// Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "base/command_line.h" #include "base/strings/stringprintf.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/test/base/in_process_browser_test.h" #include "chrome/test/base/ui_test_utils.h" #include "content/public/browser/notification_observer.h" #include "content/public/browser/notification_service.h" #include "content/public/browser/notification_types.h" #include "content/public/browser/render_frame_host.h" #include "content/public/browser/web_contents.h" #include "content/public/browser/web_contents_observer.h" #include "content/public/common/content_switches.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/test_utils.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "url/gurl.h" class ChromeSitePerProcessTest : public InProcessBrowserTest { public: ChromeSitePerProcessTest() {} ~ChromeSitePerProcessTest() override {} void SetUpCommandLine(base::CommandLine* command_line) override { command_line->AppendSwitch(switches::kSitePerProcess); } void SetUpOnMainThread() override { host_resolver()->AddRule("*", "127.0.0.1"); ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady()); content::SetupCrossSiteRedirector(embedded_test_server()); } private: DISALLOW_COPY_AND_ASSIGN(ChromeSitePerProcessTest); }; // Verify that browser shutdown path works correctly when there's a // RenderFrameProxyHost for a child frame. IN_PROC_BROWSER_TEST_F(ChromeSitePerProcessTest, RenderFrameProxyHostShutdown) { GURL main_url(embedded_test_server()->GetURL( "a.com", "/frame_tree/page_with_two_frames_remote_and_local.html")); ui_test_utils::NavigateToURL(browser(), main_url); } // Verify that origin replication allows JS access to localStorage, database, // and FileSystem APIs. These features involve a check on the // WebSecurityOrigin of the topmost WebFrame in ContentSettingsObserver, and // this test ensures this check works when the top frame is remote. // // Disabled due to a shutdown race condition that can lead to UAF in the // renderer (https://crbug.com/470055). IN_PROC_BROWSER_TEST_F(ChromeSitePerProcessTest, DISABLED_OriginReplicationAllowsAccessToStorage) { // Navigate to a page with a same-site iframe. GURL main_url(embedded_test_server()->GetURL("a.com", "/iframe.html")); ui_test_utils::NavigateToURL(browser(), main_url); // Navigate subframe cross-site. content::WebContents* active_web_contents = browser()->tab_strip_model()->GetActiveWebContents(); GURL cross_site_url(embedded_test_server()->GetURL("b.com", "/title2.html")); EXPECT_TRUE(NavigateIframeToURL(active_web_contents, "test", cross_site_url)); // Find the subframe's RenderFrameHost. content::RenderFrameHost* frame_host = FrameMatchingPredicate( active_web_contents, base::Bind(&content::FrameHasSourceUrl, cross_site_url)); ASSERT_TRUE(frame_host); EXPECT_TRUE(frame_host->IsCrossProcessSubframe()); // Check that JS storage APIs can be accessed successfully. EXPECT_TRUE( content::ExecuteScript(frame_host, "localStorage['foo'] = 'bar'")); std::string result; EXPECT_TRUE(ExecuteScriptAndExtractString( frame_host, "window.domAutomationController.send(localStorage['foo']);", &result)); EXPECT_EQ(result, "bar"); bool is_object_created = false; EXPECT_TRUE(ExecuteScriptAndExtractBool( frame_host, "window.domAutomationController.send(!!indexedDB.open('testdb', 2));", &is_object_created)); EXPECT_TRUE(is_object_created); is_object_created = false; EXPECT_TRUE(ExecuteScriptAndExtractBool( frame_host, "window.domAutomationController.send(!!openDatabase(" "'foodb', '1.0', 'Test DB', 1024));", &is_object_created)); EXPECT_TRUE(is_object_created); EXPECT_TRUE(ExecuteScript(frame_host, "window.webkitRequestFileSystem(" "window.TEMPORARY, 1024, function() {});")); }