Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1300)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_manager_browsertest.cc

Issue 2811533002: Exclude files from FileSelectChooser if they can't convert to WebStrings. (Closed)
Patch Set: Move fix to RFH, add test. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_manager_browsertest.cc
diff --git a/content/browser/frame_host/render_frame_host_manager_browsertest.cc b/content/browser/frame_host/render_frame_host_manager_browsertest.cc
index 9f6afe7d49c3d3c06e49058371152ddd905970e6..4ff1a4b24a4128180075b2a1061fd1b38f3983f4 100644
--- a/content/browser/frame_host/render_frame_host_manager_browsertest.cc
+++ b/content/browser/frame_host/render_frame_host_manager_browsertest.cc
@@ -1939,6 +1939,55 @@ IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,
EXPECT_FALSE(handler->IsJavascriptAllowed());
}
+// Test for http://crbug.com/703303.
+IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,
+ DontGrantAccessToInvalidFilePaths) {
Charlie Reis 2017/04/14 19:28:15 This is based mostly on the following RestoreFileA
+ StartServer();
+
+ // Use a file path with an invalid encoding, such that it can't be converted
+ // to a WebString.
+ base::FilePath file;
+ EXPECT_TRUE(PathService::Get(base::DIR_TEMP, &file));
+ file = file.Append("foo\337bar");
+
+ // Navigate and try to get page to reference this file in its PageState.
+ GURL url1(embedded_test_server()->GetURL("/file_input.html"));
+ NavigateToURL(shell(), url1);
+ int process_id = shell()->web_contents()->GetRenderProcessHost()->GetID();
+ std::unique_ptr<FileChooserDelegate> delegate(new FileChooserDelegate(file));
+ shell()->web_contents()->SetDelegate(delegate.get());
+ EXPECT_TRUE(
+ ExecuteScript(shell(), "document.getElementById('fileinput').click();"));
+ EXPECT_TRUE(delegate->file_chosen());
+
+ // No access should have been granted, since the browser process should
+ // realize Blink can't handle it.
+ EXPECT_FALSE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+ process_id, file));
+
+ // Disable the swap out timer so we wait for the UpdateState message.
+ static_cast<WebContentsImpl*>(shell()->web_contents())
+ ->GetMainFrame()
+ ->DisableSwapOutTimerForTesting();
+
+ // Navigate to a different process and wait for the old process to exit.
+ RenderProcessHostWatcher exit_observer(
+ shell()->web_contents()->GetRenderProcessHost(),
+ RenderProcessHostWatcher::WATCH_FOR_HOST_DESTRUCTION);
+ NavigateToURL(shell(), GetCrossSiteURL("/title1.html"));
+ exit_observer.Wait();
+ EXPECT_FALSE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+ shell()->web_contents()->GetRenderProcessHost()->GetID(), file));
+
+ // Ensure that the file did not end up in the PageState of the previous entry.
+ NavigationEntry* prev_entry =
+ shell()->web_contents()->GetController().GetEntryAtIndex(0);
+ EXPECT_EQ(url1, prev_entry->GetURL());
+ const std::vector<base::FilePath>& files =
+ prev_entry->GetPageState().GetReferencedFiles();
+ ASSERT_EQ(0U, files.size());
+}
+
// Test for http://crbug.com/262948.
IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,
RestoreFileAccessForHistoryNavigation) {
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698