1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/path_service.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "content/browser/child_process_security_policy_impl.h"
8 #include "content/browser/frame_host/render_frame_host_impl.h"
9 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
10 #include "content/common/input_messages.h"
11 #include "content/common/view_messages.h"
12 #include "content/public/browser/navigation_entry.h"
13 #include "content/public/common/bindings_policy.h"
14 #include "content/public/common/drop_data.h"
15 #include "content/public/common/page_transition_types.h"
16 #include "content/public/common/url_constants.h"
17 #include "content/public/test/mock_render_process_host.h"
18 #include "content/test/test_content_browser_client.h"
19 #include "content/test/test_render_view_host.h"
20 #include "content/test/test_web_contents.h"
21 #include "net/base/filename_util.h"
22 #include "third_party/WebKit/public/web/WebDragOperation.h"
26 class RenderViewHostTestBrowserClient
: public TestContentBrowserClient
{
28 RenderViewHostTestBrowserClient() {}
29 virtual ~RenderViewHostTestBrowserClient() {}
31 virtual bool IsHandledURL(const GURL
& url
) OVERRIDE
{
32 return url
.scheme() == url::kFileScheme
;
36 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTestBrowserClient
);
39 class RenderViewHostTest
: public RenderViewHostImplTestHarness
{
41 RenderViewHostTest() : old_browser_client_(NULL
) {}
42 virtual ~RenderViewHostTest() {}
44 virtual void SetUp() OVERRIDE
{
45 RenderViewHostImplTestHarness::SetUp();
46 old_browser_client_
= SetBrowserClientForTesting(&test_browser_client_
);
49 virtual void TearDown() OVERRIDE
{
50 SetBrowserClientForTesting(old_browser_client_
);
51 RenderViewHostImplTestHarness::TearDown();
55 RenderViewHostTestBrowserClient test_browser_client_
;
56 ContentBrowserClient
* old_browser_client_
;
58 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTest
);
61 // All about URLs reported by the renderer should get rewritten to about:blank.
62 // See RenderViewHost::OnNavigate for a discussion.
63 TEST_F(RenderViewHostTest
, FilterAbout
) {
64 test_rvh()->SendNavigate(1, GURL("about:cache"));
65 ASSERT_TRUE(controller().GetVisibleEntry());
66 EXPECT_EQ(GURL(url::kAboutBlankURL
),
67 controller().GetVisibleEntry()->GetURL());
70 // Create a full screen popup RenderWidgetHost and View.
71 TEST_F(RenderViewHostTest
, CreateFullscreenWidget
) {
72 int routing_id
= process()->GetNextRoutingID();
73 test_rvh()->CreateNewFullscreenWidget(routing_id
);
76 // Makes sure that the RenderViewHost is not waiting for an unload ack when
77 // reloading a page. If this is not the case, when reloading, the contents may
78 // get closed out even though the user pressed the reload button.
79 TEST_F(RenderViewHostTest
, ResetUnloadOnReload
) {
80 const GURL
url1("http://foo1");
81 const GURL
url2("http://foo2");
83 // This test is for a subtle timing bug. Here's the sequence that triggered
86 // . go to a new page, preferably one that takes a while to resolve, such
87 // as one on a site that doesn't exist.
88 // . After this step IsWaitingForUnloadACK returns true on the first RVH.
89 // . click stop before the page has been commited.
91 // . IsWaitingForUnloadACK still returns true, and if the hang monitor fires
92 // the contents gets closed.
94 NavigateAndCommit(url1
);
96 url2
, Referrer(), PAGE_TRANSITION_LINK
, std::string());
97 // Simulate the ClosePage call which is normally sent by the net::URLRequest.
99 // Needed so that navigations are not suspended on the RVH.
100 test_rvh()->SendBeforeUnloadACK(true);
102 controller().Reload(false);
103 EXPECT_FALSE(test_rvh()->IsWaitingForUnloadACK());
106 // Ensure we do not grant bindings to a process shared with unprivileged views.
107 TEST_F(RenderViewHostTest
, DontGrantBindingsToSharedProcess
) {
108 // Create another view in the same process.
