Chromium Code Reviews Chromium Code Reviews
Issue 2889003002:
Change NavigationEntry to use virtual URL in error pages for blocked navigations (Closed)
| Index: content/browser/frame_host/data_url_navigation_browsertest.cc |
| diff --git a/content/browser/frame_host/data_url_navigation_browsertest.cc b/content/browser/frame_host/data_url_navigation_browsertest.cc |
| index d500fb2ba21fc4e4ae10719fe84c5cc29a573e72..8261c1a011fe66d6adc920b23cdfe7f22a0213ba 100644 |
| --- a/content/browser/frame_host/data_url_navigation_browsertest.cc |
| +++ b/content/browser/frame_host/data_url_navigation_browsertest.cc |
| @@ -939,4 +939,67 @@ IN_PROC_BROWSER_TEST_F(DataUrlNavigationBrowserTest, |
| #endif |
| } |
| +// Test case to verify that redirects to data: URLs are properly disallowed, |
| +// even when invoked through history navigations. |
| +// See https://crbug.com/723796. |
| +IN_PROC_BROWSER_TEST_F(DataUrlNavigationBrowserTest, |
| + WindowOpenRedirectAndBack) { |
| + NavigateToURL(shell(), |
| + embedded_test_server()->GetURL("/data_url_navigations.html")); |
| + |
| + // This test will need to navigate the newly opened window. |
| + ShellAddedObserver new_shell_observer; |
| + EXPECT_TRUE( |
| + ExecuteScript(shell()->web_contents(), |
| + "document.getElementById('window-open-redirect').click()")); |
| + Shell* new_shell = new_shell_observer.GetShell(); |
| + NavigationController* controller = |
| + &new_shell->web_contents()->GetController(); |
| + WaitForLoadStop(new_shell->web_contents()); |
| + |
| + // The window.open() should have resulted in an error page. |
|
Charlie Reis
2017/05/18 22:41:46
nit: Add "The blocked URL should be in the virtual
nasko
2017/05/18 22:55:11
Done.
|
| + { |
| + EXPECT_EQ(0, controller->GetLastCommittedEntryIndex()); |
| + NavigationEntry* entry = controller->GetLastCommittedEntry(); |
| + EXPECT_EQ(PAGE_TYPE_ERROR, entry->GetPageType()); |
| + EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme)); |
| + EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme)); |
| + } |
| + |
| + // Navigate forward and then go back to ensure the navigation to data: URL |
| + // is blocked. Use a browser-initiated back navigation, equivalent to user |
| + // pressing the back button. |
| + EXPECT_TRUE( |
| + NavigateToURL(new_shell, embedded_test_server()->GetURL("/title1.html"))); |
| + EXPECT_EQ(1, controller->GetLastCommittedEntryIndex()); |
| + { |
| + TestNavigationObserver observer(new_shell->web_contents()); |
| + controller->GoBack(); |
| + observer.Wait(); |
| + |
| + NavigationEntry* entry = controller->GetLastCommittedEntry(); |
| + EXPECT_EQ(0, controller->GetLastCommittedEntryIndex()); |
| + EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme)); |
| + EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme)); |
| + EXPECT_EQ(url::kAboutBlankURL, entry->GetURL().spec()); |
| + } |
| + |
| + // Do another new navigation, but then use JavaScript to navigate back, |
| + // equivalent to document executing JS. |
| + EXPECT_TRUE( |
| + NavigateToURL(new_shell, embedded_test_server()->GetURL("/title1.html"))); |
| + EXPECT_EQ(1, controller->GetLastCommittedEntryIndex()); |
| + { |
| + TestNavigationObserver observer(new_shell->web_contents()); |
| + EXPECT_TRUE(ExecuteScript(new_shell, "history.go(-1)")); |
| + observer.Wait(); |
| + |
| + NavigationEntry* entry = controller->GetLastCommittedEntry(); |
| + EXPECT_EQ(0, controller->GetLastCommittedEntryIndex()); |
| + EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme)); |
| + EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme)); |
| + EXPECT_EQ(url::kAboutBlankURL, entry->GetURL().spec()); |
| + } |
| +} |
| + |
| } // content |
