Google Git
Sign in
chromium / chromium / src / refs/tags/111.0.5508.1 / . / chrome / browser / extensions / content_script_apitest.cc
blob: a2552b8fdec58a7b383ab845050fefcf266708a2 [file] [log] [blame]
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stddef.h>
#include "base/bind.h"
#include "base/callback.h"
#include "base/run_loop.h"
#include "base/strings/strcat.h"
#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "base/test/bind.h"
#include "base/test/scoped_feature_list.h"
#include "base/test/task_environment.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "chrome/browser/extensions/api/permissions/permissions_api.h"
#include "chrome/browser/extensions/extension_apitest.h"
#include "chrome/browser/extensions/extension_management_test_util.h"
#include "chrome/browser/extensions/extension_service.h"
#include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
#include "chrome/browser/extensions/identifiability_metrics_test_util.h"
#include "chrome/browser/search/search.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/browser_navigator.h"
#include "chrome/browser/ui/search/ntp_test_utils.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/webui_url_constants.h"
#include "chrome/test/base/ui_test_utils.h"
#include "components/javascript_dialogs/tab_modal_dialog_manager.h"
#include "components/policy/core/browser/browser_policy_connector.h"
#include "components/web_package/web_bundle_builder.h"
#include "content/public/browser/javascript_dialog_manager.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/web_contents.h"
#include "content/public/browser/web_contents_delegate.h"
#include "content/public/common/content_features.h"
#include "content/public/test/browser_test.h"
#include "content/public/test/browser_test_utils.h"
#include "content/public/test/prerender_test_util.h"
#include "content/public/test/test_navigation_observer.h"
#include "content/public/test/test_utils.h"
#include "extensions/browser/browsertest_util.h"
#include "extensions/browser/content_script_tracker.h"
#include "extensions/browser/extension_registry.h"
#include "extensions/common/api/content_scripts.h"
#include "extensions/common/extension.h"
#include "extensions/common/extension_features.h"
#include "extensions/common/identifiability_metrics.h"
#include "extensions/common/utils/content_script_utils.h"
#include "extensions/strings/grit/extensions_strings.h"
#include "extensions/test/extension_test_message_listener.h"
#include "extensions/test/result_catcher.h"
#include "extensions/test/test_extension_dir.h"
#include "net/dns/mock_host_resolver.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/test/embedded_test_server/http_request.h"
#include "net/test/embedded_test_server/http_response.h"
#include "services/network/public/cpp/features.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/privacy_budget/identifiable_surface.h"
#include "ui/base/l10n/l10n_util.h"
#include "ui/base/page_transition_types.h"
#include "url/gurl.h"
namespace extensions {
namespace {
// A fake webstore domain.
const char kWebstoreDomain[] = "cws.com";
// Runs all pending tasks in the renderer associated with |web_contents|, and
// then all pending tasks in the browser process.
// Returns true on success.
bool RunAllPending(content::WebContents* web_contents) {
// This is slight hack to achieve a RunPendingInRenderer() method. Since IPCs
// are sent synchronously, anything started prior to this method will finish
// before this method returns (as content::ExecuteScript() is synchronous).
if (!content::ExecuteScript(web_contents, "1 == 1;"))
return false;
base::RunLoop().RunUntilIdle();
return true;
}
// A simple extension manifest with content scripts on all pages.
const char kManifest[] =
"{"
" \"name\": \"%s\","
" \"version\": \"1.0\","
" \"manifest_version\": 2,"
" \"content_scripts\": [{"
" \"matches\": [\"*://*/*\"],"
" \"js\": [\"script.js\"],"
" \"run_at\": \"%s\""
" }]"
"}";
// A (blocking) content script that pops up an alert.
const char kBlockingScript[] = "alert('ALERT');";
// A (non-blocking) content script that sends a message.
const char kNonBlockingScript[] = "chrome.test.sendMessage('done');";
const char kNewTabOverrideManifest[] =
"{"
" \"name\": \"New tab override\","
" \"version\": \"0.1\","
" \"manifest_version\": 2,"
" \"description\": \"Foo!\","
" \"chrome_url_overrides\": {\"newtab\": \"newtab.html\"}"
"}";
const char kNewTabHtml[] = "<html>NewTabOverride!</html>";
} // namespace
class ContentScriptApiTest : public ExtensionApiTest {
public:
ContentScriptApiTest() {}
ContentScriptApiTest(const ContentScriptApiTest&) = delete;
ContentScriptApiTest& operator=(const ContentScriptApiTest&) = delete;
~ContentScriptApiTest() override {}
void SetUpOnMainThread() override {
ExtensionApiTest::SetUpOnMainThread();
host_resolver()->AddRule("*", "127.0.0.1");
}
};
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptAllFrames) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/all_frames")) << message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptAboutBlankIframes) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/about_blank_iframes"))
<< message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptAboutBlankAndSrcdoc) {
// The optional "*://*/*" permission is requested after verifying that
// content script insertion solely depends on content_scripts[*].matches.
// The permission is needed for chrome.tabs.executeScript tests.
PermissionsRequestFunction::SetAutoConfirmForTests(true);
PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/about_blank_srcdoc"))
<< message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptExtensionIframe) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/extension_iframe")) << message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptExtensionProcess) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/extension_process"))
<< message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptFragmentNavigation) {
ASSERT_TRUE(StartEmbeddedTestServer());
const char extension_name[] = "content_scripts/fragment";
ASSERT_TRUE(RunExtensionTest(extension_name)) << message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptIsolatedWorlds) {
// This extension runs various bits of script and tests that they all run in
// the same isolated world.
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/isolated_world1")) << message_;
// Now load a different extension, inject into same page, verify worlds aren't
// shared.
ASSERT_TRUE(RunExtensionTest("content_scripts/isolated_world2")) << message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
ContentScriptIgnoreHostPermissions) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/dont_match_host_permissions"))
<< message_;
}
// crbug.com/39249 -- content scripts js should not run on view source.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptViewSource) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/view_source")) << message_;
}
// crbug.com/126257 -- content scripts should not get injected into other
// extensions.
// TODO(crbug.com/1196340): Fix flakiness.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
DISABLED_ContentScriptOtherExtensions) {
ASSERT_TRUE(StartEmbeddedTestServer());
// First, load extension that sets up content script.
ASSERT_TRUE(RunExtensionTest("content_scripts/other_extensions/injector"))
<< message_;
// Then load targeted extension to make sure its content isn't changed.
ASSERT_TRUE(RunExtensionTest("content_scripts/other_extensions/victim"))
<< message_;
}
// https://crbug.com/825111 -- content scripts may fetch() a blob URL from their
// chrome-extension:// origin.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptBlobFetch) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/blob_fetch")) << message_;
}
// Test that content scripts set to run at different timings are loaded as
// expected for a few different types of pages.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, RunAtTimingsAllFire) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(
LoadExtension(test_data_dir_.AppendASCII("content_scripts/load_timing")));
std::string test_paths[] = {"/extensions/test_file.html",
"/extensions/test_xml.xml",
"/extensions/test_xsl.xml"};
for (const auto& path : test_paths) {
ExtensionTestMessageListener listener_start("document-start-success");
ExtensionTestMessageListener listener_end("document-end-success");
listener_end.set_failure_message("document-end-failure");
ExtensionTestMessageListener listener_idle("document-idle-success");
listener_idle.set_failure_message("document-idle-failure");
// Load the URL and make sure each script set for the different timings have
// fired.
const GURL url = embedded_test_server()->GetURL(path);
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
// Note: These checks don't ensure the correct ordering of injection, but
// that is verified in the JS files themselves.
EXPECT_TRUE(listener_start.WaitUntilSatisfied());
EXPECT_TRUE(listener_end.WaitUntilSatisfied());
EXPECT_TRUE(listener_idle.WaitUntilSatisfied());
// Load the page a second time to check for any issues with cached XSL
// resources. See: crbug.com/1041916. Note that test_xsl.xsl has
// mock-http-headers to make sure it is cached.
listener_start.Reset();
listener_end.Reset();
listener_idle.Reset();
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
EXPECT_TRUE(listener_start.WaitUntilSatisfied());
EXPECT_TRUE(listener_end.WaitUntilSatisfied());
EXPECT_TRUE(listener_idle.WaitUntilSatisfied());
}
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
ContentScriptDuplicateScriptInjection) {
ASSERT_TRUE(StartEmbeddedTestServer());
GURL url(
base::StringPrintf("http://maps.google.com:%i/extensions/test_file.html",
embedded_test_server()->port()));
ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII(
"content_scripts/duplicate_script_injection")));
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
// Test that a script that matches two separate, yet overlapping match
// patterns is only injected once.
bool scripts_injected_once = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
browser()->tab_strip_model()->GetActiveWebContents(),
"window.domAutomationController.send("
"document.getElementsByClassName('injected-once')"
".length == 1)",
&scripts_injected_once));
ASSERT_TRUE(scripts_injected_once);
// Test that a script injected at two different load process times, document
// idle and document end, is injected exactly twice.
bool scripts_injected_twice = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
browser()->tab_strip_model()->GetActiveWebContents(),
"window.domAutomationController.send("
"document.getElementsByClassName('injected-twice')"
".length == 2)",
&scripts_injected_twice));
ASSERT_TRUE(scripts_injected_twice);
}
// Tests that content scripts detaching its Window during evaluation shouldn't
// crash. Regression test for https://crbug.com/1220761.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, DetachDuringEvaluation) {
ASSERT_TRUE(StartEmbeddedTestServer());
GURL url(embedded_test_server()->GetURL(
"document-end.example.com", "/extensions/detach_during_evaluation.html"));
ASSERT_TRUE(LoadExtension(
test_data_dir_.AppendASCII("content_scripts/detach_during_evaluation")));
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
// The iframe is removed by `detach.js`.
bool iframe_removed = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
browser()->tab_strip_model()->GetActiveWebContents(),
"window.domAutomationController.send("
"document.getElementById('injected') === null)",
&iframe_removed));
EXPECT_TRUE(iframe_removed);
// `detach.js` is evaluated, and detaches the iframe.
bool detach_evaluated = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
browser()->tab_strip_model()->GetActiveWebContents(),
"window.domAutomationController.send("
"document.getElementById('detach-evaluated') !== null)",
&detach_evaluated));
EXPECT_TRUE(detach_evaluated);
// `detach2.js` isn't evaluated because the iframe is detached.
bool detach2_evaluated = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
browser()->tab_strip_model()->GetActiveWebContents(),
"window.domAutomationController.send("
"document.getElementById('detach2-evaluated') !== null)",
&detach2_evaluated));
EXPECT_FALSE(detach2_evaluated);
}
// Tests that fetches made by content scripts are exempt from the page's CSP.
