[Merge to M-58] Add a warning for the deprecation of content-initiated data URL navigations

This CL adds a console warning when a page navigates the top level frame to a
data URL.

The browser tests are added to WebContentsImpl tests to be consistent with
the view-source URL tests.

This CL also updates most of the layout tests to avoid loading data URLs at
the top level. The only exceptions are xss-DENIED-* tests which will be updated
when the actual blocking happens.

BUG=594215,699277
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2694903007
Cr-Commit-Position: refs/heads/master@{#455226}
(cherry picked from commit b29954e)

Review-Url: https://codereview.chromium.org/2734783010 .
Cr-Commit-Position: refs/branch-heads/3029@{#68}
Cr-Branched-From: 939b32e-refs/heads/master@{#454471}

Author: meacer

content/browser/frame_host/navigation_handle_impl.cc

@@ -656,6 +656,14 @@ void NavigationHandleImpl::DidCommitNavigation(
   } else {
     state_ = DID_COMMIT;
   }
+
+  if (url_.SchemeIs(url::kDataScheme) && IsInMainFrame() &&
+      IsRendererInitiated()) {
+    GetRenderFrameHost()->AddMessageToConsole(
+        CONSOLE_MESSAGE_LEVEL_WARNING,
+        "Upcoming versions will block content-initiated top frame navigations "
+        "to data: URLs. For more information, see https://goo.gl/BaZAea.");
+  }
 }
 
 void NavigationHandleImpl::Transfer() {

content/browser/web_contents/web_contents_impl_browsertest.cc

@@ -4,6 +4,7 @@
 
 #include "base/macros.h"
 #include "base/run_loop.h"
+#include "base/strings/pattern.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "build/build_config.h"
@@ -845,6 +846,90 @@ IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, ViewSourceWebUI) {
                   ->IsViewSourceMode());
 }
 
+namespace {
+const char kDataUrlWarningPattern[] =
+    "Upcoming versions will block content-initiated top frame navigations*";
+
+// This class listens for console messages other than the data: URL warning. It
+// fails the test if it sees a data: URL warning.
+class NoDataURLWarningConsoleObserverDelegate : public ConsoleObserverDelegate {
+ public:
+  using ConsoleObserverDelegate::ConsoleObserverDelegate;
+  // WebContentsDelegate method:
+  bool DidAddMessageToConsole(WebContents* source,
+                              int32_t level,
+                              const base::string16& message,
+                              int32_t line_no,
+                              const base::string16& source_id) override {
+    std::string ascii_message = base::UTF16ToASCII(message);
+    EXPECT_FALSE(base::MatchPattern(ascii_message, kDataUrlWarningPattern));
+    return ConsoleObserverDelegate::DidAddMessageToConsole(
+        source, level, message, line_no, source_id);
+  }
+};
+
+}  // namespace
+
+// Test that a direct navigation to a data URL doesn't show a console warning.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLDirectNavigation) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+
+  NoDataURLWarningConsoleObserverDelegate console_delegate(
+      shell()->web_contents(), "FINISH");
+  shell()->web_contents()->SetDelegate(&console_delegate);
+
+  NavigateToURL(
+      shell(),
+      GURL("data:text/html,<html><script>console.log('FINISH');</script>"));
+  console_delegate.Wait();
+  EXPECT_TRUE(shell()->web_contents()->GetURL().SchemeIs(url::kDataScheme));
+  EXPECT_FALSE(
+      base::MatchPattern(console_delegate.message(), kDataUrlWarningPattern));
+}
+
+// Test that window.open to a data URL shows a console warning.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest,
+                       DataURLWindowOpen_ShouldWarn) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+  NavigateToURL(shell(), kUrl);
+
+  ShellAddedObserver new_shell_observer;
+  EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+                            "window.open('data:text/plain,test');"));
+  Shell* new_shell = new_shell_observer.GetShell();
+
+  ConsoleObserverDelegate console_delegate(
+      new_shell->web_contents(),
+      "Upcoming versions will block content-initiated top frame navigations*");
+  new_shell->web_contents()->SetDelegate(&console_delegate);
+  console_delegate.Wait();
+  EXPECT_TRUE(new_shell->web_contents()->GetURL().SchemeIs(url::kDataScheme));
+}
+
+// Test that a content initiated navigation to a data URL shows a console
+// warning.
+IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, DataURLRedirect_ShouldWarn) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const GURL kUrl(embedded_test_server()->GetURL("/simple_page.html"));
+  NavigateToURL(shell(), kUrl);
+
+  ConsoleObserverDelegate console_delegate(
+      shell()->web_contents(),
+      "Upcoming versions will block content-initiated top frame navigations*");
+  shell()->web_contents()->SetDelegate(&console_delegate);
+  EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+                            "window.location.href = 'data:text/plain,test';"));
+  console_delegate.Wait();
+  EXPECT_TRUE(shell()
+                  ->web_contents()
+                  ->GetController()
+                  .GetLastCommittedEntry()
+                  ->GetURL()
+                  .SchemeIs(url::kDataScheme));
+}
+
 IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, NewNamedWindow) {
   ASSERT_TRUE(embedded_test_server()->Start());
 

