search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / browser / renderer_host / render_view_host_unittest.cc
blob638442e5f60a68e0719821e2b54bb59e346f5178
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/path_service.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "content/browser/child_process_security_policy_impl.h"
8 #include "content/browser/frame_host/render_frame_host_impl.h"
9 #include "content/browser/renderer_host/render_message_filter.h"
10 #include "content/browser/renderer_host/render_view_host_delegate_view.h"
11 #include "content/browser/renderer_host/render_widget_helper.h"
12 #include "content/common/input_messages.h"
13 #include "content/common/view_messages.h"
14 #include "content/public/browser/browser_context.h"
15 #include "content/public/browser/navigation_entry.h"
16 #include "content/public/common/bindings_policy.h"
17 #include "content/public/common/drop_data.h"
18 #include "content/public/common/url_constants.h"
19 #include "content/public/test/mock_render_process_host.h"
20 #include "content/test/test_content_browser_client.h"
21 #include "content/test/test_render_view_host.h"
22 #include "content/test/test_web_contents.h"
23 #include "net/base/filename_util.h"
24 #include "third_party/WebKit/public/web/WebDragOperation.h"
25 #include "ui/base/page_transition_types.h"
26
27 namespace content {
28
29 class RenderViewHostTestBrowserClient : public TestContentBrowserClient {
30 public:
31 RenderViewHostTestBrowserClient() {}
32 ~RenderViewHostTestBrowserClient() override {}
33
34 bool IsHandledURL(const GURL& url) override {
35 return url.scheme() == url::kFileScheme;
36 }
37
38 private:
39 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTestBrowserClient);
40 };
41
42 class RenderViewHostTest : public RenderViewHostImplTestHarness {
43 public:
44 RenderViewHostTest() : old_browser_client_(NULL) {}
45 ~RenderViewHostTest() override {}
46
47 void SetUp() override {
48 RenderViewHostImplTestHarness::SetUp();
49 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
50 }
51
52 void TearDown() override {
53 SetBrowserClientForTesting(old_browser_client_);
54 RenderViewHostImplTestHarness::TearDown();
55 }
56
57 private:
58 RenderViewHostTestBrowserClient test_browser_client_;
59 ContentBrowserClient* old_browser_client_;
60
61 DISALLOW_COPY_AND_ASSIGN(RenderViewHostTest);
62 };
63
64 // All about URLs reported by the renderer should get rewritten to about:blank.
65 // See RenderViewHost::OnNavigate for a discussion.
66 TEST_F(RenderViewHostTest, FilterAbout) {
67 contents()->GetMainFrame()->SendNavigate(1, GURL("about:cache"));
68 ASSERT_TRUE(controller().GetVisibleEntry());
69 EXPECT_EQ(GURL(url::kAboutBlankURL),
70 controller().GetVisibleEntry()->GetURL());
71 }
72
73 // Create a full screen popup RenderWidgetHost and View.
74 TEST_F(RenderViewHostTest, CreateFullscreenWidget) {
75 int routing_id = process()->GetNextRoutingID();
76 test_rvh()->CreateNewFullscreenWidget(routing_id);
77 }
78
79 // Makes sure that the RenderViewHost is not waiting for an unload ack when
80 // reloading a page. If this is not the case, when reloading, the contents may
81 // get closed out even though the user pressed the reload button.
82 TEST_F(RenderViewHostTest, ResetUnloadOnReload) {
83 const GURL url1("http://foo1");
84 const GURL url2("http://foo2");
85
86 // This test is for a subtle timing bug. Here's the sequence that triggered
87 // the bug:
88 // . go to a page.
89 // . go to a new page, preferably one that takes a while to resolve, such
90 // as one on a site that doesn't exist.
91 // . After this step IsWaitingForUnloadACK returns true on the first RVH.
92 // . click stop before the page has been commited.
93 // . click reload.
94 // . IsWaitingForUnloadACK still returns true, and if the hang monitor fires
95 // the contents gets closed.
96
97 NavigateAndCommit(url1);
98 controller().LoadURL(
99 url2, Referrer(), ui::PAGE_TRANSITION_LINK, std::string());
100 // Simulate the ClosePage call which is normally sent by the net::URLRequest.
101 rvh()->ClosePage();
102 // Needed so that navigations are not suspended on the RFH.
103 main_test_rfh()->SendBeforeUnloadACK(true);
104 contents()->Stop();
105 controller().Reload(false);
106 EXPECT_FALSE(main_test_rfh()->IsWaitingForUnloadACK());
107 }
108
109 // Ensure we do not grant bindings to a process shared with unprivileged views.