// Regression test for crbug.com/934819.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, FetchExemptFromCSP) {
ASSERT_TRUE(StartEmbeddedTestServer());
// Create and load an extension that will inject a content script which does a
// fetch based on the host document's "fetchUrl" url search parameter.
constexpr char kFetchManifest[] =
R"(
{
"name":"Fetch redirect test",
"version":"0.0.1",
"manifest_version": 2,
"content_scripts": [
{
"matches": ["*://bar.com/*"],
"js": ["content_script.js"],
"run_at": "document_start"
}
]
})";
constexpr char kContentScript[] = R"(
let params = (new URL(document.location)).searchParams;
let fetchUrl = params.get('fetchUrl');
fetch(fetchUrl)
.then(response => response.text())
.then(text => chrome.test.sendMessage(text))
.catch(error => chrome.test.sendMessage(error.message));
)";
TestExtensionDir test_dir;
test_dir.WriteManifest(kFetchManifest);
test_dir.WriteFile(FILE_PATH_LITERAL("content_script.js"), kContentScript);
ASSERT_TRUE(LoadExtension(test_dir.UnpackedPath()));
ExtensionTestMessageListener listener;
// The fetch will undergo a redirect. Note that the fetched file sets the
// "Access-Control-Allow-Origin: *" header to allow for cross origin access.
GURL fetch_url =
embedded_test_server()->GetURL("foo.com", "/extensions/xhr.txt");
GURL redirect_url = embedded_test_server()->GetURL(
"bar.com", "/server-redirect?" + fetch_url.spec());
// Navigate to a page with a CSP set that prevents resources from other
// origins to be loaded and wait for a response from the content script.
GURL csp_page_url = embedded_test_server()->GetURL(
"bar.com",
"/extensions/page_with_csp.html?fetchUrl=" + redirect_url.spec());
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), csp_page_url));
// Ensure the fetch is exempt from the page CSP and succeeds.
ASSERT_TRUE(listener.WaitUntilSatisfied());
EXPECT_EQ("File to request via XHR.\n", listener.message());
// Sanity check that fetching a url which doesn't allow cross origin access
// fails.
listener.Reset();
fetch_url =
embedded_test_server()->GetURL("foo.com", "/extensions/test_file.txt");
redirect_url = embedded_test_server()->GetURL(
"bar.com", "/server-redirect?" + fetch_url.spec());
csp_page_url = embedded_test_server()->GetURL(
"bar.com",
"/extensions/page_with_csp.html?fetchUrl=" + redirect_url.spec());
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), csp_page_url));
ASSERT_TRUE(listener.WaitUntilSatisfied());
EXPECT_EQ("Failed to fetch", listener.message());
}
// Test that content scripts that exceed the individual script size limit or the
// total extensions script limit will not be loaded/injected, and will generate
// an install warning.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, LargeScriptFilesNotLoaded) {
auto single_scripts_limit_reset =
script_parsing::CreateScopedMaxScriptLengthForTesting(800u);
auto extension_scripts_limit_reset =
script_parsing::CreateScopedMaxScriptsLengthPerExtensionForTesting(1000u);
ASSERT_TRUE(StartEmbeddedTestServer());
ResultCatcher result_catcher;
const Extension* extension =
LoadExtension(test_data_dir_.AppendASCII("content_scripts/large_scripts"),
{.ignore_manifest_warnings = true});
ASSERT_TRUE(extension);
EXPECT_TRUE(result_catcher.GetNextResult()) << result_catcher.message();
std::vector<InstallWarning> expected_warnings;
expected_warnings.emplace_back(
l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTENT_SCRIPT_FILE_TOO_LARGE,
u"big.js"),
api::content_scripts::ManifestKeys::kContentScripts, "big.js");
expected_warnings.emplace_back(
l10n_util::GetStringFUTF8(IDS_EXTENSION_CONTENT_SCRIPT_FILE_TOO_LARGE,
u"inject_element_2.js"),
api::content_scripts::ManifestKeys::kContentScripts,
"inject_element_2.js");
EXPECT_EQ(extension->install_warnings(), expected_warnings);
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, MainWorldInjections) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/main_world_injections"))
<< message_;
}
class ContentScriptCssInjectionTest : public ExtensionApiTest {
protected:
// TODO(rdevlin.cronin): Make a testing switch that looks like FeatureSwitch,
// but takes in an optional value so that we don't have to do this.
void SetUpCommandLine(base::CommandLine* command_line) override {
ExtensionApiTest::SetUpCommandLine(command_line);
// We change the Webstore URL to be http://cws.com. We need to do this so
// we can check that css injection is not allowed on the webstore (which
// could lead to spoofing). Unfortunately, host_resolver seems to have
// problems with redirecting "chrome.google.com" to the test server, so we
// can't use the real Webstore's URL. If this changes, we could clean this
// up.
command_line->AppendSwitchASCII(
::switches::kAppsGalleryURL,
base::StringPrintf("http://%s", kWebstoreDomain));
}
void SetUpOnMainThread() override {
ExtensionApiTest::SetUpOnMainThread();
host_resolver()->AddRule("*", "127.0.0.1");
}
};
IN_PROC_BROWSER_TEST_F(ContentScriptCssInjectionTest,
ContentScriptInjectsStyles) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII("content_scripts")
.AppendASCII("css_injection")));
// Helper to get the active tab from the browser.
auto get_active_tab = [browser = browser()]() {
return browser->tab_strip_model()->GetActiveWebContents();
};
// Returns the background color for the element retrieved from the given
// `query_selector`.
auto get_element_color =
[&get_active_tab](const char* query_selector) -> std::string {
content::WebContents* web_contents = get_active_tab();
SCOPED_TRACE(base::StringPrintf(
"URL: %s; Selector: %s",
web_contents->GetLastCommittedURL().spec().c_str(), query_selector));
std::string color;
constexpr char kGetColor[] =
R"((function() {
let element = document.querySelector('%s');
style = window.getComputedStyle(element);
domAutomationController.send(style.backgroundColor);
})();)";
if (!content::ExecuteScriptAndExtractString(
get_active_tab(), base::StringPrintf(kGetColor, query_selector),
&color)) {
return "<Failed to execute>";
}
return color;
};
// Returns the number of stylesheets attached to the document.
auto get_style_sheet_count = [&get_active_tab]() {
int count = -1;
constexpr char kGetStyleSheetCount[] =
"domAutomationController.send(document.styleSheets.length);";
if (!content::ExecuteScriptAndExtractInt(get_active_tab(),
kGetStyleSheetCount, &count)) {
return -1;
}
return count;
};
// CSS injection should be allowed on an unprivileged web page that matches
// the patterns specified for the content script.
GURL url =
embedded_test_server()->GetURL("/extensions/test_file_with_body.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
constexpr char kInjectedBodyColor[] = "rgb(0, 0, 255)"; // Blue
EXPECT_EQ(kInjectedBodyColor, get_element_color("body"));
EXPECT_EQ(0, get_style_sheet_count())
<< "Extension-injected content scripts should not be included in "
<< "document.styleSheets.";
// The loaded extension has an exclude match for "extensions/test_file.html",
// so no CSS should be injected.
url = embedded_test_server()->GetURL("/extensions/test_file.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
EXPECT_NE(kInjectedBodyColor, get_element_color("body"));
EXPECT_EQ(0, get_style_sheet_count());
// We disallow all injection on the webstore.
GURL::Replacements replacements;
replacements.SetHostStr(kWebstoreDomain);
url = embedded_test_server()
->GetURL("/extensions/test_file_with_body.html")
.ReplaceComponents(replacements);
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
EXPECT_NE(kInjectedBodyColor, get_element_color("body"));
EXPECT_EQ(0, get_style_sheet_count());
// Check extensions override page styles if they have more specific rules.
// Regression test for https://crbug.com/1175506.
// This page has four divs (with ids div1, div2, div3, and div4). The page
// specifies styles for them, but the extension has more specific styles for
// divs 1, 2, and 3.
// The extension styles should win by specificity, since they are in the same
// style origin ("author").
url = embedded_test_server()->GetURL("/extensions/test_file_with_style.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
constexpr char kInjectedDivColor[] = "rgb(0, 0, 255)"; // Blue
constexpr char kOriginalDivColor[] = "rgb(255, 0, 0)"; // Red
EXPECT_EQ(kInjectedDivColor, get_element_color("#div1"));
EXPECT_EQ(kInjectedDivColor, get_element_color("#div2"));
EXPECT_EQ(kInjectedDivColor, get_element_color("#div3"));
EXPECT_EQ(kOriginalDivColor, get_element_color("#div4"));
// There should be two style sheets on this website; one inline <style> tag
// and a second included as a <link>.
EXPECT_EQ(2, get_style_sheet_count());
// Load an additional stylesheet dynamically (ensuring it was added to the DOM
// later). div3 should still be styled by the extension (since that rule is
// more specific). This ensures that stylesheets that just happen to be added
// later don't override extension sheets of higher specificity.
constexpr char kLoadExtraStylesheet[] =
R"((function() {
let sheet = document.createElement('link');
sheet.type = 'text/css';
sheet.rel = 'stylesheet';
sheet.href = 'test_file_with_style2.css';
sheet.onload = () => { domAutomationController.send('success'); };
sheet.onerror = () => { domAutomationController.send('error'); };
document.head.appendChild(sheet);
})();)";
std::string result;
ASSERT_TRUE(content::ExecuteScriptAndExtractString(
get_active_tab(), kLoadExtraStylesheet, &result));
EXPECT_EQ("success", result);
EXPECT_EQ(kInjectedDivColor, get_element_color("#div3"));
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptCSSLocalization) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/css_l10n")) << message_;
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptExtensionAPIs) {
ASSERT_TRUE(StartEmbeddedTestServer());
const extensions::Extension* extension = LoadExtension(
test_data_dir_.AppendASCII("content_scripts/extension_api"));
ResultCatcher catcher;
ASSERT_TRUE(ui_test_utils::NavigateToURL(
browser(),
embedded_test_server()->GetURL("/extensions/api_test/content_scripts/"
"extension_api/functions.html")));
EXPECT_TRUE(catcher.GetNextResult());
// Navigate to a page that will cause a content script to run that starts
// listening for an extension event.
