1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/files/file_path.h"
6 #include "base/strings/utf_string_conversions.h"
7 #include "chrome/browser/ui/browser.h"
8 #include "chrome/browser/ui/tabs/tab_strip_model.h"
9 #include "chrome/test/base/in_process_browser_test.h"
10 #include "chrome/test/base/ui_test_utils.h"
11 #include "content/public/browser/render_frame_host.h"
12 #include "content/public/browser/web_contents.h"
13 #include "content/public/test/browser_test.h"
14 #include "content/public/test/browser_test_utils.h"
17 class IFrameTest : public InProcessBrowserTest {
19 void SetUpOnMainThread() override {
20 ASSERT_TRUE(embedded_test_server()->Start());
24 void NavigateAndVerifyTitle(const char* file, const char* page_title) {
25 GURL url = ui_test_utils::GetTestUrl(
26 base::FilePath(), base::FilePath().AppendASCII(file));
28 ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
29 EXPECT_EQ(base::ASCIIToUTF16(page_title),
30 browser()->tab_strip_model()->GetActiveWebContents()->GetTitle());
34 IN_PROC_BROWSER_TEST_F(IFrameTest, Crash) {
35 NavigateAndVerifyTitle("iframe.html", "iframe test");
38 IN_PROC_BROWSER_TEST_F(IFrameTest, InEmptyFrame) {
39 NavigateAndVerifyTitle("iframe_in_empty_frame.html", "iframe test");
42 // Test for https://crbug.com/621076. It ensures that file chooser triggered
43 // by an iframe, which is destroyed before the chooser is closed, does not
44 // result in a use-after-free condition.
46 // TODO(alexmos): Investigate if there's a way to get this test working in
47 // Lacros. It seems that the crosapi::mojom::SelectFile interface used by
48 // SelectFileDialogLacros is unavailable in tests.
49 // Note: This test is disabled temporarily to track down a memory leak reported
50 // by the ASan bots. It will be enabled once the root cause is found.
51 // TODO(crbug.com/1434874): Re-enable this test
52 #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
53 BUILDFLAG(IS_CHROMEOS_LACROS)
54 #define MAYBE_FileChooserInDestroyedSubframe \
55 DISABLED_FileChooserInDestroyedSubframe
57 #define MAYBE_FileChooserInDestroyedSubframe FileChooserInDestroyedSubframe
59 IN_PROC_BROWSER_TEST_F(IFrameTest, MAYBE_FileChooserInDestroyedSubframe) {
60 content::WebContents* tab =
61 browser()->tab_strip_model()->GetActiveWebContents();
62 GURL file_input_url(embedded_test_server()->GetURL("/file_input.html"));
64 // Navigate to a page, which contains an iframe, and navigate the iframe
65 // to a document containing a file input field.
66 ASSERT_TRUE(ui_test_utils::NavigateToURL(
67 browser(), embedded_test_server()->GetURL("/iframe.html")));
68 NavigateIframeToURL(tab, "test", file_input_url);
70 // Invoke the file chooser and remove the iframe from the main document.
71 content::RenderFrameHost* frame = ChildFrameAt(tab->GetPrimaryMainFrame(), 0);
73 EXPECT_EQ(frame->GetSiteInstance(),
74 tab->GetPrimaryMainFrame()->GetSiteInstance());
75 EXPECT_TRUE(ExecJs(frame, "document.getElementById('fileinput').click();"));
76 EXPECT_TRUE(ExecJs(tab->GetPrimaryMainFrame(),
77 "document.body.removeChild("
78 "document.querySelectorAll('iframe')[0])"));
79 ASSERT_EQ(nullptr, ChildFrameAt(tab->GetPrimaryMainFrame(), 0));
81 // On ASan bots, this test should succeed without reporting use-after-free