Limit URL schemes passed on the command line to file: and those allowed by RendererSecurityPolicy::IsWebSafeScheme

BUG=9862 TEST=browser_tests --gtest_filter=BrowserInitTest.BlockBadURLs Review URL: http://codereview.chromium.org/550008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36239 0039d316-1c4b-4281-b951-d872f2087c98
author: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-01-14 15:15:54 +0000
committer: jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-01-14 15:15:54 +0000
commit: cf2f9ebf31d505a701b62dea166bea7bce86b76c (patch)
tree: 5c26772c6ee9ea237575facb2eac82cc1fd03869 /chrome/browser/browser_init_browsertest.cc
parent: eed37dc68dbc0cf3c4f434c14bbda903d1d261e9 (diff)
download: chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.zip
chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.gz
chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.bz2
1 files changed, 29 insertions, 0 deletions
diff --git a/chrome/browser/browser_init_browsertest.cc b/chrome/browser/browser_init_browsertest.cc
index 5c6d60a..ed4bad8 100644
--- a/chrome/browser/browser_init_browsertest.cc
+++ b/chrome/browser/browser_init_browsertest.cc
@@ -6,6 +6,7 @@
 #include "chrome/browser/browser_init.h"
 #include "chrome/browser/browser_list.h"
 #include "chrome/browser/browser_window.h"
+#include "chrome/browser/tab_contents/tab_contents.h"
 #include "chrome/test/in_process_browser_test.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -55,4 +56,32 @@ IN_PROC_BROWSER_TEST_F(BrowserInitTest, OpenURLsPopup) {
   BrowserList::RemoveObserver(&observer);
 }
 
+// Test that we prevent openning potentially dangerous schemes from the
+// command line. Marked FLAKY because browser instance may not start before
+// enumerating the tabs.
+IN_PROC_BROWSER_TEST_F(BrowserInitTest, FLAKY_BlockBadURLs) {
+  const std::wstring testurlstr(L"http://localhost/");
+  const GURL testurl(WideToUTF16Hack(testurlstr));
+  CommandLine cmdline(CommandLine::ARGUMENTS_ONLY);
+  cmdline.AppendLooseValue(testurlstr);
+  cmdline.AppendLooseValue(std::wstring(L"javascript:alert('boo')"));
+  cmdline.AppendLooseValue(testurlstr);
+  cmdline.AppendLooseValue(std::wstring(L"view-source:http://localhost/"));
+
+  // This will pick up the current browser instance.
+  BrowserInit::LaunchWithProfile launch(std::wstring(), cmdline);
+  launch.Launch(browser()->profile(), false);
+
+  // Give the browser a chance to start first.
+  PlatformThread::Sleep(50);
+
+  // Skip about:blank in the first tab
+  for (int  i = 1; i < browser()->tab_count(); i++) {
+    const GURL &url = browser()->GetTabContentsAt(i)->GetURL();
+    ASSERT_EQ(url, testurl);
+  }
+  ASSERT_EQ(browser()->tab_count(), 3);
+}
+
+
 }  // namespace
author	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-01-14 15:15:54 +0000
committer	jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-01-14 15:15:54 +0000
commit	cf2f9ebf31d505a701b62dea166bea7bce86b76c (patch)
tree	5c26772c6ee9ea237575facb2eac82cc1fd03869 /chrome/browser/browser_init_browsertest.cc
parent	eed37dc68dbc0cf3c4f434c14bbda903d1d261e9 (diff)
download	chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.zip chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.gz chromium_src-cf2f9ebf31d505a701b62dea166bea7bce86b76c.tar.bz2