ASSERT_TRUE(ui_test_utils::NavigateToURL(
browser(),
embedded_test_server()->GetURL(
"/extensions/api_test/content_scripts/extension_api/events.html")));
// Navigate to an extension page that will fire the event events.js is
// listening for.
ui_test_utils::NavigateToURLWithDisposition(
browser(), extension->GetResourceURL("fire_event.html"),
WindowOpenDisposition::NEW_FOREGROUND_TAB,
ui_test_utils::BROWSER_TEST_NONE);
EXPECT_TRUE(catcher.GetNextResult());
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptPermissionsApi) {
extensions::PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
extensions::PermissionsRequestFunction::SetAutoConfirmForTests(true);
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/permissions")) << message_;
}
IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
ContentScriptPolicy) {
// Set enterprise policy to block injection to policy specified host.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
pref.AddPolicyBlockedHost("*", "*://example.com");
}
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/policy")) << message_;
}
class ContentScriptPolicyStartupTest : public ExtensionApiTest {
public:
// We need to do this work here because the runtime host policy values are
// checked pretty early on in the startup of the ExtensionService, which
// happens between SetUpInProcessBrowserTestFixture and SetUpOnMainThread.
void SetUpInProcessBrowserTestFixture() override {
ExtensionApiTest::SetUpInProcessBrowserTestFixture();
policy_provider_.SetDefaultReturns(
/*is_initialization_complete_return=*/true,
/*is_first_policy_load_complete_return=*/true);
policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
&policy_provider_);
// ExtensionManagementPolicyUpdater requires a single-threaded context to
// call RunLoop::RunUntilIdle internally, and it isn't ready at this setup
// moment.
base::test::TaskEnvironment env;
ExtensionManagementPolicyUpdater management_policy(&policy_provider_);
management_policy.AddPolicyBlockedHost("*", "*://example.com");
}
void SetUpOnMainThread() override {
ExtensionApiTest::SetUpOnMainThread();
host_resolver()->AddRule("*", "127.0.0.1");
}
private:
testing::NiceMock<policy::MockConfigurationPolicyProvider> policy_provider_;
};
// Regression test for: https://crbug.com/954215.
IN_PROC_BROWSER_TEST_F(ContentScriptPolicyStartupTest, RuntimeBlockedHosts) {
// Tests that default scoped runtime blocked host policy values for the
// ExtensionSettings policy are applied at startup.
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/policy")) << message_;
}
// Verifies wildcard can NOT be used for effective TLD.
IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
ContentScriptPolicyWildcard) {
// Set enterprise policy to block injection to policy specified hosts.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
pref.AddPolicyBlockedHost("*", "*://example.*");
}
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_FALSE(RunExtensionTest("content_scripts/policy")) << message_;
}
IN_PROC_BROWSER_TEST_F(ExtensionApiTestWithManagementPolicy,
ContentScriptPolicyByExtensionId) {
ASSERT_TRUE(StartEmbeddedTestServer());
base::FilePath extension_path =
test_data_dir_.AppendASCII("content_scripts/policy");
// Pack extension because by-extension policies aren't applied to unpacked
// "transient" extensions.
base::FilePath crx_path = PackExtension(extension_path);
EXPECT_FALSE(crx_path.empty());
// Load first time to get extension id.
const Extension* extension = LoadExtension(crx_path);
ASSERT_TRUE(extension);
auto extension_id = extension->id();
UnloadExtension(extension_id);
// Set enterprise policy to block injection of specified extension to policy
// specified host.
{
ExtensionManagementPolicyUpdater pref(&policy_provider_);
pref.AddPolicyBlockedHost(extension_id, "*://example.com");
}
// Some policy updating operations are performed asynchronuosly. Wait for them
// to complete before installing extension.
base::RunLoop().RunUntilIdle();
extensions::ResultCatcher catcher;
EXPECT_TRUE(LoadExtension(crx_path));
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptBypassPageCSP) {
ASSERT_TRUE(StartEmbeddedTestServer());
extensions::ResultCatcher catcher;
ASSERT_TRUE(RunExtensionTest("content_scripts/bypass_page_csp"))
<< catcher.message();
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
ContentScriptBypassPageTrustedTypes) {
ASSERT_TRUE(StartEmbeddedTestServer());
extensions::ResultCatcher catcher;
ASSERT_TRUE(RunExtensionTest("content_scripts/bypass_page_trusted_types"))
<< catcher.message();
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
// Test that when injecting a blocking content script, other scripts don't run
// until the blocking script finishes.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptBlockingScript) {
ASSERT_TRUE(StartEmbeddedTestServer());
// Load up two extensions.
TestExtensionDir ext_dir1;
ext_dir1.WriteManifest(
base::StringPrintf(kManifest, "ext1", "document_start"));
ext_dir1.WriteFile(FILE_PATH_LITERAL("script.js"), kBlockingScript);
const Extension* ext1 = LoadExtension(ext_dir1.UnpackedPath());
ASSERT_TRUE(ext1);
TestExtensionDir ext_dir2;
ext_dir2.WriteManifest(base::StringPrintf(kManifest, "ext2", "document_end"));
ext_dir2.WriteFile(FILE_PATH_LITERAL("script.js"), kNonBlockingScript);
const Extension* ext2 = LoadExtension(ext_dir2.UnpackedPath());
ASSERT_TRUE(ext2);
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
auto* js_dialog_manager =
javascript_dialogs::TabModalDialogManager::FromWebContents(web_contents);
base::RunLoop dialog_wait;
js_dialog_manager->SetDialogShownCallbackForTesting(
dialog_wait.QuitClosure());
ExtensionTestMessageListener listener("done");
listener.set_extension_id(ext2->id());
// Navigate! Both extensions will try to inject.
ui_test_utils::NavigateToURLWithDisposition(
browser(), embedded_test_server()->GetURL("/empty.html"),
WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
dialog_wait.Run();
// Right now, the alert dialog is showing and blocking injection of anything
// after it, so the listener shouldn't be satisfied.
EXPECT_FALSE(listener.was_satisfied());
js_dialog_manager->HandleJavaScriptDialog(web_contents, true, nullptr);
// After closing the dialog, the rest of the scripts should be able to
// inject.
EXPECT_TRUE(listener.WaitUntilSatisfied());
}
// Test that closing a tab with a blocking script results in no further scripts
// running (and we don't crash).
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
ContentScriptBlockingScriptTabClosed) {
ASSERT_TRUE(StartEmbeddedTestServer());
// We're going to close a tab in this test, so make a new one (to ensure
// we don't close the browser).
ui_test_utils::NavigateToURLWithDisposition(
browser(), embedded_test_server()->GetURL("/empty.html"),
WindowOpenDisposition::NEW_FOREGROUND_TAB,
ui_test_utils::BROWSER_TEST_WAIT_FOR_LOAD_STOP);
// Set up the same as the previous test case.
TestExtensionDir ext_dir1;
ext_dir1.WriteManifest(
base::StringPrintf(kManifest, "ext1", "document_start"));
ext_dir1.WriteFile(FILE_PATH_LITERAL("script.js"), kBlockingScript);
const Extension* ext1 = LoadExtension(ext_dir1.UnpackedPath());
ASSERT_TRUE(ext1);
TestExtensionDir ext_dir2;
ext_dir2.WriteManifest(base::StringPrintf(kManifest, "ext2", "document_end"));
ext_dir2.WriteFile(FILE_PATH_LITERAL("script.js"), kNonBlockingScript);
const Extension* ext2 = LoadExtension(ext_dir2.UnpackedPath());
ASSERT_TRUE(ext2);
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
auto* js_dialog_manager =
javascript_dialogs::TabModalDialogManager::FromWebContents(web_contents);
base::RunLoop dialog_wait;
js_dialog_manager->SetDialogShownCallbackForTesting(
dialog_wait.QuitClosure());
ExtensionTestMessageListener listener("done");
listener.set_extension_id(ext2->id());
// Navigate!
ui_test_utils::NavigateToURLWithDisposition(
browser(), embedded_test_server()->GetURL("/empty.html"),
WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
// Now, instead of closing the dialog, just close the tab. Later scripts
// should never get a chance to run (and we shouldn't crash).
dialog_wait.Run();
EXPECT_FALSE(listener.was_satisfied());
EXPECT_TRUE(browser()->tab_strip_model()->CloseWebContentsAt(
browser()->tab_strip_model()->active_index(), 0));
EXPECT_FALSE(listener.was_satisfied());
}
// There was a bug by which content scripts that blocked and ran on
// document_idle could be injected twice (crbug.com/431263). Test for
// regression.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
ContentScriptBlockingScriptsDontRunTwice) {
ASSERT_TRUE(StartEmbeddedTestServer());
// Load up an extension.
