WebFrameSerializerSanitizationTest validates generated MHTML.

third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 12 matching lines @@
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "public/web/WebFrameSerializer.h"
 
+#include "platform/mhtml/MHTMLArchive.h"
+#include "platform/mhtml/MHTMLParser.h"
 #include "platform/testing/URLTestHelpers.h"
 #include "platform/testing/UnitTestHelpers.h"
 #include "platform/weborigin/KURL.h"
 #include "platform/wtf/text/StringBuilder.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebCString.h"
 #include "public/platform/WebCache.h"
 #include "public/platform/WebString.h"
 #include "public/platform/WebURL.h"
 #include "public/platform/WebURLLoaderMockFactory.h"
@@ skipping 162 matching lines @@
   EXPECT_EQ(expected_html, actual_html);
 }
 
 TEST_F(WebFrameSerializerTest, FromUrlWithMinusMinus) {
   String actual_html =
       SerializeFile("http://www.test.com?--x--", "text_only_page.html");
   EXPECT_EQ("<!-- saved from url=(0030)http://www.test.com/?-%2Dx-%2D -->",
             actual_html.Substring(1, 60));
 }
 
 class WebFrameSerializerSanitizationTest : public WebFrameSerializerTest {

[jianli, 2017/04/26 00:54:45]

I think we'd better move this class out of this file to become a standalone one
since now we test the whole MHTML generation. This can be done in a separate
patch.

[carlosk, 2017/04/26 01:07:50]

Acknowledged. I will follow up with that.

  protected:
   WebFrameSerializerSanitizationTest() {}
 
   ~WebFrameSerializerSanitizationTest() override {}
 
-  String GenerateMHTMLParts(const String& url,
-                            const String& file_name,
-                            const String& mime_type = "text/html") {
+  String GenerateMHTML(const String& url,
+                       const String& file_name,
+                       const String& mime_type = "text/html",
+                       const bool only_body_parts = false) {
     KURL parsed_url(kParsedURLString, url);
     String file_path("frameserialization/" + file_name);
     RegisterMockedFileURLLoad(parsed_url, file_path, mime_type);
     FrameTestHelpers::LoadFrame(MainFrameImpl(), url.Utf8().data());
-    WebThreadSafeData result = WebFrameSerializer::GenerateMHTMLParts(
-        WebString("boundary"), MainFrameImpl(), &mhtml_delegate_);
-    return String(result.Data(), result.size());
+    // Boundaries are normally randomly generated but this one is predefined for
+    // simplicity and as good as any other. Plus it gets used in almost all the
+    // examples in the MHTML spec - RFC 2557.
+    const WebString boundary("boundary-example");
+    StringBuilder mhtml;
+    if (!only_body_parts) {
+      WebThreadSafeData header_result = WebFrameSerializer::GenerateMHTMLHeader(
+          boundary, MainFrameImpl(), &mhtml_delegate_);
+      mhtml.Append(header_result.Data(), header_result.size());
+    }
+    WebThreadSafeData body_result = WebFrameSerializer::GenerateMHTMLParts(
+        boundary, MainFrameImpl(), &mhtml_delegate_);
+    mhtml.Append(body_result.Data(), body_result.size());
+    if (!only_body_parts) {
+      RefPtr<RawData> footer_data = RawData::Create();
+      MHTMLArchive::GenerateMHTMLFooterForTesting(boundary,
+                                                  *footer_data->MutableData());
+      mhtml.Append(footer_data->data(), footer_data->length());
+    }
+    String mhtml_string = mhtml.ToString();
+
+    if (!only_body_parts) {
+      // Validate the generated MHTML.
+      MHTMLParser parser(SharedBuffer::Create(mhtml_string.Characters8(),
+                                              size_t(mhtml_string.length())));
+      if (parser.ParseArchive().IsEmpty()) {

[jianli, 2017/04/26 00:54:45]

Do we have plan to validate the number of resources?

[carlosk, 2017/04/26 01:07:51]

For MHTML well-formed-ness checks -- which is the only thing I wanted to check
for -- we don't need to. Any MHTML validation error will cause the output to be
fully empty.

+        ADD_FAILURE() << "Invalid MHTML";
+        mhtml_string = String();
+      }
+    }
+    return mhtml_string;
   }
 
   void SetRemovePopupOverlay(bool remove_popup_overlay) {
     mhtml_delegate_.SetRemovePopupOverlay(remove_popup_overlay);
   }
 
  private:
   SimpleMHTMLPartsGenerationDelegate mhtml_delegate_;
 };
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveInlineScriptInAttributes) {
   String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "script_in_attributes.html");
+      GenerateMHTML("http://www.test.com", "script_in_attributes.html");
+  ASSERT_FALSE(HasFailure());
 
   // These scripting attributes should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("onload="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("ONLOAD="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("onclick="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("href="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("from="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("to="));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("javascript:"));
 
   // These non-scripting attributes should remain intact.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class="));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id="));
 