110 TEST_F(RenderViewHostTest, DontGrantBindingsToSharedProcess) {
111 // Create another view in the same process.
112 scoped_ptr<TestWebContents> new_web_contents(
113 TestWebContents::Create(browser_context(), rvh()->GetSiteInstance()));
114
115 rvh()->AllowBindings(BINDINGS_POLICY_WEB_UI);
116 EXPECT_FALSE(rvh()->GetEnabledBindings() & BINDINGS_POLICY_WEB_UI);
117 }
118
119 class MockDraggingRenderViewHostDelegateView
120 : public RenderViewHostDelegateView {
121 public:
122 ~MockDraggingRenderViewHostDelegateView() override {}
123 void StartDragging(const DropData& drop_data,
124 blink::WebDragOperationsMask allowed_ops,
125 const gfx::ImageSkia& image,
126 const gfx::Vector2d& image_offset,
127 const DragEventSourceInfo& event_info) override {
128 drag_url_ = drop_data.url;
129 html_base_url_ = drop_data.html_base_url;
130 }
131 void UpdateDragCursor(blink::WebDragOperation operation) override {}
132 void GotFocus() override {}
133 void TakeFocus(bool reverse) override {}
134 virtual void UpdatePreferredSize(const gfx::Size& pref_size) {}
135
136 GURL drag_url() {
137 return drag_url_;
138 }
139
140 GURL html_base_url() {
141 return html_base_url_;
142 }
143
144 private:
145 GURL drag_url_;
146 GURL html_base_url_;
147 };
148
149 TEST_F(RenderViewHostTest, StartDragging) {
150 TestWebContents* web_contents = contents();
151 MockDraggingRenderViewHostDelegateView delegate_view;
152 web_contents->set_delegate_view(&delegate_view);
153
154 DropData drop_data;
155 GURL file_url = GURL("file:///home/user/secrets.txt");
156 drop_data.url = file_url;
157 drop_data.html_base_url = file_url;
158 test_rvh()->TestOnStartDragging(drop_data);
159 EXPECT_EQ(GURL(url::kAboutBlankURL), delegate_view.drag_url());
160 EXPECT_EQ(GURL(url::kAboutBlankURL), delegate_view.html_base_url());
161
162 GURL http_url = GURL("http://www.domain.com/index.html");
163 drop_data.url = http_url;
164 drop_data.html_base_url = http_url;
165 test_rvh()->TestOnStartDragging(drop_data);
166 EXPECT_EQ(http_url, delegate_view.drag_url());
167 EXPECT_EQ(http_url, delegate_view.html_base_url());
168
169 GURL https_url = GURL("https://www.domain.com/index.html");
170 drop_data.url = https_url;
171 drop_data.html_base_url = https_url;
172 test_rvh()->TestOnStartDragging(drop_data);
173 EXPECT_EQ(https_url, delegate_view.drag_url());
174 EXPECT_EQ(https_url, delegate_view.html_base_url());
175
176 GURL javascript_url = GURL("javascript:alert('I am a bookmarklet')");
177 drop_data.url = javascript_url;
178 drop_data.html_base_url = http_url;
179 test_rvh()->TestOnStartDragging(drop_data);
180 EXPECT_EQ(javascript_url, delegate_view.drag_url());
181 EXPECT_EQ(http_url, delegate_view.html_base_url());
182 }
183
184 TEST_F(RenderViewHostTest, DragEnteredFileURLsStillBlocked) {
185 DropData dropped_data;
186 gfx::Point client_point;
187 gfx::Point screen_point;
188 // We use "//foo/bar" path (rather than "/foo/bar") since dragged paths are
189 // expected to be absolute on any platforms.