TestExtensionDir ext_dir1;
ext_dir1.WriteManifest(
base::StringPrintf(kManifest, "ext1", "document_idle"));
ext_dir1.WriteFile(FILE_PATH_LITERAL("script.js"), kBlockingScript);
const Extension* ext1 = LoadExtension(ext_dir1.UnpackedPath());
ASSERT_TRUE(ext1);
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
auto* js_dialog_manager =
javascript_dialogs::TabModalDialogManager::FromWebContents(web_contents);
base::RunLoop dialog_wait;
js_dialog_manager->SetDialogShownCallbackForTesting(
dialog_wait.QuitClosure());
// Navigate!
ui_test_utils::NavigateToURLWithDisposition(
browser(), embedded_test_server()->GetURL("/empty.html"),
WindowOpenDisposition::CURRENT_TAB, ui_test_utils::BROWSER_TEST_NONE);
dialog_wait.Run();
// The extension will have injected at idle, but it should only inject once.
js_dialog_manager->HandleJavaScriptDialog(web_contents, true, nullptr);
EXPECT_TRUE(RunAllPending(web_contents));
EXPECT_FALSE(js_dialog_manager->IsShowingDialogForTesting());
}
// Bug fix for crbug.com/507461.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
DocumentStartInjectionFromExtensionTabNavigation) {
ASSERT_TRUE(StartEmbeddedTestServer());
TestExtensionDir new_tab_override_dir;
new_tab_override_dir.WriteManifest(kNewTabOverrideManifest);
new_tab_override_dir.WriteFile(FILE_PATH_LITERAL("newtab.html"), kNewTabHtml);
const Extension* new_tab_override =
LoadExtension(new_tab_override_dir.UnpackedPath());
ASSERT_TRUE(new_tab_override);
TestExtensionDir injector_dir;
injector_dir.WriteManifest(
base::StringPrintf(kManifest, "injector", "document_start"));
injector_dir.WriteFile(FILE_PATH_LITERAL("script.js"), kNonBlockingScript);
const Extension* injector = LoadExtension(injector_dir.UnpackedPath());
ASSERT_TRUE(injector);
ExtensionTestMessageListener listener("done");
ASSERT_TRUE(
AddTabAtIndex(0, GURL("chrome://newtab"), ui::PAGE_TRANSITION_LINK));
browser()->tab_strip_model()->ActivateTabAt(0);
content::WebContents* tab_contents =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_EQ(new_tab_override->GetResourceURL("newtab.html"),
tab_contents->GetPrimaryMainFrame()->GetLastCommittedURL());
EXPECT_FALSE(listener.was_satisfied());
listener.Reset();
ui_test_utils::NavigateToURLWithDisposition(
browser(), embedded_test_server()->GetURL("/empty.html"),
WindowOpenDisposition::CURRENT_TAB,
ui_test_utils::BROWSER_TEST_WAIT_FOR_LOAD_STOP);
base::RunLoop().RunUntilIdle();
EXPECT_TRUE(listener.was_satisfied());
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
DontInjectContentScriptsInBackgroundPages) {
ASSERT_TRUE(StartEmbeddedTestServer());
// Load two extensions, one with an iframe to a.com in its background page,
// the other, a content script for a.com. The latter should never be able to
// inject the script, because scripts aren't allowed to run on foreign
// extensions' pages.
base::FilePath data_dir = test_data_dir_.AppendASCII("content_scripts");
ExtensionTestMessageListener iframe_loaded_listener("iframe loaded");
ExtensionTestMessageListener content_script_listener("script injected");
LoadExtension(data_dir.AppendASCII("script_a_com"));
LoadExtension(data_dir.AppendASCII("background_page_iframe"));
EXPECT_TRUE(iframe_loaded_listener.WaitUntilSatisfied());
EXPECT_FALSE(content_script_listener.was_satisfied());
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, CannotScriptTheNewTabPage) {
ASSERT_TRUE(StartEmbeddedTestServer());
ExtensionTestMessageListener test_listener("ready",
ReplyBehavior::kWillReply);
LoadExtension(test_data_dir_.AppendASCII("content_scripts/ntp"));
ASSERT_TRUE(test_listener.WaitUntilSatisfied());
auto did_script_inject = [](content::WebContents* web_contents) {
bool did_inject = false;
EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
web_contents,
"domAutomationController.send(document.title === 'injected');",
&did_inject));
return did_inject;
};
// First, test the executeScript() method.
ResultCatcher catcher;
test_listener.Reply(std::string());
ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
EXPECT_EQ(ntp_test_utils::GetFinalNtpUrl(browser()->profile()),
browser()
->tab_strip_model()
->GetActiveWebContents()
->GetLastCommittedURL());
EXPECT_FALSE(
did_script_inject(browser()->tab_strip_model()->GetActiveWebContents()));
// Next, check content script injection.
ASSERT_TRUE(ui_test_utils::NavigateToURL(
browser(), search::GetNewTabPageURL(profile())));
EXPECT_FALSE(
did_script_inject(browser()->tab_strip_model()->GetActiveWebContents()));
// The extension should inject on "normal" urls.
GURL unprotected_url = embedded_test_server()->GetURL(
"example.com", "/extensions/test_file.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), unprotected_url));
EXPECT_TRUE(
did_script_inject(browser()->tab_strip_model()->GetActiveWebContents()));
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptSameSiteCookies) {
ASSERT_TRUE(StartEmbeddedTestServer());
const Extension* extension = LoadExtension(
test_data_dir_.AppendASCII("content_scripts/request_cookies"));
ASSERT_TRUE(extension);
GURL url = embedded_test_server()->GetURL("a.com", "/extensions/body1.html");
ResultCatcher catcher;
constexpr char kScript[] =
R"(chrome.tabs.create({url: '%s'}, () => {
let message = 'success';
if (chrome.runtime.lastError)
message = chrome.runtime.lastError.message;
domAutomationController.send(message);
});)";
std::string result = browsertest_util::ExecuteScriptInBackgroundPage(
profile(), extension->id(),
base::StringPrintf(kScript, url.spec().c_str()));
EXPECT_EQ("success", result);
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ExecuteScriptFileSameSiteCookies) {
ASSERT_TRUE(StartEmbeddedTestServer());
const Extension* extension = LoadExtension(
test_data_dir_.AppendASCII("content_scripts/request_cookies"));
ASSERT_TRUE(extension);
GURL url = embedded_test_server()->GetURL("b.com", "/extensions/body1.html");
ResultCatcher catcher;
constexpr char kScript[] =
R"(chrome.tabs.create({url: '%s'}, (tab) => {
if (chrome.runtime.lastError) {
domAutomationController.send(chrome.runtime.lastError.message);
return;
}
chrome.tabs.executeScript(tab.id, {file: 'cookies.js'}, () => {
let message = 'success';
if (chrome.runtime.lastError)
message = chrome.runtime.lastError.message;
domAutomationController.send(message);
});
});)";
std::string result = browsertest_util::ExecuteScriptInBackgroundPage(
profile(), extension->id(),
base::StringPrintf(kScript, url.spec().c_str()));
EXPECT_EQ("success", result);
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ExecuteScriptCodeSameSiteCookies) {
ASSERT_TRUE(StartEmbeddedTestServer());
const Extension* extension = LoadExtension(
test_data_dir_.AppendASCII("content_scripts/request_cookies"));
ASSERT_TRUE(extension);
GURL url = embedded_test_server()->GetURL("b.com", "/extensions/body1.html");
ResultCatcher catcher;
constexpr char kScript[] =
R"(chrome.tabs.create({url: '%s'}, (tab) => {
if (chrome.runtime.lastError) {
domAutomationController.send(chrome.runtime.lastError.message);
return;
}
fetch(chrome.runtime.getURL('cookies.js')).then((response) => {
return response.text();
}).then((text) => {
chrome.tabs.executeScript(tab.id, {code: text}, () => {
let message = 'success';
if (chrome.runtime.lastError)
message = chrome.runtime.lastError.message;
domAutomationController.send(message);
});
}).catch((e) => {
domAutomationController.send(e);
});
});)";
std::string result = browsertest_util::ExecuteScriptInBackgroundPage(
profile(), extension->id(),
base::StringPrintf(kScript, url.spec().c_str()));
EXPECT_EQ("success", result);
EXPECT_TRUE(catcher.GetNextResult()) << catcher.message();
}
// Tests that extension content scripts can execute (including asynchronously
// through timeouts) in pages with Content-Security-Policy: sandbox.
// See https://crbug.com/811528.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ExecuteScriptBypassingSandbox) {
ASSERT_TRUE(StartEmbeddedTestServer());
TestExtensionDir test_dir;
test_dir.WriteManifest(
R"({
"name": "Bypass Sandbox CSP",
"description": "Extensions should bypass a page's CSP sandbox.",
"version": "0.1",
"manifest_version": 2,
"content_scripts": [{
"matches": ["*://example.com:*/*"],
"js": ["script.js"]
}]
})");
test_dir.WriteFile(
FILE_PATH_LITERAL("script.js"),
R"(window.setTimeout(() => { chrome.test.notifyPass(); }, 10);)");
ResultCatcher catcher;
const Extension* extension = LoadExtension(test_dir.UnpackedPath());
ASSERT_TRUE(extension);
GURL url = embedded_test_server()->GetURL(
"example.com", "/extensions/page_with_sandbox_csp.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
}
// Regression test for https://crbug.com/883526.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, InifiniteLoopInGetEffectiveURL) {
// Create an extension that injects content scripts into about:blank frames
// (and therefore has a chance to trigger an infinite loop in
// ScriptContext::GetEffectiveDocumentURLForInjection()).
TestExtensionDir test_dir;
test_dir.WriteManifest(
R"({
"name": "Content scripts everywhere",
"description": "Content scripts everywhere",
"version": "0.1",
"manifest_version": 2,
"content_scripts": [{
"matches": ["<all_urls>"],
"all_frames": true,
"match_about_blank": true,
"js": ["script.js"]
}],
"permissions": ["*://*/*"],
})");
test_dir.WriteFile(FILE_PATH_LITERAL("script.js"), "console.log('blah')");
// Create an "infinite" loop for hopping over parent/opener:
// subframe1 ---parent---> mainFrame ---opener--> subframe1 ...
ASSERT_TRUE(
ui_test_utils::NavigateToURL(browser(), GURL(url::kAboutBlankURL)));
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
ASSERT_TRUE(content::ExecJs(web_contents,
R"(
var iframe = document.createElement('iframe');
document.body.appendChild(iframe);
window.name = 'main-frame'; )"));
content::RenderFrameHost* subframe1 = ChildFrameAt(web_contents, 0);
ASSERT_TRUE(
content::ExecJs(subframe1, "var w = window.open('', 'main-frame');"));
EXPECT_EQ(subframe1, web_contents->GetOpener());
// Trigger GetEffectiveURL from another subframe:
ASSERT_TRUE(content::ExecJs(web_contents,
R"(
var iframe = document.createElement('iframe');
document.body.appendChild(iframe); )"));
// Verify that the renderer is still responsive / that the renderer didn't
// enter an infinite loop.
EXPECT_EQ(123, content::EvalJs(web_contents, "123"));
}
// Verifies how the messaging API works with content scripts.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, Test) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII(
"content_scripts/other_extensions/message_echoer_allows_by_default")));
ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII(
"content_scripts/other_extensions/message_echoer_allows")));
ASSERT_TRUE(LoadExtension(test_data_dir_.AppendASCII(
"content_scripts/other_extensions/message_echoer_denies")));
ASSERT_TRUE(RunExtensionTest("content_scripts/messaging")) << message_;
}
// Tests that the URLs of content scripts are set to the extension URL
// (chrome-extension://<id>/<path_to_script>) rather than the local file
// path.