third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur-expected.txt

@@ -4,8 +4,8 @@ This test is adopted from mozilla's tests.
 
 PASS: The focus should not have been changed!
 PASS: The focus should not have been changed!
-PASS: The focus should not have been changed with URL=data:text/html,<script>opener.focus();opener.postMessage("", "*");</script>
-PASS: The focus should not have been changed with URL=data:text/html,<script>blur();opener.postMessage("", "*");</script>
+PASS: The focus should not have been changed with URL=resources/mozilla-focus-blur-popup-opener-focus.html
+PASS: The focus should not have been changed with URL=resources/mozilla-focus-blur-popup-blur.html
 PASS: The last opened window should be able to get focus
 PASS: All tests finished
 

third_party/WebKit/LayoutTests/fast/dom/Window/mozilla-focus-blur.html

@@ -73,11 +73,11 @@
 }
 
 function test3() {
-    focusShouldNotChange2('data:text/html,<script>opener.focus();opener.postMessage("", "*");<\/script>', test4);
+    focusShouldNotChange2('resources/mozilla-focus-blur-popup-opener-focus.html', test4);
 }
 
 function test4() {
-    focusShouldNotChange2('data:text/html,<script>blur();opener.postMessage("", "*");<\/script>', test5);
+    focusShouldNotChange2('resources/mozilla-focus-blur-popup-blur.html', test5);
 }
 
 function test5()

third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-frame.html

@@ -8,5 +8,5 @@
   }
   top.postMessage(exc ? '' + exc : null, '*');
 });
-newWindow = window.open('data:text/html,<script>opener.postMessage("runTest","*");</scr' + 'ipt>');
+newWindow = window.open('file-origin-window-open-popup.html');
 </script>

third_party/WebKit/LayoutTests/fast/dom/Window/resources/file-origin-window-open-popup.html

@@ -0,0 +1 @@
+<script>opener.postMessage("runTest","*");</script>

third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-blur.html

@@ -0,0 +1 @@
+<script>blur();opener.postMessage("", "*");</script>

third_party/WebKit/LayoutTests/fast/dom/Window/resources/mozilla-focus-blur-popup-opener-focus.html

@@ -0,0 +1 @@
+<script>opener.focus();opener.postMessage("", "*");</script>

third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared-expected.txt

@@ -1 +1 @@
-PASS
+Hooray, you got here! That means the test succeeded!

third_party/WebKit/LayoutTests/fast/dom/id-attribute-shared.html

@@ -24,7 +24,7 @@
     document.body.appendChild(object1);
     input = iframe.contentDocument.createElement('input');
     document.body.appendChild(input);
-    noderef1 = input.parentElement; 
+    noderef1 = input.parentElement;
     node2.appendChild(noderef1);
     embed = document.createElement('embed');
     object1.id = 4294967294;
@@ -43,7 +43,7 @@
     template2content.appendChild(object2);
     gc();
     object2.cloneNode();
-    document.location='data:text/html,<body>PASS<script>if (window.testRunner) testRunner.notifyDone()</scr' + 'ipt></body>';
+    document.location = 'Window/resources/destination.html';
 }
 
 runTest();