chrome/browser/subresource_filter/subresource_filter_special_subframe_navigations_browsertest.cc - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <vector>

 #include "base/bind.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/subresource_filter/subresource_filter_browser_test_harness.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
 #include "url/origin.h"

 namespace subresource_filter {

 class SubresourceFilterSpecialSubframeNavigationsBrowserTest
     : public SubresourceFilterBrowserTest {};

 // Tests that navigations to special URLs (e.g. about:blank, data URLs, etc)
 // which do not trigger ReadyToCommitNavigation (and therefore our activation
 // IPC), properly inherit the activation of their parent frame.
 // Also tests that a child frame of a special url frame inherits the activation
 // state of its parent.
 IN_PROC_BROWSER_TEST_F(SubresourceFilterSpecialSubframeNavigationsBrowserTest,
                        NavigationsWithNoIPC_HaveActivation) {
   const GURL url(GetTestUrl("subresource_filter/frame_set_special_urls.html"));
   const std::vector<const char*> subframe_names{"blank", "grandChild", "js",
                                                 "data", "srcdoc"};
   ConfigureAsPhishingURL(url);

   ui_test_utils::NavigateToURL(browser(), url);
   ASSERT_NO_FATAL_FAILURE(ExpectParsedScriptElementLoadedStatusInFrames(
       subframe_names, {true, true, true, true, true}));

   // Disallow included_script.js, and all frames should filter it in subsequent
   // navigations.
   ASSERT_NO_FATAL_FAILURE(
       SetRulesetToDisallowURLsWithPathSuffix("included_script.js"));
   ui_test_utils::NavigateToURL(browser(), url);
   ASSERT_NO_FATAL_FAILURE(ExpectParsedScriptElementLoadedStatusInFrames(
       subframe_names, {false, false, false, false, false}));
 }

 // Navigate to a site with site hierarchy a(b(c)). Let a navigate c to a data
 // URL, and expect that the resulting frame has activation. We expect to fail in
 // --site-per-process with PlzNavigate disabled because c is navigated to a's
 // process. Therefore we can't sniff b's activation state from c.
 // See crbug.com/739777.
 IN_PROC_BROWSER_TEST_F(SubresourceFilterSpecialSubframeNavigationsBrowserTest,
                        NavigateCrossProcessDataUrl_MaintainsActivation) {
   const GURL main_url(embedded_test_server()->GetURL(
       "a.com", "/cross_site_iframe_factory.html?a(b(c))"));
   ConfigureAsPhishingURL(main_url);
   ASSERT_NO_FATAL_FAILURE(
       SetRulesetToDisallowURLsWithPathSuffix("included_script.js"));
   const GURL included_url(embedded_test_server()->GetURL(
       "a.com", "/subresource_filter/included_script.js"));

   ui_test_utils::NavigateToURL(browser(), main_url);

   // The root node will initiate the navigation; its grandchild node will be the
   // target of the navigation.
   content::TestNavigationObserver navigation_observer(web_contents(), 1);
   EXPECT_TRUE(content::ExecuteScript(
       web_contents()->GetMainFrame(),
       base::StringPrintf(
           "var data_url = 'data:text/html,<script src=\"%s\"></script>';"
           "window.frames[0][0].location.href = data_url;",
           included_url.spec().c_str())));
   navigation_observer.Wait();

   content::RenderFrameHost* target = content::FrameMatchingPredicate(
       web_contents(), base::Bind([](content::RenderFrameHost* rfh) {
         return rfh->GetLastCommittedURL().scheme_piece() == url::kDataScheme;
       }));
   ASSERT_NE(target, nullptr);
   EXPECT_TRUE(target->GetLastCommittedOrigin().unique());

   EXPECT_EQ(content::AreAllSitesIsolatedForTesting() &&
                 !content::IsBrowserSideNavigationEnabled(),
             WasParsedScriptElementLoaded(target));
 }

 }  // namespace subresource_filter
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <vector>