// Regression test for https://crbug.com/714617.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, ContentScriptUrls) {
ASSERT_TRUE(StartEmbeddedTestServer());
TestExtensionDir test_dir;
test_dir.WriteManifest(
R"({
"name": "Content Script",
"manifest_version": 2,
"version": "0.1",
"background": {"scripts": ["background.js"]},
"content_scripts": [{
"matches": ["*://content-script.example/*"],
"js": ["content_script.js"]
}],
"permissions": ["*://*/*"]
})");
constexpr char kContentScriptSrc[] =
R"(console.error('TestMessage');
chrome.test.notifyPass();)";
test_dir.WriteFile(FILE_PATH_LITERAL("content_script.js"), kContentScriptSrc);
constexpr char kBackgroundScriptSrc[] =
R"(chrome.tabs.onUpdated.addListener((id, change, tab) => {
if (change.status !== 'complete')
return;
const url = new URL(tab.url);
if (url.hostname !== 'inject-script.example')
return;
chrome.tabs.executeScript(id, {file: 'content_script.js'});
});)";
test_dir.WriteFile(FILE_PATH_LITERAL("background.js"), kBackgroundScriptSrc);
const Extension* const extension = LoadExtension(test_dir.UnpackedPath());
auto load_page_and_check_error = [this, extension](const char* host) {
SCOPED_TRACE(host);
ResultCatcher catcher;
content::WebContentsConsoleObserver observer(
browser()->tab_strip_model()->GetActiveWebContents());
auto filter =
[](const content::WebContentsConsoleObserver::Message& message) {
return message.message == u"TestMessage";
};
observer.SetFilter(base::BindRepeating(filter));
ASSERT_TRUE(ui_test_utils::NavigateToURL(
browser(), embedded_test_server()->GetURL(host, "/simple.html")));
ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
ASSERT_EQ(1u, observer.messages().size());
GURL source_url(observer.messages()[0].source_id);
ASSERT_TRUE(source_url.is_valid());
EXPECT_EQ(kExtensionScheme, source_url.scheme_piece());
EXPECT_EQ(extension->id(), source_url.host_piece());
};
// Test the script url from both a static content script specified in the
// manifest, and a script injected through chrome.tabs.executeScript().
load_page_and_check_error("content-script.example");
load_page_and_check_error("inject-script.example");
}
// Verifies how the storage API works with content scripts with default access
// level.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, StorageApiDefaultAccessTest) {
// The extension verifies expectations in its background context and
// initializes state, which will be used by the content script below.
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/storage_api_default_access"))
<< message_;
// Open a url to run the content script. The content script
// then continues the test, so we need a separate ResultCatcher.
ResultCatcher catcher;
GURL url(embedded_test_server()->GetURL("/extensions/test_file.html"));
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
}
// Verifies how the storage API works with content scripts with untrusted access
// level.
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest,
StorageApiAllowUntrustedAccessTest) {
// The extension verifies expectations in its background context and
// initializes state, which will be used by the content script below.
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(
RunExtensionTest("content_scripts/storage_api_allow_untrusted_access"))
<< message_;
// Open a url to run the content script. The content script
// then continues the test, so we need a separate ResultCatcher.
ResultCatcher catcher;
GURL url(embedded_test_server()->GetURL("/extensions/test_file.html"));
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
}
// A test suite designed for exercising the behavior of content script
// injection into opaque URLs (like about:blank).
class ContentScriptRelatedFrameTest : public ContentScriptApiTest {
public:
ContentScriptRelatedFrameTest() = default;
ContentScriptRelatedFrameTest(const ContentScriptRelatedFrameTest&) = delete;
ContentScriptRelatedFrameTest& operator=(
const ContentScriptRelatedFrameTest&) = delete;
~ContentScriptRelatedFrameTest() override = default;
void SetUpOnMainThread() override;
// Whether the extension's content script should specify
// match_origin_as_fallback as true.
virtual bool IncludeMatchOriginAsFallback() { return false; }
// Returns true if the extension's content script executed in the specified
// |frame|.
bool DidScriptRunInFrame(content::RenderFrameHost* host);
// Navigates the current active tab to the specified |url|, ensuring the
// navigation succeeds. Returns the active tab's WebContents.
content::WebContents* NavigateTab(const GURL& url);
// Opens a popup to the specified |url| from the given |opener_web_contents|.
// Ensures the navigation succeeds, and returns the newly-opened popup's
// WebContents.
content::WebContents* OpenPopup(content::WebContents* opener_web_contents,
const GURL& url);
// Navigates an iframe to the specified |url| from the context of
// |navigating_host|. The iframe is retrieved from |navigating_host| by
// evaluating |frame_getter| (e.g., `frames[0]`).
void NavigateIframe(content::RenderFrameHost* navigating_host,
const std::string& frame_getter,
const GURL& url);
// Creates a new blob: URL, associated with the given `host`.
GURL CreateBlobURL(content::RenderFrameHost* host);
// Creates a new filesystem: URL, associated with the given `host`.
GURL CreateFilesystemURL(content::RenderFrameHost* host);
const GURL& about_blank() const { return about_blank_; }
const GURL& allowed_url() const { return allowed_url_; }
const GURL& disallowed_url() const { return disallowed_url_; }
const GURL& allowed_url_with_iframe() const {
return allowed_url_with_iframe_;
}
const GURL& disallowed_url_with_iframe() const {
return disallowed_url_with_iframe_;
}
const GURL& null_document_url() const { return null_document_url_; }
const GURL& data_url() const { return data_url_; }
const GURL& path_specific_allowed_url() const {
return path_specific_allowed_url_;
}
const GURL& matching_path_specific_iframe_url() const {
return matching_path_specific_iframe_url_;
}
const GURL& non_matching_path_specific_iframe_url() const {
return non_matching_path_specific_iframe_url_;
}
private:
static constexpr char kMarkerSpanId[] = "content-script-marker";
// The about:blank URL.
GURL about_blank_;
// A simple URL the extension is allowed to access.
GURL allowed_url_;
// A simple URL the extension is not allowed to access.
GURL disallowed_url_;
// A URL the extension can access with an iframe in the DOM.
GURL allowed_url_with_iframe_;
// A URL the extension is not allowed to access with an iframe in the DOM.
GURL disallowed_url_with_iframe_;
// A URL that leads to a page with an that rewrites the parent document to be
// null.
GURL null_document_url_;
// A simple data URL.
GURL data_url_;
// A URL that matches a path-specific match pattern.
GURL path_specific_allowed_url_;
// A URL that matches a path-specific match pattern and has an iframe in the
// DOM.
GURL matching_path_specific_iframe_url_;
// A URL that matches the domain of a path-specific match pattern - but not
// the path component - which also has an iframe in the DOM.
GURL non_matching_path_specific_iframe_url_;
// The test directory used to load our extension.
TestExtensionDir test_extension_dir_;
// The ID of the loaded extension.
ExtensionId extension_id_;
};
constexpr char ContentScriptRelatedFrameTest::kMarkerSpanId[];
void ContentScriptRelatedFrameTest::SetUpOnMainThread() {
ContentScriptApiTest::SetUpOnMainThread();
ASSERT_TRUE(StartEmbeddedTestServer());
about_blank_ = GURL(url::kAboutBlankURL);
allowed_url_ = embedded_test_server()->GetURL("example.com", "/simple.html");
disallowed_url_ =
embedded_test_server()->GetURL("chromium.org", "/simple.html");
allowed_url_with_iframe_ =
embedded_test_server()->GetURL("example.com", "/iframe.html");
disallowed_url_with_iframe_ =
embedded_test_server()->GetURL("chromium.org", "/iframe.html");
null_document_url_ = embedded_test_server()->GetURL(
"chromium.org", "/extensions/null_document.html");
path_specific_allowed_url_ =
embedded_test_server()->GetURL("path-test.example", "/simple.html");
matching_path_specific_iframe_url_ =
embedded_test_server()->GetURL("path-test.example", "/iframe.html");
non_matching_path_specific_iframe_url_ =
embedded_test_server()->GetURL("path-test.example", "/iframe_blank.html");
data_url_ = GURL("data:text/html,<html>Hi</html>");
constexpr char kContentScriptManifest[] =
R"({
"name": "Content Script injection in related frames",
"manifest_version": 3,
"version": "0.1",
"content_scripts": [{
"matches": ["http://example.com/*"],
"js": ["script.js"],
"run_at": "document_end",
"all_frames": true,
%s
"match_about_blank": true
}, {
"matches": [
"http://path-test.example/simple.html",
"http://path-test.example/iframe.html"
],
"js": ["script.js"],
"run_at": "document_end",
"all_frames": true,
"match_about_blank": true
}]
})";
const char* extra_property = "";
if (IncludeMatchOriginAsFallback())
extra_property = R"("match_origin_as_fallback": true,)";
std::string manifest =
base::StringPrintf(kContentScriptManifest, extra_property);
test_extension_dir_.WriteManifest(manifest);
std::string script = base::StringPrintf(
R"(let span = document.createElement('span');
span.id = '%s';
document.body.appendChild(span);)",
kMarkerSpanId);
test_extension_dir_.WriteFile(FILE_PATH_LITERAL("script.js"), script);
const Extension* extension =
LoadExtension(test_extension_dir_.UnpackedPath());
ASSERT_TRUE(extension);
extension_id_ = extension->id();
}
bool ContentScriptRelatedFrameTest::DidScriptRunInFrame(
content::RenderFrameHost* host) {
// The WebContents needs to have stopped loading at this point for this check
// to be guaranteed. Since the script runs at document_end (which runs
// after DOMContentLoaded is fired, before window.onload), this check will be
// guaranteed to run after it.
EXPECT_FALSE(content::WebContents::FromRenderFrameHost(host)->IsLoading());
bool did_run =
content::EvalJs(host, content::JsReplace("!!document.getElementById($1)",
kMarkerSpanId))
.ExtractBool();
if (did_run) {
// Sanity check: If the content script ran in the frame, we should also have
// tracked it properly browser-side.
// Note that we don't just do:
// EXPECT_EQ(did_run, DidProcessRunContentScriptFromExtension(...))