190 base::FilePath highlighted_file_path(FILE_PATH_LITERAL("//tmp/foo.html"));
191 base::FilePath dragged_file_path(FILE_PATH_LITERAL("//tmp/image.jpg"));
192 base::FilePath sensitive_file_path(FILE_PATH_LITERAL("//etc/passwd"));
193 GURL highlighted_file_url = net::FilePathToFileURL(highlighted_file_path);
194 GURL dragged_file_url = net::FilePathToFileURL(dragged_file_path);
195 GURL sensitive_file_url = net::FilePathToFileURL(sensitive_file_path);
196 dropped_data.url = highlighted_file_url;
197 dropped_data.filenames.push_back(
198 ui::FileInfo(dragged_file_path, base::FilePath()));
199
200 rvh()->DragTargetDragEnter(dropped_data, client_point, screen_point,
201 blink::WebDragOperationNone, 0);
202
203 int id = process()->GetID();
204 ChildProcessSecurityPolicyImpl* policy =
205 ChildProcessSecurityPolicyImpl::GetInstance();
206
207 EXPECT_FALSE(policy->CanRequestURL(id, highlighted_file_url));
208 EXPECT_FALSE(policy->CanReadFile(id, highlighted_file_path));
209 EXPECT_TRUE(policy->CanRequestURL(id, dragged_file_url));
210 EXPECT_TRUE(policy->CanReadFile(id, dragged_file_path));
211 EXPECT_FALSE(policy->CanRequestURL(id, sensitive_file_url));
212 EXPECT_FALSE(policy->CanReadFile(id, sensitive_file_path));
213 }
214
215 TEST_F(RenderViewHostTest, MessageWithBadHistoryItemFiles) {
216 base::FilePath file_path;
217 EXPECT_TRUE(PathService::Get(base::DIR_TEMP, &file_path));
218 file_path = file_path.AppendASCII("foo");
219 EXPECT_EQ(0, process()->bad_msg_count());
220 test_rvh()->TestOnUpdateStateWithFile(-1, file_path);
221 EXPECT_EQ(1, process()->bad_msg_count());
222
223 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
224 process()->GetID(), file_path);
225 test_rvh()->TestOnUpdateStateWithFile(-1, file_path);
226 EXPECT_EQ(1, process()->bad_msg_count());
227 }
228
229 TEST_F(RenderViewHostTest, NavigationWithBadHistoryItemFiles) {
230 GURL url("http://www.google.com");
231 base::FilePath file_path;
232 EXPECT_TRUE(PathService::Get(base::DIR_TEMP, &file_path));
233 file_path = file_path.AppendASCII("bar");
234 EXPECT_EQ(0, process()->bad_msg_count());
235 contents()->GetMainFrame()->SendNavigateWithFile(1, url, file_path);
236 EXPECT_EQ(1, process()->bad_msg_count());
237
238 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
239 process()->GetID(), file_path);
240 contents()->GetMainFrame()->SendNavigateWithFile(process()->GetID(), url,
241 file_path);
242 EXPECT_EQ(1, process()->bad_msg_count());
243 }
244
245 TEST_F(RenderViewHostTest, RoutingIdSane) {
246 RenderFrameHostImpl* root_rfh =
247 contents()->GetFrameTree()->root()->current_frame_host();
248 EXPECT_EQ(contents()->GetMainFrame(), root_rfh);
249 EXPECT_EQ(test_rvh()->GetProcess(), root_rfh->GetProcess());
250 EXPECT_NE(test_rvh()->GetRoutingID(), root_rfh->routing_id());
251 }
252
253 class TestSaveImageFromDataURL : public RenderMessageFilter {
254 public:
255 TestSaveImageFromDataURL(
256 BrowserContext* context)
257 : RenderMessageFilter(
258 0,
259 nullptr,
260 context,
261 context->GetRequestContext(),
262 nullptr,
263 nullptr,
264 nullptr,
265 nullptr) {
266 Reset();
267 }
268
269 void Reset() {
270 url_string_ = std::string();
271 is_downloaded_ = false;
272 }
273
274 std::string& UrlString() const {
275 return url_string_;
276 }
277
278 bool IsDownloaded() const {
279 return is_downloaded_;
280 }
281
282 void Test(const std::string& url) {
283 OnMessageReceived(ViewHostMsg_SaveImageFromDataURL(0, url));
284 }
285
286 protected:
287 ~TestSaveImageFromDataURL() override {}
288 void DownloadUrl(int render_view_id,
289 const GURL& url,
290 const Referrer& referrer,
291 const base::string16& suggested_name,
292 const bool use_prompt) const override {
293 url_string_ = url.spec();
294 is_downloaded_ = true;
295 }
296
297 private:
298 mutable std::string url_string_;
299 mutable bool is_downloaded_;
300 };
301
302 TEST_F(RenderViewHostTest, SaveImageFromDataURL) {
303 scoped_refptr<TestSaveImageFromDataURL> tester(
304 new TestSaveImageFromDataURL(browser_context()));
305
306 tester->Reset();
307 tester->Test("http://non-data-url.com");
308 EXPECT_EQ(tester->UrlString(), "");
309 EXPECT_FALSE(tester->IsDownloaded());
310
311 const std::string data_url = "data:image/gif;base64,"
312 "R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=";
313
314 tester->Reset();
315 tester->Test(data_url);
316 EXPECT_EQ(tester->UrlString(), data_url);
317 EXPECT_TRUE(tester->IsDownloaded());
318 }
319
320 } // namespace content