   // srcdoc attribute of frame element should be replaced with src attribute.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcdoc="));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("src="));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, DisableFormElements) {
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "form.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "form.html");
+  ASSERT_FALSE(HasFailure());
 
   const char kDisabledAttr[] = "disabled=3D\"\"";
   int matches =
       MatchSubstring(mhtml, kDisabledAttr, arraysize(kDisabledAttr) - 1);
   EXPECT_EQ(21, matches);
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveHiddenElements) {
-  String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "hidden_elements.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "hidden_elements.html");
+  ASSERT_FALSE(HasFailure());
 
   // The element with hidden attribute should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<p id=3D\"hidden_id\""));
 
   // The hidden form element should be removed.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<input type=3D\"hidden\""));
 
   // All other hidden elements should not be removed.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<html"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<head"));
@@ skipping 13 matching lines @@
   // These visible elements should remain intact.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<p id=3D\"visible_id\""));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<form"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<input type=3D\"text\""));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<div"));
 }
 
 // Regression test for crbug.com/678893, where in some cases serializing an
 // image document could cause code to pick an element from an empty container.
 TEST_F(WebFrameSerializerSanitizationTest, FromBrokenImageDocument) {
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "broken-image.png",
-                                    "image/png");
+  // For this specific test we only care that the result of the body parts
+  // generation is empty so it is simpler to check it by only generating that
+  // part of the MHTML output by setting |only_body_parts| to true.
+  String mhtml = GenerateMHTML("http://www.test.com", "broken-image.png",
+                               "image/png", true);

[jianli, 2017/04/26 00:54:45]

I don't think you need to pass another parameter since you can simply check mime
type. If it is not text/html, there is no need to generate other parts.

[carlosk, 2017/04/26 01:07:50]

I would prefer to keep it explicit because handling mime types differently seems
counter intuitive. This is difference in behavior is specific to this test to
make it easier to test its results and not because the different mime type would
change MHTML generation.

WDYT?

[jianli, 2017/04/26 01:12:27]

I prefer not to adding too many arguments to complicate things. Since only one
test is involved, adding one more custom argument seems to be too much. Also I
think it makes sense not to generate header and foot for any non-html
serialization.

[carlosk, 2017/04/28 01:16:19]

Changing the returned contents solely based on mime type still feels too
surprising to me. But I added two helper methods that keep calls from tests
simple, with only two parameters.
WDYT?

+  ASSERT_FALSE(HasFailure());
   EXPECT_TRUE(mhtml.IsEmpty());
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, ImageLoadedFromSrcsetForHiDPI) {
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/1x.png"),
       "frameserialization/1x.png");
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/2x.png"),
       "frameserialization/2x.png");
 
   // Set high DPR in order to load image from srcset, instead of src.
   WebView()->SetDeviceScaleFactor(2.0f);
 
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "img_srcset.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "img_srcset.html");
+  ASSERT_FALSE(HasFailure());
 
   // srcset attribute should be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcset="));
 
   // Width and height attributes should be set when none is present in <img>.
   EXPECT_NE(WTF::kNotFound,
             mhtml.Find("id=3D\"i1\" width=3D\"6\" height=3D\"6\">"));
 
   // Height attribute should not be set if width attribute is already present in
   // <img>
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i2\" width=3D\"8\">"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, ImageLoadedFromSrcForNormalDPI) {
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/1x.png"),
       "frameserialization/1x.png");
   RegisterMockedFileURLLoad(
       KURL(kParsedURLString, "http://www.test.com/2x.png"),
       "frameserialization/2x.png");
 
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "img_srcset.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "img_srcset.html");
+  ASSERT_FALSE(HasFailure());
 
   // srcset attribute should be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("srcset="));
 
   // New width and height attributes should not be set.
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i1\">"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("id=3D\"i2\" width=3D\"8\">"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemovePopupOverlayIfRequested) {
   WebView()->Resize(WebSize(500, 500));
   SetRemovePopupOverlay(true);
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "popup.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "popup.html");
+  ASSERT_FALSE(HasFailure());
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("class=3D\"overlay"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("class=3D\"modal"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, KeepPopupOverlayIfNotRequested) {
   WebView()->Resize(WebSize(500, 500));
   SetRemovePopupOverlay(false);
-  String mhtml = GenerateMHTMLParts("http://www.test.com", "popup.html");
+  String mhtml = GenerateMHTML("http://www.test.com", "popup.html");
+  ASSERT_FALSE(HasFailure());
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class=3D\"overlay"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("class=3D\"modal"));
 }
 
 TEST_F(WebFrameSerializerSanitizationTest, RemoveElements) {
-  String mhtml =
-      GenerateMHTMLParts("http://www.test.com", "remove_elements.html");
-  LOG(ERROR) << mhtml;
+  String mhtml = GenerateMHTML("http://www.test.com", "remove_elements.html");
+  ASSERT_FALSE(HasFailure());
 
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<script"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<noscript"));
 
   // Only the meta element containing "Content-Security-Policy" is removed.
   // Other meta elements should be preserved.
   EXPECT_EQ(WTF::kNotFound,
             mhtml.Find("<meta http-equiv=3D\"Content-Security-Policy"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<meta name=3D\"description"));
   EXPECT_NE(WTF::kNotFound, mhtml.Find("<meta http-equiv=3D\"refresh"));
 
   // If an element is removed, its children should also be skipped.
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<select"));
   EXPECT_EQ(WTF::kNotFound, mhtml.Find("<option"));
 }
 
 }  // namespace blink