// because even if the given frame didn't have the script run, another frame
// in the process may have.
EXPECT_TRUE(ContentScriptTracker::DidProcessRunContentScriptFromExtension(
*host->GetProcess(), extension_id_));
}
return did_run;
}
content::WebContents* ContentScriptRelatedFrameTest::NavigateTab(
const GURL& url) {
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
content::TestNavigationObserver observer(web_contents);
EXPECT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
EXPECT_TRUE(observer.last_navigation_succeeded());
EXPECT_EQ(url, web_contents->GetLastCommittedURL());
return web_contents;
}
content::WebContents* ContentScriptRelatedFrameTest::OpenPopup(
content::WebContents* opener_web_contents,
const GURL& url) {
int initial_tab_count = browser()->tab_strip_model()->count();
content::TestNavigationObserver popup_observer(nullptr /* web_contents */);
popup_observer.StartWatchingNewWebContents();
EXPECT_TRUE(content::ExecuteScript(
opener_web_contents, content::JsReplace("window.open($1);", url.spec())));
popup_observer.Wait();
EXPECT_EQ(initial_tab_count + 1, browser()->tab_strip_model()->count());
content::WebContents* popup =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_EQ(url, popup->GetLastCommittedURL());
EXPECT_NE(popup, opener_web_contents);
return popup;
}
void ContentScriptRelatedFrameTest::NavigateIframe(
content::RenderFrameHost* navigating_host,
const std::string& frame_getter,
const GURL& url) {
constexpr char kScriptTemplate[] =
R"({
let frame = %s;
frame.location.href = '%s';
})";
std::string script = base::StringPrintf(kScriptTemplate, frame_getter.c_str(),
url.spec().c_str());
content::TestNavigationObserver navigation_observer(url);
navigation_observer.WatchExistingWebContents();
EXPECT_TRUE(content::ExecuteScript(navigating_host, script));
navigation_observer.Wait();
EXPECT_TRUE(navigation_observer.last_navigation_succeeded());
// Also wait for the full WebContents to stop loading, in case the iframe's
// new source has nested iframes.
EXPECT_TRUE(content::WaitForLoadStop(
content::WebContents::FromRenderFrameHost(navigating_host)));
}
GURL ContentScriptRelatedFrameTest::CreateBlobURL(
content::RenderFrameHost* host) {
constexpr char kCreateBlobURL[] =
R"((() => {
let content = '<html><h1>BLOB!</h1></html>';
let blob = new Blob([content], {type: 'text/html'});
return URL.createObjectURL(blob);
})();)";
std::string url_string =
content::EvalJs(host, kCreateBlobURL).ExtractString();
GURL url(url_string);
EXPECT_TRUE(url.is_valid());
EXPECT_EQ(url::kBlobScheme, url.scheme());
EXPECT_EQ(
url::Origin::Create(host->GetLastCommittedURL()).GetURL(),
url::Origin::Create(url).GetTupleOrPrecursorTupleIfOpaque().GetURL());
return url;
}
GURL ContentScriptRelatedFrameTest::CreateFilesystemURL(
content::RenderFrameHost* host) {
constexpr char kCreateFilesystemURL[] =
R"((new Promise((resolve) => {
let blob = new Blob(['<html><body>" + content + "</body></html>'],
{type: 'text/html'});
window.webkitRequestFileSystem(TEMPORARY, blob.size, fs => {
fs.root.getFile('foo.html', {create: true}, file => {
file.createWriter(writer => {
writer.write(blob);
writer.onwriteend = () => {
resolve(file.toURL());
}
});
});
});
}));)";
std::string url_string =
content::EvalJs(host, kCreateFilesystemURL).ExtractString();
GURL url(url_string);
EXPECT_TRUE(url.is_valid());
EXPECT_EQ(url::kFileSystemScheme, url.scheme());
EXPECT_EQ(
url::Origin::Create(host->GetLastCommittedURL()).GetURL(),
url::Origin::Create(url).GetTupleOrPrecursorTupleIfOpaque().GetURL());
return url;
}
// Injection should succeed on a popup to about:blank created by an allowed
// site.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_Iframe_Allowed) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", about_blank());
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(about_blank(), render_frame_host->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(render_frame_host));
}
// Injection should fail on an iframe to about:blank created by a disallowed
// site.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_Iframe_Disallowed) {
content::WebContents* tab = NavigateTab(disallowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", about_blank());
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(about_blank(), render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Injection should succeed on a popup to about:blank created by an allowed
// site.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_Popup_Allowed) {
content::WebContents* tab = NavigateTab(allowed_url());
content::WebContents* popup = OpenPopup(tab, about_blank());
EXPECT_TRUE(DidScriptRunInFrame(popup->GetPrimaryMainFrame()));
}
// Injection should fail on a popup to about:blank created by a disallowed site.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_Popup_Disallowed) {
content::WebContents* tab = NavigateTab(disallowed_url());
content::WebContents* popup = OpenPopup(tab, about_blank());
EXPECT_FALSE(DidScriptRunInFrame(popup->GetPrimaryMainFrame()));
}
// Browser-initiated navigations do not have a separate precursor tuple, so
// injection should be disallowed.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_BrowserOpened) {
content::WebContents* tab = NavigateTab(about_blank());
EXPECT_FALSE(DidScriptRunInFrame(tab->GetPrimaryMainFrame()));
}
// Tests injecting a content script when the iframe rewrites the parent to be
// null. This re-write causes the parent to itself become an about:blank frame
// without a parent. Regression test for https://crbug.com/963347 and
// https://crbug.com/963420.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_NullParent) {
NavigateParams navigate_params(browser(), null_document_url(),
ui::PAGE_TRANSITION_TYPED);
navigate_params.disposition = WindowOpenDisposition::NEW_FOREGROUND_TAB;
// Save the WebContents instance that will be created by this navigation, as
// the dom message that we later wait for is sent in this instance.
content::WebContents* web_contents = nullptr;
{
content::WebContentsAddedObserver new_web_contents_observer;
Navigate(&navigate_params);
web_contents = new_web_contents_observer.GetWebContents();
}
content::DOMMessageQueue message_queue(web_contents);
std::string result;
// We can't rely on the navigation observer logic, because the frame is
// destroyed before it finishes loading. Instead, it sends a message through
// DOMAutomationController immediately before it (synchronously) re-writes the
// parent.
ASSERT_TRUE(message_queue.WaitForMessage(&result));
EXPECT_EQ(R"("navigated")", result);
content::WebContents* tab =
browser()->tab_strip_model()->GetActiveWebContents();
EXPECT_EQ(null_document_url(), tab->GetLastCommittedURL());
content::RenderFrameHost* main_frame = tab->GetPrimaryMainFrame();
// Sanity check: The main frame should have been re-written. The test passes
// if there's no crash. Since the iframe rewrites the parent synchronously
// after sending the "navigated" message, there's no risk of a race here.
EXPECT_EQ("null", content::EvalJs(main_frame, "document.body.innerHTML;"));
// The test passes if there's no crash. Previously, we didn't handle the
// no-parent about:blank case well when there was a non-about:blank
// precursor origin, which caused a crash during the document writing.
}
// Tests that match_about_blank does not allow extensions to inject into blob:
// URLs.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_BlobFrame) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
GURL blob_url = CreateBlobURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", blob_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(blob_url, render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Tests that match_about_blank does not allow extensions to inject into data:
// URLs.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_DataFrame) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", data_url());
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(data_url(), render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Tests that content scripts can run on filesystem: URLs.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
MatchAboutBlank_FilesystemFrame) {
// TODO(https://crbug.com/1332598): Remove this test when removing filesystem:
// navigation for good.
if (!base::FeatureList::IsEnabled(blink::features::kFileSystemUrlNavigation))
GTEST_SKIP();
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
GURL filesystem_url = CreateFilesystemURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", filesystem_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(filesystem_url, render_frame_host->GetLastCommittedURL());
// Even though match_about_blank won't consider filesystem: URLs when
// determining the URL to use, URLPatterns (used in permissions and
// content script URL pattern matching) do. As such, the content script
// still injects into the filesystem frame.
EXPECT_TRUE(DidScriptRunInFrame(render_frame_host));
}
// Test content script injection into iframes when the script has a
// path-specific pattern.
IN_PROC_BROWSER_TEST_F(ContentScriptRelatedFrameTest,
FrameInjectionWithPathSpecificMatchPattern) {
// Open a page to the page that's same-origin with the match pattern, but
// doesn't match.
content::WebContents* tab =
NavigateTab(non_matching_path_specific_iframe_url());
// Navigate the child frame to the URL that matches the path requirement.
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]",
path_specific_allowed_url());
content::RenderFrameHost* child_frame =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
EXPECT_EQ(path_specific_allowed_url(), child_frame->GetLastCommittedURL());
// The script should have ran in the child frame (which matches the pattern),
// but not the parent frame (which doesn't match the path component).
EXPECT_TRUE(DidScriptRunInFrame(child_frame));
EXPECT_FALSE(DidScriptRunInFrame(tab->GetPrimaryMainFrame()));
// Now, navigate the iframe to an about:blank URL.
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", about_blank());
// Unlike match_origin_as_fallback, match_about_blank will attempt to climb
// the frame tree to find an ancestor with path. This results in finding the
// parent frame, which doesn't match the script's pattern, and so the script
// does not inject.
