Chromium Code Reviews Chromium Code Reviews
Issue 797813006:
Replicate sandbox flags for OOPIF (Chromium part 2) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@iframe-sandbox-flags-part1| Index: content/browser/site_per_process_browsertest.cc |
| diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc |
| index 0cc1b8f2deb0da9008b7a38fdfce6db5559a8b02..b78f5ff1001dee680308cc03bf5fed91b59554ea 100644 |
| --- a/content/browser/site_per_process_browsertest.cc |
| +++ b/content/browser/site_per_process_browsertest.cc |
| @@ -955,6 +955,108 @@ IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, OriginReplication) { |
| EXPECT_EQ(result + "/", main_url.GetOrigin().spec()); |
| } |
| +// Check that iframe sandbox flags are replicated correctly. |
| +IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, SandboxFlagsReplication) { |
| + GURL main_url(embedded_test_server()->GetURL("/sandboxed_frames.html")); |
| + EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| + |
| + // It is safe to obtain the root frame tree node here, as it doesn't change. |
| + FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) |
| + ->GetFrameTree() |
| + ->root(); |
| + |
| + SitePerProcessWebContentsObserver observer(shell()->web_contents()); |
| + |
| + // Navigate the second (sandboxed) subframe to a cross-site page with a |
| + // subframe. NavigateFrameToURL can't be used here because it doesn't |
|
nasko
2015/01/20 23:26:49
I think it still can be used, but cannot be the co
alexmos
2015/01/21 02:10:43
Done.
|
| + // guarantee that FrameTreeNodes will have been created for child frames when |
| + // it returns. |
| + RenderFrameHostCreatedObserver frame_observer(shell()->web_contents(), 4); |
| + GURL foo_url( |
| + embedded_test_server()->GetURL("foo.com", "/frame_tree/1-1.html")); |
| + NavigationController::LoadURLParams params(foo_url); |
| + params.transition_type = ui::PAGE_TRANSITION_LINK; |
| + params.frame_tree_node_id = root->child_at(1)->frame_tree_node_id(); |
| + root->child_at(1)->navigator()->GetController()->LoadURLWithParams(params); |
| + frame_observer.Wait(); |
| + |
| + // We can't use a SitePerProcessWebContentsObserver to verify the URL here, |
| + // since the frame has children that may have clobbered it in the observer. |
| + EXPECT_EQ(foo_url, root->child_at(1)->current_url()); |
| + |
| + // Load cross-site page into subframe's subframe. |
| + ASSERT_EQ(2U, root->child_at(1)->child_count()); |
| + GURL bar_url(embedded_test_server()->GetURL("bar.com", "/title1.html")); |
| + NavigateFrameToURL(root->child_at(1)->child_at(0), bar_url); |
| + EXPECT_TRUE(observer.navigation_succeeded()); |
| + EXPECT_EQ(bar_url, observer.navigation_url()); |
| + |
| + // Opening a popup in the sandboxed foo.com iframe should fail. |
| + bool success = false; |
| + EXPECT_TRUE( |
| + ExecuteScriptAndExtractBool(root->child_at(1)->current_frame_host(), |
| + "window.domAutomationController.send(" |
| + "!window.open('data:text/html,dataurl'));", |
| + &success)); |
| + EXPECT_TRUE(success); |
|
nasko
2015/01/20 23:26:49
Might be useful to install an observer monitoring
alexmos
2015/01/21 02:10:43
Good point. I added checks that Shell::windows().
nasko
2015/01/21 17:36:37
Yes, that is totally fine.
|
| + |
| + // Opening a popup in a frame whose parent is sandboxed should also fail. |
| + // Here, bar.com frame's sandboxed parent frame is a remote frame in |
| + // bar.com's process. |
| + success = false; |
| + EXPECT_TRUE(ExecuteScriptAndExtractBool( |
| + root->child_at(1)->child_at(0)->current_frame_host(), |
| + "window.domAutomationController.send(" |
| + "!window.open('data:text/html,dataurl'));", |
| + &success)); |
| + EXPECT_TRUE(success); |
| + |
| + // Same, but now try the case where bar.com frame's sandboxed parent is a |
| + // local frame in bar.com's process. |
| + success = false; |
| + EXPECT_TRUE(ExecuteScriptAndExtractBool( |
| + root->child_at(2)->child_at(0)->current_frame_host(), |
| + "window.domAutomationController.send(" |
| + "!window.open('data:text/html,dataurl'));", |
| + &success)); |
| + EXPECT_TRUE(success); |
| + |
| + // Check that foo.com frame's location.ancestorOrigins contains the correct |
| + // origin for the parent, which should be unaffected by sandboxing. |
| + int ancestor_origins_length = 0; |
| + EXPECT_TRUE(ExecuteScriptAndExtractInt( |
| + root->child_at(1)->current_frame_host(), |
| + "window.domAutomationController.send(location.ancestorOrigins.length);", |
| + &ancestor_origins_length)); |
| + EXPECT_EQ(1, ancestor_origins_length); |
| + std::string result; |
| + EXPECT_TRUE(ExecuteScriptAndExtractString( |
| + root->child_at(1)->current_frame_host(), |
| + "window.domAutomationController.send(location.ancestorOrigins[0]);", |
| + &result)); |
| + EXPECT_EQ(result + "/", main_url.GetOrigin().spec()); |
| + |
| + // Now check location.ancestorOrigins for the bar.com frame. The middle frame |
| + // (foo.com's) origin should be unique, since that frame is sandboxed, and |
| + // the top frame should match |main_url|. |
| + FrameTreeNode* bottom_child = root->child_at(1)->child_at(0); |
| + EXPECT_TRUE(ExecuteScriptAndExtractInt( |
| + bottom_child->current_frame_host(), |
| + "window.domAutomationController.send(location.ancestorOrigins.length);", |
| + &ancestor_origins_length)); |
| + EXPECT_EQ(2, ancestor_origins_length); |
| + EXPECT_TRUE(ExecuteScriptAndExtractString( |
| + bottom_child->current_frame_host(), |
| + "window.domAutomationController.send(location.ancestorOrigins[0]);", |
| + &result)); |
| + EXPECT_EQ(result, "null"); |
| + EXPECT_TRUE(ExecuteScriptAndExtractString( |
| + bottom_child->current_frame_host(), |
| + "window.domAutomationController.send(location.ancestorOrigins[1]);", |
| + &result)); |
| + EXPECT_EQ(result + "/", main_url.GetOrigin().spec()); |
| +} |
| + |
| // TODO(lfg): Merge the test below with NavigateRemoteFrame test. |
| // TODO(lfg): Disabled because this triggers http://crbug.com/433012, and since |
| // the renderer process crashes, it causes the title watcher to never return. |
