proxies for B\n" | 757 " Site A ------------ proxies for B\n" |
| 758 " +--Site B ------- proxies for A\n" | 758 " +--Site B ------- proxies for A\n" |
| 759 "Where A = http://a.com/\n" | 759 "Where A = http://a.com/\n" |
| 760 " B = http://b.is/", | 760 " B = http://b.is/", |
| 761 FrameTreeVisualizer().DepictFrameTree(root)); | 761 FrameTreeVisualizer().DepictFrameTree(root)); |
| 762 } | 762 } |
| 763 | 763 |
| 764 } // namespace content | 764 } // namespace content |
| OLD | NEW |