From ba6decf3bee9f3cd8dbe38935cf90f538d0f63d0 Mon Sep 17 00:00:00 2001 From: ekaramad Date: Tue, 5 May 2015 07:36:48 -0700 Subject: [PATCH] Verifying that the running app is not being embedded in the . BUG=477419 Review URL: https://codereview.chromium.org/1112473003 Cr-Commit-Position: refs/heads/master@{#328327} --- .../browser/apps/guest_view/app_view_browsertest.cc | 10 ++++++++++ .../extensions/platform_apps/app_view/shim/main.js | 20 +++++++++++++++++++- .../browser/guest_view/app_view/app_view_guest.cc | 6 +++++- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/chrome/browser/apps/guest_view/app_view_browsertest.cc b/chrome/browser/apps/guest_view/app_view_browsertest.cc index d3e870073d91..0278507d3b52 100644 --- a/chrome/browser/apps/guest_view/app_view_browsertest.cc +++ b/chrome/browser/apps/guest_view/app_view_browsertest.cc @@ -115,3 +115,13 @@ IN_PROC_BROWSER_TEST_F(AppViewTest, TestAppViewMultipleConnects) { skeleton_app->id(), NO_TEST_SERVER); } + +// Tests that does not embed self (the app which owns appview). +IN_PROC_BROWSER_TEST_F(AppViewTest, TestAppViewEmbedSelfShouldFail) { + const extensions::Extension* skeleton_app = + InstallPlatformApp("app_view/shim/skeleton"); + TestHelper("testAppViewEmbedSelfShouldFail", + "app_view/shim", + skeleton_app->id(), + NO_TEST_SERVER); +} diff --git a/chrome/test/data/extensions/platform_apps/app_view/shim/main.js b/chrome/test/data/extensions/platform_apps/app_view/shim/main.js index 926df4465019..595c69c89002 100644 --- a/chrome/test/data/extensions/platform_apps/app_view/shim/main.js +++ b/chrome/test/data/extensions/platform_apps/app_view/shim/main.js @@ -162,12 +162,30 @@ function testAppViewMultipleConnects(appToEmbed) { appview.connect(appToEmbed, { 'foo': 'bleep' }, callback); }; +function testAppViewEmbedSelfShouldFail(appToEmbed) { + var appview = new AppView(); + var currentapp_id = chrome.runtime.id; + LOG('appToEmbed ' + currentapp_id); + document.body.appendChild(appview); + LOG('Attempting to embed self...(id=' + currentapp_id + ').'); + appview.connect(currentapp_id, undefined, function(success) { + if (success) { + LOG('UNEXPECTED CONNECTION.'); + embedder.test.fail(); + return; + }; + LOG('EXPECTED REFUSAL.'); + embedder.test.succeed(); + }); +}; + embedder.test.testList = { 'testAppViewWithUndefinedDataShouldSucceed': testAppViewWithUndefinedDataShouldSucceed, 'testAppViewRefusedDataShouldFail': testAppViewRefusedDataShouldFail, 'testAppViewGoodDataShouldSucceed': testAppViewGoodDataShouldSucceed, - 'testAppViewMultipleConnects': testAppViewMultipleConnects + 'testAppViewMultipleConnects': testAppViewMultipleConnects, + 'testAppViewEmbedSelfShouldFail': testAppViewEmbedSelfShouldFail }; onload = function() { diff --git a/extensions/browser/guest_view/app_view/app_view_guest.cc b/extensions/browser/guest_view/app_view/app_view_guest.cc index 65a5295186f4..66aa59352128 100644 --- a/extensions/browser/guest_view/app_view/app_view_guest.cc +++ b/extensions/browser/guest_view/app_view/app_view_guest.cc @@ -176,7 +176,11 @@ void AppViewGuest::CreateWebContents( callback.Run(nullptr); return; } - + // Verifying that the appId is not the same as the host application. + if (owner_host() == app_id) { + callback.Run(nullptr); + return; + } const base::DictionaryValue* data = nullptr; if (!create_params.GetDictionary(appview::kData, &data)) { callback.Run(nullptr); -- 2.11.4.GIT