OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
6 #include "base/macros.h" | 6 #include "base/macros.h" |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 #include "content/browser/frame_host/frame_tree.h" | 8 #include "content/browser/frame_host/frame_tree.h" |
9 #include "content/browser/frame_host/frame_tree_node.h" | 9 #include "content/browser/frame_host/frame_tree_node.h" |
10 #include "content/browser/renderer_host/render_view_host_impl.h" | 10 #include "content/browser/renderer_host/render_view_host_impl.h" |
(...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
267 EXPECT_TRUE( | 267 EXPECT_TRUE( |
268 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( | 268 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( |
269 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); | 269 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); |
270 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 270 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
271 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), | 271 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), |
272 GetOriginFromRenderer(root->child_at(0))); | 272 GetOriginFromRenderer(root->child_at(0))); |
273 | 273 |
274 GURL data_url("data:text/html,foo"); | 274 GURL data_url("data:text/html,foo"); |
275 EXPECT_TRUE(NavigateToURL(shell(), data_url)); | 275 EXPECT_TRUE(NavigateToURL(shell(), data_url)); |
276 | 276 |
277 // Navigating to a data URL should set a unique origin. This is represented | 277 // Navigating to a data URL should set a unique opaque origin. This is |
278 // as "null" per RFC 6454. | 278 // represented as "null" per RFC 6454. |
279 EXPECT_EQ("null", root->current_origin().Serialize()); | 279 EXPECT_EQ("null", root->current_origin().Serialize()); |
280 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 280 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
281 EXPECT_EQ("null", GetOriginFromRenderer(root)); | 281 EXPECT_EQ("null", GetOriginFromRenderer(root)); |
282 | 282 |
283 // Re-navigating to a normal URL should update the origin. | 283 // Re-navigating to a normal URL should update the origin. |
284 EXPECT_TRUE(NavigateToURL(shell(), main_url)); | 284 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
285 EXPECT_EQ(main_url.GetOrigin().spec(), | 285 EXPECT_EQ(main_url.GetOrigin().spec(), |
286 root->current_origin().Serialize() + '/'); | 286 root->current_origin().Serialize() + '/'); |
287 EXPECT_EQ( | 287 EXPECT_EQ( |
288 main_url.GetOrigin().spec(), | 288 main_url.GetOrigin().spec(), |
289 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); | 289 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); |
290 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 290 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
291 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 291 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
292 } | 292 } |
293 | 293 |
294 // Tests a cross-origin navigation to a blob URL. The main frame initiates this | 294 // Tests a cross-origin navigation to a blob URL. The main frame initiates this |
295 // navigation on its grandchild. It should wind up in the main frame's process. | 295 // navigation on its grandchild. It should wind up in the main frame's process. |
296 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { | 296 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { |
297 WebContents* contents = shell()->web_contents(); | 297 WebContents* contents = shell()->web_contents(); |
298 FrameTreeNode* root = | 298 FrameTreeNode* root = |
299 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); | 299 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); |
300 | 300 |
(...skipping 26 matching lines...) Expand all Loading... |
327 " window.parent.parent.postMessage(\"HI\", document.origin);" | 327 " window.parent.parent.postMessage(\"HI\", document.origin);" |
328 " </script></body></html>'], {type: 'text/html'});" | 328 " </script></body></html>'], {type: 'text/html'});" |
329 "var blob_url = URL.createObjectURL(blob);" | 329 "var blob_url = URL.createObjectURL(blob);" |
330 "frames[0][0].location.href = blob_url;", | 330 "frames[0][0].location.href = blob_url;", |
331 &blob_url_string)); | 331 &blob_url_string)); |
332 // Wait for the RenderFrame to go away, if this will be cross-process. | 332 // Wait for the RenderFrame to go away, if this will be cross-process. |
333 if (AreAllSitesIsolatedForTesting()) | 333 if (AreAllSitesIsolatedForTesting()) |
334 deleted_observer.WaitUntilDeleted(); | 334 deleted_observer.WaitUntilDeleted(); |
335 EXPECT_EQ(GURL(blob_url_string), target->current_url()); | 335 EXPECT_EQ(GURL(blob_url_string), target->current_url()); |
336 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); | 336 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); |