109 scoped_ptr
<TestWebContents
> new_web_contents(
110 TestWebContents::Create(browser_context(), rvh()->GetSiteInstance()));
112 rvh()->AllowBindings(BINDINGS_POLICY_WEB_UI
);
113 EXPECT_FALSE(rvh()->GetEnabledBindings() & BINDINGS_POLICY_WEB_UI
);
116 class MockDraggingRenderViewHostDelegateView
117 : public RenderViewHostDelegateView
{
119 virtual ~MockDraggingRenderViewHostDelegateView() {}
120 virtual void StartDragging(const DropData
& drop_data
,
121 blink::WebDragOperationsMask allowed_ops
,
122 const gfx::ImageSkia
& image
,
123 const gfx::Vector2d
& image_offset
,
124 const DragEventSourceInfo
& event_info
) OVERRIDE
{
125 drag_url_
= drop_data
.url
;
126 html_base_url_
= drop_data
.html_base_url
;
128 virtual void UpdateDragCursor(blink::WebDragOperation operation
) OVERRIDE
{}
129 virtual void GotFocus() OVERRIDE
{}
130 virtual void TakeFocus(bool reverse
) OVERRIDE
{}
131 virtual void UpdatePreferredSize(const gfx::Size
& pref_size
) {}
137 GURL
html_base_url() {
138 return html_base_url_
;
146 TEST_F(RenderViewHostTest
, StartDragging
) {
147 TestWebContents
* web_contents
= contents();
148 MockDraggingRenderViewHostDelegateView delegate_view
;
149 web_contents
->set_delegate_view(&delegate_view
);
152 GURL file_url
= GURL("file:///home/user/secrets.txt");
153 drop_data
.url
= file_url
;
154 drop_data
.html_base_url
= file_url
;
155 test_rvh()->TestOnStartDragging(drop_data
);
156 EXPECT_EQ(GURL(url::kAboutBlankURL
), delegate_view
.drag_url());
157 EXPECT_EQ(GURL(url::kAboutBlankURL
), delegate_view
.html_base_url());
159 GURL http_url
= GURL("http://www.domain.com/index.html");
160 drop_data
.url
= http_url
;
161 drop_data
.html_base_url
= http_url
;
162 test_rvh()->TestOnStartDragging(drop_data
);
163 EXPECT_EQ(http_url
, delegate_view
.drag_url());
164 EXPECT_EQ(http_url
, delegate_view
.html_base_url());
166 GURL https_url
= GURL("https://www.domain.com/index.html");
167 drop_data
.url
= https_url
;
168 drop_data
.html_base_url
= https_url
;
169 test_rvh()->TestOnStartDragging(drop_data
);
170 EXPECT_EQ(https_url
, delegate_view
.drag_url());
171 EXPECT_EQ(https_url
, delegate_view
.html_base_url());
173 GURL javascript_url
= GURL("javascript:alert('I am a bookmarklet')");
174 drop_data
.url
= javascript_url
;
175 drop_data
.html_base_url
= http_url
;
176 test_rvh()->TestOnStartDragging(drop_data
);
177 EXPECT_EQ(javascript_url
, delegate_view
.drag_url());
178 EXPECT_EQ(http_url
, delegate_view
.html_base_url());
181 TEST_F(RenderViewHostTest
, DragEnteredFileURLsStillBlocked
) {
182 DropData dropped_data
;
183 gfx::Point client_point
;
184 gfx::Point screen_point
;
185 // We use "//foo/bar" path (rather than "/foo/bar") since dragged paths are
186 // expected to be absolute on any platforms.
187 base::FilePath
highlighted_file_path(FILE_PATH_LITERAL("//tmp/foo.html"));
188 base::FilePath
dragged_file_path(FILE_PATH_LITERAL("//tmp/image.jpg"));
189 base::FilePath
sensitive_file_path(FILE_PATH_LITERAL("//etc/passwd"));
190 GURL highlighted_file_url
= net::FilePathToFileURL(highlighted_file_path
);
191 GURL dragged_file_url
= net::FilePathToFileURL(dragged_file_path
);
192 GURL sensitive_file_url
= net::FilePathToFileURL(sensitive_file_path
);
193 dropped_data
.url
= highlighted_file_url
;
194 dropped_data
.filenames
.push_back(
195 ui::FileInfo(dragged_file_path
, base::FilePath()));
197 rvh()->DragTargetDragEnter(dropped_data
, client_point
, screen_point
,
198 blink::WebDragOperationNone
, 0);
200 int id
= process()->GetID();
201 ChildProcessSecurityPolicyImpl
* policy
=
202 ChildProcessSecurityPolicyImpl::GetInstance();
204 EXPECT_FALSE(policy
->CanRequestURL(id
, highlighted_file_url
));
205 EXPECT_FALSE(policy
->CanReadFile(id
, highlighted_file_path
));
206 EXPECT_TRUE(policy
->CanRequestURL(id
, dragged_file_url
));
207 EXPECT_TRUE(policy
->CanReadFile(id
, dragged_file_path
));
208 EXPECT_FALSE(policy
->CanRequestURL(id
, sensitive_file_url
));
209 EXPECT_FALSE(policy
->CanReadFile(id
, sensitive_file_path
));
212 TEST_F(RenderViewHostTest
, MessageWithBadHistoryItemFiles
) {
213 base::FilePath file_path
;
214 EXPECT_TRUE(PathService::Get(base::DIR_TEMP
, &file_path
));
215 file_path
= file_path
.AppendASCII("foo");
216 EXPECT_EQ(0, process()->bad_msg_count());
217 test_rvh()->TestOnUpdateStateWithFile(process()->GetID(), file_path
);
218 EXPECT_EQ(1, process()->bad_msg_count());
220 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
221 process()->GetID(), file_path
);
222 test_rvh()->TestOnUpdateStateWithFile(process()->GetID(), file_path
);
223 EXPECT_EQ(1, process()->bad_msg_count());
226 TEST_F(RenderViewHostTest
, NavigationWithBadHistoryItemFiles
) {
227 GURL
url("http://www.google.com");
228 base::FilePath file_path
;
229 EXPECT_TRUE(PathService::Get(base::DIR_TEMP
, &file_path
));
230 file_path
= file_path
.AppendASCII("bar");
231 EXPECT_EQ(0, process()->bad_msg_count());
232 test_rvh()->SendNavigateWithFile(1, url
, file_path
);
233 EXPECT_EQ(1, process()->bad_msg_count());
235 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
236 process()->GetID(), file_path
);
237 test_rvh()->SendNavigateWithFile(process()->GetID(), url
, file_path
);
238 EXPECT_EQ(1, process()->bad_msg_count());
241 TEST_F(RenderViewHostTest
, RoutingIdSane
) {
242 RenderFrameHostImpl
* root_rfh
=
243 contents()->GetFrameTree()->root()->current_frame_host();
244 EXPECT_EQ(test_rvh()->GetProcess(), root_rfh
->GetProcess());
245 EXPECT_NE(test_rvh()->GetRoutingID(), root_rfh
->routing_id());
248 } // namespace content