EXPECT_EQ(about_blank(), child_frame->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(child_frame));
}
// TODO(devlin): Similar to the above test, exercise one with a frame that
// closes its own parent. This needs to use tabs.executeScript (for timing
// reasons), but is close enough to a content script test to re-use the same
// suite.
class ContentScriptMatchOriginAsFallbackTest
: public ContentScriptRelatedFrameTest {
public:
ContentScriptMatchOriginAsFallbackTest() {
feature_list_.InitAndEnableFeature(
extensions_features::kContentScriptsMatchOriginAsFallback);
}
~ContentScriptMatchOriginAsFallbackTest() override = default;
bool IncludeMatchOriginAsFallback() override { return true; }
private:
base::test::ScopedFeatureList feature_list_;
};
// Inject a content script on an iframe to a data: URL on an allowed site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
DataURLInjection_SimpleIframe_Allowed) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", data_url());
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(data_url(), render_frame_host->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(render_frame_host));
}
// Fail to inject a content script on an iframe to a data: URL on a protected
// site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
DataURLInjection_SimpleIframe_Disallowed) {
content::WebContents* tab = NavigateTab(disallowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", data_url());
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(data_url(), render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Inject a content script on an iframe to a blob: URL on an allowed site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
BlobURLInjection_SimpleIframe_Allowed) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
GURL blob_url = CreateBlobURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", blob_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(blob_url, render_frame_host->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(render_frame_host));
}
// Fail to inject a content script on an iframe to a blob: URL on a protected
// site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
BlobURLInjection_SimpleIframe_Disallowed) {
content::WebContents* tab = NavigateTab(disallowed_url_with_iframe());
GURL blob_url = CreateBlobURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", blob_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(blob_url, render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Inject a content script on an iframe to a filesystem: URL on an allowed site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
FilesystemURLInjection_SimpleIframe_Allowed) {
// TODO(https://crbug.com/1332598): Remove this test when removing filesystem:
// navigation for good.
if (!base::FeatureList::IsEnabled(blink::features::kFileSystemUrlNavigation))
GTEST_SKIP();
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
GURL filesystem_url = CreateFilesystemURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", filesystem_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(filesystem_url, render_frame_host->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(render_frame_host));
}
// Fail to inject a content script on an iframe to a filesystem: URL on a
// protected site.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
FilesystemURLInjection_SimpleIframe_Disallowed) {
// TODO(https://crbug.com/1332598): Remove this test when removing filesystem:
// navigation for good.
if (!base::FeatureList::IsEnabled(blink::features::kFileSystemUrlNavigation))
GTEST_SKIP();
content::WebContents* tab = NavigateTab(disallowed_url_with_iframe());
GURL filesystem_url = CreateFilesystemURL(tab->GetPrimaryMainFrame());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", filesystem_url);
content::RenderFrameHost* render_frame_host =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(render_frame_host);
EXPECT_EQ(filesystem_url, render_frame_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(render_frame_host));
}
// Inject into nested iframes with data: URLs.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
DataURLInjection_NestedDataIframe_SameOrigin) {
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
// Create a data: URL that will have an iframe to another data: URL.
std::string nested_frame_src = "data:text/html,<html>Hello</html>";
const std::string nested_data_html = base::StringPrintf(
"<html><iframe name=\"nested\" src=\"%s\"></iframe></html>",
nested_frame_src.c_str());
const GURL data_url(base::StrCat({"data:text/html,", nested_data_html}));
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]", data_url);
// The extension should have injected in both iframes, since they each
// "belong" to the original, allowed site.
content::RenderFrameHost* first_data =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
ASSERT_TRUE(first_data);
EXPECT_EQ(data_url, first_data->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(first_data));
content::RenderFrameHost* nested_data = content::ChildFrameAt(first_data, 0);
ASSERT_TRUE(nested_data);
EXPECT_EQ(GURL(nested_frame_src), nested_data->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(nested_data));
}
// Test content script injection into navigated iframes to data: URLs when the
// navigator is not accessible by the extension.
IN_PROC_BROWSER_TEST_F(
ContentScriptMatchOriginAsFallbackTest,
DataURLInjection_NestedDataIframe_Navigation_Disallowed) {
// Open a page to a protected site, and then navigate an iframe to an allowed
// site with an iframe.
content::WebContents* tab = NavigateTab(disallowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]",
allowed_url_with_iframe());
content::RenderFrameHost* example_com_frame =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
EXPECT_EQ(allowed_url_with_iframe(),
example_com_frame->GetLastCommittedURL());
// Navigate the iframe within the allowed site to a data URL.
NavigateIframe(example_com_frame, "frames[0]", data_url());
{
// The allowed site is the initiator of the data URL frame, and the
// extension should inject.
content::RenderFrameHost* data_url_host = content::FrameMatchingPredicate(
tab->GetPrimaryPage(),
base::BindRepeating(content::FrameHasSourceUrl, data_url()));
ASSERT_TRUE(data_url_host);
EXPECT_EQ(data_url(), data_url_host->GetLastCommittedURL());
EXPECT_TRUE(DidScriptRunInFrame(data_url_host));
}
// Now, navigate the iframe within the allowed site to a data URL, but do so
// from the top frame (which the extension is not allowed to access).
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0].frames[0]", data_url());
{
// Since the top frame (which the extension may not access) is now the
// initiator of the data: URL, the extension shouldn't inject.
content::RenderFrameHost* data_url_host = content::FrameMatchingPredicate(
tab->GetPrimaryPage(),
base::BindRepeating(content::FrameHasSourceUrl, data_url()));
ASSERT_TRUE(data_url_host);
EXPECT_EQ(data_url(), data_url_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(data_url_host));
}
}
// Test content script injection into navigated iframes to data: URLs when the
// navigator is accessible by the extension.
IN_PROC_BROWSER_TEST_F(ContentScriptMatchOriginAsFallbackTest,
DataURLInjection_NestedDataIframe_Navigation_Allowed) {
// Open a page to an allowed site, and then navigate an iframe to a disallowed
// site with an iframe.
content::WebContents* tab = NavigateTab(allowed_url_with_iframe());
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0]",
disallowed_url_with_iframe());
content::RenderFrameHost* example_com_frame =
content::ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
EXPECT_EQ(disallowed_url_with_iframe(),
example_com_frame->GetLastCommittedURL());
// Navigate the iframe within the disallowed site to a data URL.
NavigateIframe(example_com_frame, "frames[0]", data_url());
{
// The disallowed site is the initiator of the data URL frame, and the
// extension should not inject.
content::RenderFrameHost* data_url_host = content::FrameMatchingPredicate(
tab->GetPrimaryPage(),
base::BindRepeating(content::FrameHasSourceUrl, data_url()));
ASSERT_TRUE(data_url_host);
EXPECT_TRUE(data_url_host->GetParent());
EXPECT_EQ(data_url(), data_url_host->GetLastCommittedURL());
EXPECT_FALSE(DidScriptRunInFrame(data_url_host));
}
// Now, navigate the iframe within the disallowed site to a data URL, but do
// so from the top frame (which the extension is allowed to access).
NavigateIframe(tab->GetPrimaryMainFrame(), "frames[0].frames[0]", data_url());
{
content::RenderFrameHost* data_url_host = content::FrameMatchingPredicate(
tab->GetPrimaryPage(),
base::BindRepeating(content::FrameHasSourceUrl, data_url()));
ASSERT_TRUE(data_url_host);
EXPECT_TRUE(data_url_host->GetParent());
EXPECT_EQ(data_url(), data_url_host->GetLastCommittedURL());
// The extension should be allowed to inject since it has access to the
// related frame. https://crbug.com/1111028.
EXPECT_TRUE(DidScriptRunInFrame(data_url_host));
}
}
// Test fixture which sets a custom NTP Page.
// TODO(karandeepb): Similar logic to set up a custom NTP is used elsewhere as
// well. Abstract this away into a reusable test fixture class.
class NTPInterceptionTest : public ExtensionApiTest {
public:
NTPInterceptionTest()
: https_test_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
NTPInterceptionTest(const NTPInterceptionTest&) = delete;
NTPInterceptionTest& operator=(const NTPInterceptionTest&) = delete;
// ExtensionApiTest override:
void SetUpOnMainThread() override {
ExtensionApiTest::SetUpOnMainThread();
test_data_dir_ = test_data_dir_.AppendASCII("ntp_content_script");
https_test_server_.ServeFilesFromDirectory(test_data_dir_);
ASSERT_TRUE(https_test_server_.Start());
GURL ntp_url = https_test_server_.GetURL("/fake_ntp.html");
ntp_test_utils::SetUserSelectedDefaultSearchProvider(
profile(), https_test_server_.base_url().spec(), ntp_url.spec());
}
const net::EmbeddedTestServer* https_test_server() const {
return &https_test_server_;
}
private:
net::EmbeddedTestServer https_test_server_;
};
// Ensure extensions can't inject a content script into the New Tab page.
// Regression test for crbug.com/844428.
IN_PROC_BROWSER_TEST_F(NTPInterceptionTest, ContentScript) {
// Load an extension which tries to inject a script into every frame.
ExtensionTestMessageListener listener("ready");
const Extension* extension = LoadExtension(test_data_dir_);
ASSERT_TRUE(extension);
ASSERT_TRUE(listener.WaitUntilSatisfied());
// Create a corresponding off the record profile for the current profile. This
// is necessary to reproduce crbug.com/844428, which occurs in part due to
// incorrect handling of multiple profiles by the NTP code.
Browser* incognito_browser = CreateIncognitoBrowser(profile());
ASSERT_TRUE(incognito_browser);
// Ensure that the extension isn't able to inject the script into the New Tab
// Page.
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(),
GURL(chrome::kChromeUINewTabURL)));
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
ASSERT_TRUE(search::IsInstantNTP(web_contents));
bool script_injected_in_ntp = false;
ASSERT_TRUE(ExecuteScriptAndExtractBool(
web_contents,
"window.domAutomationController.send(document.title !== 'Fake NTP');",
&script_injected_in_ntp));
EXPECT_FALSE(script_injected_in_ntp);
}
IN_PROC_BROWSER_TEST_F(ContentScriptApiTest, CoepFrameTest) {
using HttpRequest = net::test_server::HttpRequest;
using HttpResponse = net::test_server::HttpResponse;
// We have a separate server because COEP only works in secure contexts.
net::EmbeddedTestServer server(net::EmbeddedTestServer::TYPE_HTTPS);
server.RegisterRequestHandler(base::BindRepeating(
[](const HttpRequest& request) -> std::unique_ptr<HttpResponse> {
auto response = std::make_unique<net::test_server::BasicHttpResponse>();
response->set_content_type("text/html");
response->AddCustomHeader("cross-origin-embedder-policy",
"require-corp");
response->set_content("<!doctpye html><html></html>");
return response;
}));
const extensions::Extension* extension =
LoadExtension(test_data_dir_.AppendASCII("content_scripts/coep_frame"));
ASSERT_TRUE(extension);
auto handle = server.StartAndReturnHandle();
const GURL url = server.GetURL("/hello.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
const std::u16string kPassed = u"PASSED";
const std::u16string kFailed = u"FAILED";
content::TitleWatcher watcher(
browser()->tab_strip_model()->GetActiveWebContents(), kPassed);
watcher.AlsoWaitForTitle(kFailed);
ASSERT_EQ(kPassed, watcher.WaitAndGetTitle());
}
class ContentScriptApiIdentifiabilityTest : public ContentScriptApiTest {
public:
void SetUpOnMainThread() override {
identifiability_metrics_test_helper_.SetUpOnMainThread();
ContentScriptApiTest::SetUpOnMainThread();
}
protected:
IdentifiabilityMetricsTestHelper identifiability_metrics_test_helper_;
};
// TODO(crbug.com/1305273): Fix this flaky test.
