WebFrameSerializerSanitizationTest validates generated MHTML.

third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 12 matching lines @@
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "public/web/WebFrameSerializer.h"
 
+#include "platform/mhtml/MHTMLArchive.h"
+#include "platform/mhtml/MHTMLParser.h"
 #include "platform/testing/URLTestHelpers.h"
 #include "platform/testing/UnitTestHelpers.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/wtf/text/StringBuilder.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebCString.h"
 #include "public/platform/WebCache.h"
 #include "public/platform/WebString.h"
 #include "public/platform/WebURL.h"
 #include "public/platform/WebURLLoaderMockFactory.h"
@@ skipping 168 matching lines @@
   EXPECT_EQ("<!-- saved from url=(0030)http://www.test.com/?-%2Dx-%2D -->",
             actual_html.Substring(1, 60));
 }
 
 class WebFrameSerializerSanitizationTest : public WebFrameSerializerTest {
  protected:
   WebFrameSerializerSanitizationTest() {}
 
   ~WebFrameSerializerSanitizationTest() override {}
 
-  String GenerateMHTMLParts(const String& url,
-                            const String& file_name,
-                            const String& mime_type = "text/html") {
+  String GenerateMHTML(const String& url,
+                       const String& file_name,
+                       const String& mime_type = "text/html",
+                       const bool only_body_parts = false) {
     KURL parsed_url(kParsedURLString, url);
     String file_path("frameserialization/" + file_name);
     RegisterMockedFileURLLoad(parsed_url, file_path, mime_type);
     FrameTestHelpers::LoadFrame(MainFrameImpl(), url.Utf8().data());
-    WebThreadSafeData result = WebFrameSerializer::GenerateMHTMLParts(
-        WebString("boundary"), MainFrameImpl(), &mhtml_delegate_);
-    return String(result.Data(), result.size());
+    // This boundary is as good as any other.  Plus it gets used in almost

[dewittj, 2017/04/25 22:32:33]

I'd rewrite this comment, since it's not obvious why you are justifying this
exactly.  Is it important that it is constant rather than randomly generated as
in real files?  Is its length important? etc.

[carlosk, 2017/04/26 00:16:49]

On 2017/04/25 22:32:33, dewittj wrote:
Context: this is a copy/paste from MHTMLTest::GenerateMHTMLData where I found
this comment. As I would have to promote the unnamed parameter into a named
value here to be used for all calls I thought it was better to get the
"justified" value and its explanation.
Rephrased. LMKWDYT.

+    // all the examples in the MHTML spec - RFC 2557.
+    WebString boundary("boundary-example");
+    StringBuilder mhtml;
+    if (!only_body_parts) {
+      WebThreadSafeData header_result = WebFrameSerializer::GenerateMHTMLHeader(
+          boundary, MainFrameImpl(), &mhtml_delegate_);
+      mhtml.Append(header_result.Data(), header_result.size());
+    }
+    WebThreadSafeData body_result = WebFrameSerializer::GenerateMHTMLParts(
+        boundary, MainFrameImpl(), &mhtml_delegate_);
+    mhtml.Append(body_result.Data(), body_result.size());
+    if (!only_body_parts) {
+      RefPtr<RawData> footer_data = RawData::Create();
+      MHTMLArchive::GenerateMHTMLFooterForTesting(boundary,
+                                                  *footer_data->MutableData());
+      mhtml.Append(footer_data->data(), footer_data->length());
+    }
+    String mhtml_string = mhtml.ToString();
+
+    if (!only_body_parts) {
+      // Validate the generated MHTML.
+      MHTMLParser parser(SharedBuffer::Create(mhtml_string.Characters8(),
+                                              size_t(mhtml_string.length())));
+      if (parser.ParseArchive().IsEmpty()) {
+        ADD_FAILURE() << "Invalid MHTML";
+        mhtml_string = String();
+      }
+    }
+    return mhtml_string;
   }
 
   void SetRemovePopupOverlay(bool remove_popup_overlay) {
     mhtml_delegate_.SetRemovePopupOverlay(remove_popup_overlay);
   }
 
  private:
   SimpleMHTMLPartsGenerationDelegate mhtml_delegate_;
 };
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveInlineScriptInAttributes) {
   String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "script_in_attributes.html");
+      GenerateMHTML("http://www.test.com", "script_in_attributes.html");
+  ASSERT_FALSE(HasFailure());
 
