Disallow JS execution on WebUI pages.

ios/chrome/browser/ui/settings/block_popups_egtest.mm

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import <EarlGrey/EarlGrey.h>
 #import <UIKit/UIKit.h>
 #import <XCTest/XCTest.h>
 
 #include "base/ios/ios_util.h"
 #include "base/strings/sys_string_conversions.h"
@@ skipping 21 matching lines @@
 #include "url/gurl.h"
 
 using chrome_test_util::NavigationBarDoneButton;
 
 namespace {
 
 // URLs used in the tests.
 const char* kBlockPopupsUrl = "http://blockpopups";
 const char* kOpenedWindowUrl = "http://openedwindow";
 
-// JavaScript to open a new window after a short delay.
+// Page with a button that opens a new window after a short delay.
 NSString* kBlockPopupsResponseTemplate =
     @"<input type=\"button\" onclick=\"setTimeout(function() {"
      "window.open('%@')}, 1)\" "
-     "id=\"openWindow\" "
+     "id=\"open-window\" "
      "value=\"openWindow\">";
+// JavaScript that clicks that button.
+NSString* kOpenPopupScript = @"document.getElementById('open-window').click()";
 const std::string kOpenedWindowResponse = "Opened window";
 
 // Opens the block popups settings page.  Must be called from the NTP.
 void OpenBlockPopupsSettings() {
   const CGFloat scroll_displacement = 50.0;
   id<GREYMatcher> tools_menu_table_view_matcher =
       grey_accessibilityID(kToolsMenuTableViewId);
   id<GREYMatcher> settings_button_matcher =
       grey_accessibilityID(kToolsMenuSettingsId);
   id<GREYMatcher> content_settings_button_matcher =
@@ skipping 136 matching lines @@
       base::SysUTF8ToNSString(openedWindowURL.spec());
   responses[blockPopupsURL] = base::SysNSStringToUTF8([NSString
       stringWithFormat:kBlockPopupsResponseTemplate, openedWindowURLString]);
   responses[openedWindowURL] = kOpenedWindowResponse;
   web::test::SetUpSimpleHttpServer(responses);
 
   ScopedBlockPopupsPref prefSetter(CONTENT_SETTING_ALLOW);
   [ChromeEarlGrey loadURL:blockPopupsURL];
   chrome_test_util::AssertMainTabCount(1U);
 
-  // Tap the "Open Window" link and make sure the popup opened in a new tab.
-  chrome_test_util::TapWebViewElementWithId("openWindow");
+  // Request popup and make sure the popup opened in a new tab.
+  NSError* error = nil;
+  chrome_test_util::ExecuteJavaScript(kOpenPopupScript, &error);
+  GREYAssert(!error, @"Error during script execution: %@", error);
   chrome_test_util::AssertMainTabCount(2U);
 
   // No infobar should be displayed.
   [[EarlGrey selectElementWithMatcher:chrome_test_util::
                                           StaticTextWithAccessibilityLabel(
                                               @"Pop-ups blocked (1)")]
       assertWithMatcher:grey_notVisible()];
 }
 
 // Tests that popups are prevented from opening and an infobar is displayed when
 // the preference is set to BLOCK.
 - (void)testPopupsBlocked {
   std::map<GURL, std::string> responses;
   const GURL blockPopupsURL = web::test::HttpServer::MakeUrl(kBlockPopupsUrl);
   const GURL openedWindowURL = web::test::HttpServer::MakeUrl(kOpenedWindowUrl);
   NSString* openedWindowURLString =
       base::SysUTF8ToNSString(openedWindowURL.spec());
   responses[blockPopupsURL] = base::SysNSStringToUTF8([NSString
       stringWithFormat:kBlockPopupsResponseTemplate, openedWindowURLString]);
   responses[openedWindowURL] = kOpenedWindowResponse;
   web::test::SetUpSimpleHttpServer(responses);
 
   ScopedBlockPopupsPref prefSetter(CONTENT_SETTING_BLOCK);
   [ChromeEarlGrey loadURL:blockPopupsURL];
   chrome_test_util::AssertMainTabCount(1U);
 
-  // Tap the "Open Window" link, then make sure the popup was blocked and an
-  // infobar was displayed.  The window.open() call is run via async JS, so the
-  // infobar may not open immediately.
-  chrome_test_util::TapWebViewElementWithId("openWindow");
+  // Request popup, then make sure it was blocked and an infobar was displayed.
+  // The window.open() call is run via async JS, so the infobar may not open
+  // immediately.
+  NSError* error = nil;
+  chrome_test_util::ExecuteJavaScript(kOpenPopupScript, &error);
+  GREYAssert(!error, @"Error during script execution: %@", error);
+
   [[GREYCondition
       conditionWithName:@"Wait for blocked popups infobar to show"
                   block:^BOOL {
                     NSError* error = nil;
                     [[EarlGrey
                         selectElementWithMatcher:
                             chrome_test_util::StaticTextWithAccessibilityLabel(
                                 @"Pop-ups blocked (1)")]
                         assertWithMatcher:grey_sufficientlyVisible()
                                     error:&error];
@@ skipping 43 matching lines @@
       assertWithMatcher:grey_sufficientlyVisible()];
   [[EarlGrey
       selectElementWithMatcher:grey_accessibilityLabel(l10n_util::GetNSString(
                                    IDS_IOS_NAVIGATION_BAR_EDIT_BUTTON))]
       assertWithMatcher:grey_sufficientlyVisible()];
 
   CloseSettings();
 }
 
 @end