337 EXPECT_FALSE(target->current_origin().unique()); | 337 EXPECT_FALSE(target->current_origin().opaque()); |
338 EXPECT_EQ("a.com", target->current_origin().host()); | 338 EXPECT_EQ("a.com", target->current_origin().host()); |
339 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 339 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
340 | 340 |
341 std::string document_body; | 341 std::string document_body; |
342 EXPECT_TRUE(ExecuteScriptAndExtractString( | 342 EXPECT_TRUE(ExecuteScriptAndExtractString( |
343 target, | 343 target, |
344 "domAutomationController.send(document.body.children[0].innerHTML);", | 344 "domAutomationController.send(document.body.children[0].innerHTML);", |
345 &document_body)); | 345 &document_body)); |
346 EXPECT_EQ("This is blob content.", document_body); | 346 EXPECT_EQ("This is blob content.", document_body); |
347 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); | 347 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); |
(...skipping 28 matching lines...) Expand all Loading... |
376 " // Poll the document until it doesn't throw a SecurityError.\n" | 376 " // Poll the document until it doesn't throw a SecurityError.\n" |
377 " try {" | 377 " try {" |
378 " frames[0].document.write('Hi from ' + document.domain);" | 378 " frames[0].document.write('Hi from ' + document.domain);" |
379 " } catch (e) { return; }" | 379 " } catch (e) { return; }" |
380 " clearInterval(intervalID);" | 380 " clearInterval(intervalID);" |
381 " domAutomationController.send(frames[0].document.origin);" | 381 " domAutomationController.send(frames[0].document.origin);" |
382 "}, 16);", | 382 "}, 16);", |
383 &about_blank_origin)); | 383 &about_blank_origin)); |
384 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 384 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
385 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 385 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
386 EXPECT_FALSE(target->current_origin().unique()); | 386 EXPECT_FALSE(target->current_origin().opaque()); |
387 EXPECT_EQ("b.com", target->current_origin().host()); | 387 EXPECT_EQ("b.com", target->current_origin().host()); |
388 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 388 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
389 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 389 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
390 | 390 |
391 std::string document_body; | 391 std::string document_body; |
392 EXPECT_TRUE(ExecuteScriptAndExtractString( | 392 EXPECT_TRUE(ExecuteScriptAndExtractString( |
393 target, "domAutomationController.send(document.body.innerHTML);", | 393 target, "domAutomationController.send(document.body.innerHTML);", |
394 &document_body)); | 394 &document_body)); |
395 EXPECT_EQ("Hi from b.com", document_body); | 395 EXPECT_EQ("Hi from b.com", document_body); |
396 } | 396 } |
(...skipping 29 matching lines...) Expand all Loading... |
426 " window.open('about:blank', 'target');" | 426 " window.open('about:blank', 'target');" |
427 " }" | 427 " }" |
428 " // May raise a SecurityError, that's expected.\n" | 428 " // May raise a SecurityError, that's expected.\n" |
429 " frames[0][0].document.write('Hi from ' + document.domain);" | 429 " frames[0][0].document.write('Hi from ' + document.domain);" |
430 " clearInterval(intervalID);" | 430 " clearInterval(intervalID);" |
431 " domAutomationController.send(frames[0][0].document.origin);" | 431 " domAutomationController.send(frames[0][0].document.origin);" |
432 "}, 16);", | 432 "}, 16);", |
433 &about_blank_origin)); | 433 &about_blank_origin)); |
434 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 434 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
435 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 435 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
436 EXPECT_FALSE(target->current_origin().unique()); | 436 EXPECT_FALSE(target->current_origin().opaque()); |
437 EXPECT_EQ("a.com", target->current_origin().host()); | 437 EXPECT_EQ("a.com", target->current_origin().host()); |
438 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 438 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
439 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 439 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
440 | 440 |
441 std::string document_body; | 441 std::string document_body; |
442 EXPECT_TRUE(ExecuteScriptAndExtractString( | 442 EXPECT_TRUE(ExecuteScriptAndExtractString( |
443 target, "domAutomationController.send(document.body.innerHTML);", | 443 target, "domAutomationController.send(document.body.innerHTML);", |
444 &document_body)); | 444 &document_body)); |
445 EXPECT_EQ("Hi from a.com", document_body); | 445 EXPECT_EQ("Hi from a.com", document_body); |
446 } | 446 } |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