   // These scripting attributes should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("onload="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("ONLOAD="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("onclick="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("href="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("from="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("to="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("javascript:"));
 
   // These non-scripting attributes should remain intact.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class="));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id="));
 
   // srcdoc attribute of frame element should be replaced with src attribute.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcdoc="));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("src="));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, DisableFormElements) {
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "form.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "form.html");
+  ASSERT_FALSE(HasFailure());
 
   const char kDisabledAttr[] = "disabled=3D\"\"";
   int matches =
       MatchSubstring(mhtml, kDisabledAttr, arraysize(kDisabledAttr) - 1);
   EXPECT_EQ(21, matches);
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveHiddenElements) {
-  String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "hidden_elements.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "hidden_elements.html");
+  ASSERT_FALSE(HasFailure());
 
   // The element with hidden attribute should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<p id=3D\"hidden_id\""));
 
   // The hidden form element should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<input type=3D\"hidden\""));
 
   // All other hidden elements should not be removed.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<html"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<head"));
@@ skipping 13 matching lines @@
   // These visible elements should remain intact.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<p id=3D\"visible_id\""));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<form"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<input type=3D\"text\""));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<div"));
 }
 
 // Regression test for crbug.com/678893, where in some cases serializing an
 // image document could cause code to pick an element from an empty container.
 TEST_F(WebFrameSerializerSanitizationTest, FromBrokenImageDocument) {
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "broken-image.png",
-                                    "image/png");
+  String mhtml = GenerateMHTML("http://www.test.com", "broken-image.png",
+                               "image/png", true);

[jianli, 2017/04/25 21:41:34]

Please comment why we only need to generate body parts for this test.

[carlosk, 2017/04/26 00:16:49]

Done. I left the (currently unnecessary) check below in place in case extra
validation is eventually added that would run even when generating only body
parts.

+  ASSERT_FALSE(HasFailure());
   EXPECT_TRUE(mhtml.IsEmpty());
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, ImageLoadedFromSrcsetForHiDPI) {
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/1x.png"),
       "frameserialization/1x.png");
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/2x.png"),
       "frameserialization/2x.png");
 
   // Set high DPR in order to load image from srcset, instead of src.
   WebView()->SetDeviceScaleFactor(2.0f);
 
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "img_srcset.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "img_srcset.html");
+  ASSERT_FALSE(HasFailure());
 
   // srcset attribute should be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcset="));
 
   // Width and height attributes should be set when none is present in <img>.
   EXPECT_NE(WTF::kNotFound,
             mhtml.Find("id=3D\"i1\" width=3D\"6\" height=3D\"6\">"));
 
   // Height attribute should not be set if width attribute is already present in
   // <img>
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i2\" width=3D\"8\">"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, ImageLoadedFromSrcForNormalDPI) {
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/1x.png"),
       "frameserialization/1x.png");
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/2x.png"),
       "frameserialization/2x.png");
 
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "img_srcset.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "img_srcset.html");
+  ASSERT_FALSE(HasFailure());
 
   // srcset attribute should be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcset="));
 
   // New width and height attributes should not be set.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i1\">"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i2\" width=3D\"8\">"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemovePopupOverlayIfRequested) {
   WebView()->Resize(WebSize(500, 500));
   SetRemovePopupOverlay(true);
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "popup.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "popup.html");
+  ASSERT_FALSE(HasFailure());
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("class=3D\"overlay"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("class=3D\"modal"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, KeepPopupOverlayIfNotRequested) {
   WebView()->Resize(WebSize(500, 500));
   SetRemovePopupOverlay(false);
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "popup.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "popup.html");
+  ASSERT_FALSE(HasFailure());
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class=3D\"overlay"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class=3D\"modal"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveElements) {
-  String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "remove_elements.html");
-  LOG(ERROR) << mhtml;
+  String mhtml = GenerateMHTML("http://www.test.com", "remove_elements.html");
+  ASSERT_FALSE(HasFailure());
 
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<script"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<noscript"));
 
   // Only the meta element containing "Content-Security-Policy" is removed.
   // Other meta elements should be preserved.
   EXPECT_EQ(WTF::kNotFound,
             mhtml.Find("<meta http-equiv=3D\"Content-Security-Policy"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<meta name=3D\"description"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<meta http-equiv=3D\"refresh"));
 
   // If an element is removed, its children should also be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<select"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<option"));
 }
 
 }  // namespace blink