	#include "base/bind.h"
	#include "base/strings/string_piece.h"
	#include "base/strings/stringprintf.h"
	#include "chrome/browser/subresource_filter/subresource_filter_browser_test_harness.h"
	#include "chrome/browser/ui/browser.h"
	#include "chrome/test/base/in_process_browser_test.h"
	#include "chrome/test/base/ui_test_utils.h"
	#include "content/public/browser/render_frame_host.h"
	#include "content/public/browser/web_contents.h"
	#include "content/public/common/browser_side_navigation_policy.h"
	#include "content/public/test/browser_test.h"
	#include "content/public/test/browser_test_utils.h"
	#include "content/public/test/test_navigation_observer.h"
	#include "testing/gtest/include/gtest/gtest.h"
	#include "url/gurl.h"
	#include "url/origin.h"

	namespace subresource_filter {

	class SubresourceFilterSpecialSubframeNavigationsBrowserTest
	: public SubresourceFilterBrowserTest {};

	// Tests that navigations to special URLs (e.g. about:blank, data URLs, etc)
	// which do not trigger ReadyToCommitNavigation (and therefore our activation
	// IPC), properly inherit the activation of their parent frame.
	// Also tests that a child frame of a special url frame inherits the activation
	// state of its parent.
	IN_PROC_BROWSER_TEST_F(SubresourceFilterSpecialSubframeNavigationsBrowserTest,
	NavigationsWithNoIPC_HaveActivation) {
	const GURL url(GetTestUrl("subresource_filter/frame_set_special_urls.html"));
	const std::vector<const char*> subframe_names{"blank", "grandChild", "js",
	"data", "srcdoc"};
	ConfigureAsPhishingURL(url);

	ui_test_utils::NavigateToURL(browser(), url);
	ASSERT_NO_FATAL_FAILURE(ExpectParsedScriptElementLoadedStatusInFrames(
	subframe_names, {true, true, true, true, true}));

	// Disallow included_script.js, and all frames should filter it in subsequent
	// navigations.
	ASSERT_NO_FATAL_FAILURE(
	SetRulesetToDisallowURLsWithPathSuffix("included_script.js"));
	ui_test_utils::NavigateToURL(browser(), url);
	ASSERT_NO_FATAL_FAILURE(ExpectParsedScriptElementLoadedStatusInFrames(
	subframe_names, {false, false, false, false, false}));
	}

	// Navigate to a site with site hierarchy a(b(c)). Let a navigate c to a data
	// URL, and expect that the resulting frame has activation. We expect to fail in
	// --site-per-process with PlzNavigate disabled because c is navigated to a's
	// process. Therefore we can't sniff b's activation state from c.
	// See crbug.com/739777.
	IN_PROC_BROWSER_TEST_F(SubresourceFilterSpecialSubframeNavigationsBrowserTest,
	NavigateCrossProcessDataUrl_MaintainsActivation) {
	const GURL main_url(embedded_test_server()->GetURL(
	"a.com", "/cross_site_iframe_factory.html?a(b(c))"));
	ConfigureAsPhishingURL(main_url);
	ASSERT_NO_FATAL_FAILURE(
	SetRulesetToDisallowURLsWithPathSuffix("included_script.js"));
	const GURL included_url(embedded_test_server()->GetURL(
	"a.com", "/subresource_filter/included_script.js"));

	ui_test_utils::NavigateToURL(browser(), main_url);

	// The root node will initiate the navigation; its grandchild node will be the
	// target of the navigation.
	content::TestNavigationObserver navigation_observer(web_contents(), 1);
	EXPECT_TRUE(content::ExecuteScript(
	web_contents()->GetMainFrame(),
	base::StringPrintf(
	"var data_url = 'data:text/html,<script src=\"%s\"></script>';"
	"window.frames[0][0].location.href = data_url;",
	included_url.spec().c_str())));
	navigation_observer.Wait();

	content::RenderFrameHost* target = content::FrameMatchingPredicate(
	web_contents(), base::Bind([](content::RenderFrameHost* rfh) {
	return rfh->GetLastCommittedURL().scheme_piece() == url::kDataScheme;
	}));
	ASSERT_NE(target, nullptr);
	EXPECT_TRUE(target->GetLastCommittedOrigin().unique());

	EXPECT_EQ(content::AreAllSitesIsolatedForTesting() &&
	!content::IsBrowserSideNavigationEnabled(),
	WasParsedScriptElementLoaded(target));
	}

	} // namespace subresource_filter