// Test that identifiability study of content script injection produces the
// expected UKM events.
IN_PROC_BROWSER_TEST_F(ContentScriptApiIdentifiabilityTest,
DISABLED_InjectionRecorded) {
base::RunLoop run_loop;
identifiability_metrics_test_helper_.PrepareForTest(&run_loop);
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/all_frames")) << message_;
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
std::map<ukm::SourceId, ukm::mojom::UkmEntryPtr> merged_entries =
identifiability_metrics_test_helper_.NavigateToBlankAndWaitForMetrics(
web_contents, &run_loop);
// Right now the instrumentation infra doesn't track all of the sources that
// reported a particular surface, so we merely look for if one had it.
// Eventually both frames should report it.
//
// Further, we can't actually check the UKM source ID since those events
// are renderer-side, so use Document-generated IDs that are different than
// the navigation IDs provided by RenderFrameHost.
std::set<ukm::SourceId> source_ids =
IdentifiabilityMetricsTestHelper::GetSourceIDsForSurfaceAndExtension(
merged_entries,
blink::IdentifiableSurface::Type::kExtensionContentScript,
GetSingleLoadedExtension()->id());
EXPECT_FALSE(source_ids.empty());
}
// Test that where a page doesn't get a content script injected, no
// such event is recorded.
IN_PROC_BROWSER_TEST_F(ContentScriptApiIdentifiabilityTest,
NoInjectionRecorded) {
base::RunLoop run_loop;
identifiability_metrics_test_helper_.PrepareForTest(&run_loop);
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), GURL("about:blank")));
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
identifiability_metrics_test_helper_.EnsureIdentifiabilityEventGenerated(
web_contents);
std::map<ukm::SourceId, ukm::mojom::UkmEntryPtr> merged_entries =
identifiability_metrics_test_helper_.NavigateToBlankAndWaitForMetrics(
web_contents, &run_loop);
EXPECT_FALSE(IdentifiabilityMetricsTestHelper::ContainsSurfaceOfType(
merged_entries,
blink::IdentifiableSurface::Type::kExtensionContentScript));
}
class SubresourceWebBundlesContentScriptApiTest : public ExtensionApiTest {
protected:
// Registers a request handler for static content.
void RegisterRequestHandler(const std::string& relative_url,
const std::string& content_type,
const std::string& content,
bool nosniff) {
embedded_test_server()->RegisterRequestHandler(base::BindLambdaForTesting(
[relative_url, content_type, content,
nosniff](const net::test_server::HttpRequest& request)
-> std::unique_ptr<net::test_server::HttpResponse> {
if (request.relative_url == relative_url) {
auto response =
std::make_unique<net::test_server::BasicHttpResponse>();
response->set_code(net::HTTP_OK);
response->set_content_type(content_type);
response->set_content(content);
if (nosniff) {
response->AddCustomHeader("X-Content-Type-Options", "nosniff");
}
return std::move(response);
}
return nullptr;
}));
}
private:
base::test::ScopedFeatureList feature_list_;
};
IN_PROC_BROWSER_TEST_F(SubresourceWebBundlesContentScriptApiTest,
SubresourceWebBundleIframe) {
// Create an extension that injects a content script in "uuid-in-package"
// scheme urls.
TestExtensionDir test_dir;
test_dir.WriteManifest(R"({
"name": "Web Request Subresource Web Bundles Test",
"manifest_version": 2,
"version": "0.1",
"permissions": ["uuid-in-package:*"],
"content_scripts": [{
"matches":[
"uuid-in-package:*"
],
"all_frames": true,
"js":[
"content_script.js"
]
}]
})");
test_dir.WriteFile(FILE_PATH_LITERAL("content_script.js"),
R"(
(() => {
const documentUrl = document.location.toString();
chrome.test.sendMessage(documentUrl);
})();
)");
ASSERT_TRUE(LoadExtension(test_dir.UnpackedPath()));
const std::string uuid_html_url =
"uuid-in-package:65c6f241-f6b5-4302-9f95-9a826c4dda1c";
web_package::WebBundleBuilder builder;
builder.AddExchange(uuid_html_url,
{{":status", "200"}, {"content-type", "text/html"}},
"<script>console.error('hoge');</script>");
std::vector<uint8_t> bundle = builder.CreateBundle();
const std::string web_bundle = std::string(bundle.begin(), bundle.end());
// For serving web bundles, "Content-Type: application/webbundle" and
// "X-Content-Type-Options: nosniff" response headers are required.
// https://wicg.github.io/webpackage/draft-yasskin-wpack-bundled-exchanges.html#name-serving-constraints
RegisterRequestHandler("/test.wbn", "application/webbundle", web_bundle,
true /* nosniff */);
const std::string page_html = base::StringPrintf(R"(
<script type="webbundle">
{
"source": "./test.wbn",
"scopes": ["uuid-in-package:"]
}
</script>
<iframe src="%s"></iframe>
)",
uuid_html_url.c_str());
RegisterRequestHandler("/test.html", "text/html", page_html,
false /* nosniff */);
ASSERT_TRUE(StartEmbeddedTestServer());
ExtensionTestMessageListener listener;
GURL page_url = embedded_test_server()->GetURL("/test.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), page_url));
ASSERT_TRUE(listener.WaitUntilSatisfied());
EXPECT_EQ(uuid_html_url, listener.message());
}
class ContentScriptApiPrerenderingTest : public ContentScriptApiTest {
public:
ContentScriptApiPrerenderingTest() {
feature_list_.InitWithFeatures(
{
network::features::kPrerender2ContentSecurityPolicyExtensions,
extensions_features::kMinimumMV3CSPWithInlineSpeculationRules,
},
{});
}
private:
content::test::ScopedPrerenderFeatureList prerender_feature_list_;
base::test::ScopedFeatureList feature_list_;
};
// TODO(crbug.com/1344548): Re-enable this test
IN_PROC_BROWSER_TEST_F(ContentScriptApiPrerenderingTest,
DISABLED_Prerendering) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/prerendering")) << message_;
}
// Checks if injecting inline speculation rules are permitted in the manifest v3
// content_scripts.
IN_PROC_BROWSER_TEST_F(ContentScriptApiPrerenderingTest, SpeculationRules) {
ASSERT_TRUE(StartEmbeddedTestServer());
ASSERT_TRUE(RunExtensionTest("content_scripts/speculation_rules"))
<< message_;
}
class ContentScriptApiFencedFrameTest : public ContentScriptApiTest {
protected:
ContentScriptApiFencedFrameTest() {
feature_list_.InitWithFeaturesAndParameters(
{{blink::features::kFencedFrames, {{"implementation_type", "mparch"}}},
{features::kPrivacySandboxAdsAPIsOverride, {}}},
{/* disabled_features */});
UseHttpsTestServer();
}
~ContentScriptApiFencedFrameTest() override = default;
private:
base::test::ScopedFeatureList feature_list_;
};
// Inject two extensions with matching rules. Only the extension
// that matches the outermost extension's content_scripts should
// get injected.
// The documentIdle extension should execute (sending 'done').
// The documentStart extension should not-execute (sending 'fail') since it
// isn't the parent extension of the fenced frame.
IN_PROC_BROWSER_TEST_F(ContentScriptApiFencedFrameTest,
InjectionMatchesCorrectExtension) {
ASSERT_TRUE(StartEmbeddedTestServer());
const char kDocumentIdleExtensionManifest[] =
R"MANIFEST({
"name": "Document Idle Extesnsion",
"version": "0.1",
"manifest_version": 3,
"content_scripts": [{
"matches": ["https://*/fenced_frames/title1.html"],
"js": ["script.js"],
"run_at": "document_idle",
"all_frames": true
}]
})MANIFEST";
const char kDocumentStartExtensionManifest[] =
R"MANIFEST({
"name": "Document Start extension",
"version": "0.1",
"manifest_version": 3,
"content_scripts": [{
"matches": ["https://*/fenced_frames/title1.html"],
"js": ["script.js"],
"run_at": "document_start",
"all_frames": true
}]
})MANIFEST";
GURL fenced_frame_url =
embedded_test_server()->GetURL("a.test", "/fenced_frames/title1.html");
const char kFencedFrameHtml[] =
R"HTML(<html>Fenced Frame Test!<fencedframe src="%s">
</fencedframe></html>)HTML";
TestExtensionDir document_idle_extension_dir;
document_idle_extension_dir.WriteManifest(kDocumentIdleExtensionManifest);
document_idle_extension_dir.WriteFile(
FILE_PATH_LITERAL("test.html"),
base::StringPrintf(kFencedFrameHtml, fenced_frame_url.spec().c_str()));
document_idle_extension_dir.WriteFile(FILE_PATH_LITERAL("script.js"),
kNonBlockingScript);
const Extension* extension =
LoadExtension(document_idle_extension_dir.UnpackedPath());
ASSERT_TRUE(extension);
TestExtensionDir document_start_extension_dir;
const char kFailureScript[] = "chrome.test.sendMessage('fail');";
document_start_extension_dir.WriteManifest(kDocumentStartExtensionManifest);
document_start_extension_dir.WriteFile(FILE_PATH_LITERAL("script.js"),
kFailureScript);
ASSERT_TRUE(LoadExtension(document_start_extension_dir.UnpackedPath()));
ExtensionTestMessageListener listener;
content::WebContents* tab_contents =
browser()->tab_strip_model()->GetActiveWebContents();
GURL extension_test_url = extension->GetResourceURL("test.html");
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), extension_test_url));
EXPECT_EQ(extension_test_url,
tab_contents->GetPrimaryMainFrame()->GetLastCommittedURL());
EXPECT_TRUE(listener.WaitUntilSatisfied());
EXPECT_EQ("done", listener.message());
}
} // namespace extensions