// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "base/command_line.h" #include "base/strings/stringprintf.h" #include "build/build_config.h" #include "content/browser/child_process_security_policy_impl.h" #include "content/browser/process_lock.h" #include "content/browser/renderer_host/frame_tree_node.h" #include "content/browser/renderer_host/render_frame_host_impl.h" #include "content/browser/site_info.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/common/frame.mojom.h" #include "content/public/browser/web_contents.h" #include "content/public/browser/webui_config_map.h" #include "content/public/common/bindings_policy.h" #include "content/public/common/content_switches.h" #include "content/public/common/url_constants.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_content_browser_client.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/scoped_web_ui_controller_factory_registration.h" #include "content/public/test/test_frame_navigation_observer.h" #include "content/public/test/test_navigation_observer.h" #include "content/public/test/web_ui_browsertest_util.h" #include "content/shell/browser/shell.h" #include "content/shell/common/shell_switches.h" #include "content/test/content_browser_test_utils_internal.h" #include "ipc/ipc_security_test_util.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "ui/webui/untrusted_web_ui_browsertest_util.h" #include "url/url_constants.h" namespace content { namespace { const char kAddIframeScript[] = …; const char kAdditionalScheme[] = …; blink::mojom::OpenURLParamsPtr CreateOpenURLParams(const GURL& url) { … } bool DoesURLRequireDedicatedProcess(const IsolationContext& isolation_context, const GURL& url) { … } } // namespace class WebUINavigationBrowserTest : public ContentBrowserTest { … }; // Verify that a chrome: scheme document can add iframes with web content, as // long as X-Frame-Options and the default Content-Security-Policy are // overridden to allow the frame to be embedded. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInChromeSchemeIsAllowed) { … } // Verify that a chrome-untrusted:// scheme document can add iframes with web // content when the CSP allows it. This is different from chrome:// URLs where // no web content can be loaded, even if the CSP allows it. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInChromeUntrustedSchemeAllowedByCSP) { … } // Verify that a chrome: scheme document cannot add iframes with web content // and does not crash if the navigation is blocked by CSP. // See https://crbug.com/944086. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInChromeSchemeDisallowedByCSP) { … } // Verify that a chrome-untrusted:// scheme document cannot add iframes with web // content when the CSP disallows it. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInChromeUntrustedSchemeDisallowedByCSP) { … } // Verify that a browser check stops websites from embeding chrome:// iframes. // This tests the OpenURL Mojo method. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, DisallowEmbeddingChromeSchemeFromWebFrameBrowserCheck) { … } // Verify that a browser check stops websites from embeding chrome-untrusted:// // iframes. This tests the OpenURL Mojo method path. IN_PROC_BROWSER_TEST_F( WebUINavigationBrowserTest, DisallowEmbeddingChromeUntrustedSchemeFromWebFrameBrowserCheck) { … } // Verify an iframe with no frame ancestors is blocked from being embedded in // other WebUIs and on the web. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, FrameAncestorsDisallowEmbedding) { … } // Verify an iframe with frame ancestors of the same origin can only be embedded // by itself. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, FrameAncestorsAllowEmbedding) { … } // Verify an iframe with a frame ancestor that is a different origin to its own // URL is allowed to only be embedded in that WebUI. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, FrameAncestorsAllowEmbeddingFromOtherHosts) { … } // Verify that default WebUI cannot embed chrome-untrusted: iframes. To allow // embedding, WebUI needs to call AddRequestableScheme to explicitly allow it. IN_PROC_BROWSER_TEST_F( WebUINavigationBrowserTest, ChromeUntrustedFrameInChromeSchemeDisallowedInDefaultWebUI) { … } // Verify that a chrome-untrusted:// scheme iframe can be embedded in chrome:// // frame. The test needs to specify requestableschemes parameter to the main // frame WebUI URL, which will result in a call to AddRequestableScheme and // permit the embedding to work. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, ChromeUntrustedFrameInChromeSchemeAllowed) { … } // Verify that a renderer check stops websites from embeding chrome:// iframes. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, DisallowEmbeddingChromeSchemeFromWebFrameRendererCheck) { … } const char kOpenUrlViaClickTargetFunc[] = …; // Adds a link with given url and target=_blank, and clicks on it. void OpenUrlViaClickTarget(const ToRenderFrameHost& adapter, const GURL& url) { … } // Verify that two WebUIs with a shared domain have different SiteInstance // and BrowsingInstance even when the WebUI is opened from the other WebUI. Even // though they share a domain, their hosts are different, so they have different // WebUI types which triggers a BrowsingInstance swap. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, SharedDomainDifferentSiteInstanceNavigation) { … } // Verify that two WebUIs with a shared domain have different SiteInstance // and BrowsingInstance even when the WebUI is opened from the other WebUI. Even // though they share a domain, their hosts are different, so they have different // WebUI types which triggers a BrowsingInstance swap. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, SharedDomainDifferentSiteInstanceUrlClick) { … } // Used to test browser-side checks by disabling some renderer-side checks. class WebUINavigationDisabledWebSecurityBrowserTest : public WebUINavigationBrowserTest { … }; // Verify that a browser check stops websites from embeding chrome:// iframes. // This tests the Frame::BeginNavigation path. IN_PROC_BROWSER_TEST_F(WebUINavigationDisabledWebSecurityBrowserTest, DisallowEmbeddingChromeSchemeFromWebFrameBrowserCheck2) { … } // Verify that a browser check stops websites from navigating to // chrome:// documents in the main frame. This tests the Frame::BeginNavigation // path. IN_PROC_BROWSER_TEST_F( WebUINavigationDisabledWebSecurityBrowserTest, DisallowNavigatingToChromeSchemeFromWebFrameBrowserCheck) { … } // Verify that a browser check stops websites from navigating to // chrome-untrusted:// documents in the main frame. This tests the // Frame::BeginNavigation path. IN_PROC_BROWSER_TEST_F( WebUINavigationDisabledWebSecurityBrowserTest, DisallowNavigatingToChromeUntrustedSchemeFromWebFrameBrowserCheck) { … } // Verify that website cannot use window.open() to navigate succsesfully a new // window to a chrome:// URL. IN_PROC_BROWSER_TEST_F(WebUINavigationDisabledWebSecurityBrowserTest, DisallowWebWindowOpenToChromeURL) { … } // Verify that website cannot use window.open() to navigate successfully a new // window to a chrome-untrusted:// URL. IN_PROC_BROWSER_TEST_F(WebUINavigationDisabledWebSecurityBrowserTest, DisallowWebWindowOpenToChromeUntrustedURL) { … } // Verify that a WebUI document in the main frame is allowed to navigate to // web content and it properly does cross-process navigation. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebUIMainFrameToWebAllowed) { … } #if !BUILDFLAG(IS_ANDROID) // The following tests rely on full site isolation behavior, which is not // present on Android. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInWebUIProcessAllowed) { … } IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInMojoWebUIProcessAllowed) { … } IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebFrameInHybridWebUIProcessAllowed) { … } #endif IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebUISubframeNewWindowToWebAllowed) { … } IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, MojoWebUISubframeNewWindowToWebAllowed) { … } IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, HybridWebUISubframeNewWindowToWebAllowed) { … } IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, WebUIOriginsRequireDedicatedProcess) { … } // Verify chrome-untrusted:// uses a dedicated process. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, UntrustedWebUIOriginsRequireDedicatedProcess) { … } // Verify that navigating back/forward between WebUI and an error page for a // failed WebUI navigation works correctly. IN_PROC_BROWSER_TEST_F(WebUINavigationBrowserTest, SessionHistoryToFailedNavigation) { … } class AdditionalSchemesWebUINavigationBrowserTest : public ContentBrowserTest { … }; // Verify that WebUIDataSource can support non-default schemes. IN_PROC_BROWSER_TEST_F(AdditionalSchemesWebUINavigationBrowserTest, AdditionalSchemesWebUINavigation) { … } } // namespace content
Codebase Browser
chromium