524 EXPECT_EQ(blink::WebSandboxFlags::kAll, | 524 EXPECT_EQ(blink::WebSandboxFlags::kAll, |
525 root->child_at(0)->effective_sandbox_flags()); | 525 root->child_at(0)->effective_sandbox_flags()); |
526 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & | 526 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & |
527 ~blink::WebSandboxFlags::kAutomaticFeatures, | 527 ~blink::WebSandboxFlags::kAutomaticFeatures, |
528 root->child_at(1)->effective_sandbox_flags()); | 528 root->child_at(1)->effective_sandbox_flags()); |
529 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & | 529 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & |
530 ~blink::WebSandboxFlags::kAutomaticFeatures & | 530 ~blink::WebSandboxFlags::kAutomaticFeatures & |
531 ~blink::WebSandboxFlags::kOrigin, | 531 ~blink::WebSandboxFlags::kOrigin, |
532 root->child_at(2)->effective_sandbox_flags()); | 532 root->child_at(2)->effective_sandbox_flags()); |
533 | 533 |
534 // Sandboxed frames should set a unique origin unless they have the | 534 // Sandboxed frames should set a unique opaque origin unless they have the |
535 // "allow-same-origin" directive. | 535 // "allow-same-origin" directive. |
536 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); | 536 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); |
537 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); | 537 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); |
538 EXPECT_EQ(main_url.GetOrigin().spec(), | 538 EXPECT_EQ(main_url.GetOrigin().spec(), |
539 root->child_at(2)->current_origin().Serialize() + "/"); | 539 root->child_at(2)->current_origin().Serialize() + "/"); |
540 | 540 |
541 // Navigating to a different URL should not clear sandbox flags. | 541 // Navigating to a different URL should not clear sandbox flags. |
542 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); | 542 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); |
543 NavigateFrameToURL(root->child_at(0), frame_url); | 543 NavigateFrameToURL(root->child_at(0), frame_url); |
544 EXPECT_EQ(blink::WebSandboxFlags::kAll, | 544 EXPECT_EQ(blink::WebSandboxFlags::kAll, |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
678 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', | 678 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', |
679 cross_site_url.GetOrigin().spec()); | 679 cross_site_url.GetOrigin().spec()); |
680 | 680 |
681 // The root's origin shouldn't have changed. | 681 // The root's origin shouldn't have changed. |
682 EXPECT_EQ(root->current_origin().Serialize() + '/', | 682 EXPECT_EQ(root->current_origin().Serialize() + '/', |
683 main_url.GetOrigin().spec()); | 683 main_url.GetOrigin().spec()); |
684 | 684 |
685 GURL data_url("data:text/html,foo"); | 685 GURL data_url("data:text/html,foo"); |
686 NavigateFrameToURL(root->child_at(1), data_url); | 686 NavigateFrameToURL(root->child_at(1), data_url); |
687 | 687 |
688 // Navigating to a data URL should set a unique origin. This is represented | 688 // Navigating to a data URL should set a unique opaque origin. This is |
689 // as "null" per RFC 6454. | 689 // represented as "null" per RFC 6454. |
690 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); | 690 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); |
691 } | 691 } |
692 | 692 |
693 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top | 693 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top |
694 // level domain. This is an analogue to isolating extensions, which we can use | 694 // level domain. This is an analogue to isolating extensions, which we can use |
695 // inside content_browsertests, where extensions don't exist. Iceland, like an | 695 // inside content_browsertests, where extensions don't exist. Iceland, like an |
696 // extension process, is a special place with magical powers; we want to protect | 696 // extension process, is a special place with magical powers; we want to protect |
697 // it from outsiders. | 697 // it from outsiders. |
698 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { | 698 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { |
699 public: | 699 public: |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
745 // Make sure we did a process transfer back to "b.is". | 745 // Make sure we did a process transfer back to "b.is". |
746 EXPECT_EQ( | 746 EXPECT_EQ( |
747 " Site A ------------ proxies for B\n" | 747 " Site A ------------ proxies for B\n" |
748 " +--Site B ------- proxies for A\n" | 748 " +--Site B ------- proxies for A\n" |
749 "Where A = http://a.com/\n" | 749 "Where A = http://a.com/\n" |
750 " B = http://b.is/", | 750 " B = http://b.is/", |
751 FrameTreeVisualizer().DepictFrameTree(root)); | 751 FrameTreeVisualizer().DepictFrameTree(root)); |
752 } | 752 } |
753 | 753 |
754 } // namespace content | 754 } // namespace content |
OLD | NEW |