Google Git
Sign in
chromium / chromium / src / 0bc073ebab33c8dd05bf286dd4cee84d5745f385^! / . / url / gurl_unittest.cc
commit0bc073ebab33c8dd05bf286dd4cee84d5745f385[log] [tgz]
authorLukasz Anforowicz <[email protected]>Fri Jun 14 19:41:52 2019
committerCommit Bot <[email protected]>Fri Jun 14 19:41:52 2019
tree66f6a263f5f4e9ef4ba83decdf74379c138b69ce
parentaf7c94e9a6c5da99f7b2a933a59d85652ff12ff5 [diff] [blame]
Avoid rewriting about:srcdoc into chrome://srcdoc

Rewriting about:srcdoc into chrome://srcdoc is undesirable because

1. about:srcdoc has a special meaning and just like about:blank has been
   reserved by specs like
   https://html.spec.whatwg.org/multipage/urls-and-fetching.html

2. chrome:-scheme URLs are special and might have extra privileges.
   Therefore chrome: URLs should not be reachable by an unprivileged webpage
   (OTOH, the rewriting fixed here only applies to the URL *shown* to
   the user, not the URL that gets committed - compare WebContents's
   GetVisibleURL vs GetLastCommittedURL).

Bug: 973628
Change-Id: I021e623caf0d7e5c02a2546291bb4913412b3125
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1654909
Auto-Submit: Łukasz Anforowicz <[email protected]>
Commit-Queue: Łukasz Anforowicz <[email protected]>
Commit-Queue: Avi Drissman <[email protected]>
Reviewed-by: Avi Drissman <[email protected]>
Reviewed-by: Charlie Harrison <[email protected]>
Reviewed-by: Peter Kasting <[email protected]>
Cr-Commit-Position: refs/heads/master@{#669328}

diff --git a/url/gurl_unittest.cc b/url/gurl_unittest.cc
index 379c04f..0d7b65b 100644
--- a/url/gurl_unittest.cc
+++ b/url/gurl_unittest.cc

@@ -863,11 +863,34 @@
   const std::string kNotAboutBlankUrls[] = {
       "http:blank",      "about:blan",          "about://blank",
       "about:blank/foo", "about://:8000/blank", "about://foo:foo@/blank",
-      "foo@about:blank", "foo:bar@about:blank", "about:blank:8000"};
+      "foo@about:blank", "foo:bar@about:blank", "about:blank:8000",
+      "about:blANk"};
   for (const auto& url : kNotAboutBlankUrls)
     EXPECT_FALSE(GURL(url).IsAboutBlank()) << url;
 }
 
+TEST(GURLTest, IsAboutSrcdoc) {
+  const std::string kAboutSrcdocUrls[] = {
+      "about:srcdoc", "about:srcdoc/", "about:srcdoc?foo", "about:srcdoc/#foo",
+      "about:srcdoc?foo#foo"};
+  for (const auto& url : kAboutSrcdocUrls)
+    EXPECT_TRUE(GURL(url).IsAboutSrcdoc()) << url;
+
+  const std::string kNotAboutSrcdocUrls[] = {"http:srcdoc",
+                                             "about:srcdo",
+                                             "about://srcdoc",
+                                             "about://srcdoc\\",
+                                             "about:srcdoc/foo",
+                                             "about://:8000/srcdoc",
+                                             "about://foo:foo@/srcdoc",
+                                             "foo@about:srcdoc",
+                                             "foo:bar@about:srcdoc",
+                                             "about:srcdoc:8000",
+                                             "about:srCDOc"};
+  for (const auto& url : kNotAboutSrcdocUrls)
+    EXPECT_FALSE(GURL(url).IsAboutSrcdoc()) << url;
+}
+
 TEST(GURLTest, EqualsIgnoringRef) {
   const struct {
     const char* url_a;