Add browser test for iframe created and added to DOM.

This was used to evade referrer chain attribution. However, the problem was already fixed at HEAD by the time we discovered what was wrong, so this CL just adds a browser test to ensure that we don't regress. Change-Id: I69b3189a873288509fb8bdad02c248598819e07c Reviewed-on: https://chromium-review.googlesource.com/1256105 Commit-Queue: Daniel Rubery <drubery@chromium.org> Reviewed-by: Jialiu Lin <jialiul@chromium.org> Cr-Commit-Position: refs/heads/master@{#595682}

Add browser test for iframe created and added to DOM.
This was used to evade referrer chain attribution. However, the problem was already fixed at HEAD by the time we discovered what was wrong, so this CL just adds a browser test to ensure that we don't regress. Change-Id: I69b3189a873288509fb8bdad02c248598819e07c Reviewed-on: https://chromium-review.googlesource.com/1256105 Commit-Queue: Daniel Rubery <drubery@chromium.org> Reviewed-by: Jialiu Lin <jialiul@chromium.org> Cr-Commit-Position: refs/heads/master@{#595682}
0260a831 · Daniel Rubery · Commit Bot · 8273db87 · 0260a831 · 0260a831
Commit 0260a831 authored Oct 02, 2018 by Daniel Rubery Committed by Commit Bot Oct 02, 2018
2 changed files
--- a/chrome/browser/safe_browsing/safe_browsing_navigation_observer_browsertest.cc
+++ b/chrome/browser/safe_browsing/safe_browsing_navigation_observer_browsertest.cc
@@ -83,6 +83,9 @@ const char kLandingReferrerURLWithQuery[] =
 const char kPageBeforeLandingReferrerURL[] =
    "/safe_browsing/download_protection/navigation_observer/"
    "page_before_landing_referrer.html";
+const char kCreateIframeElementURL[] =
+    "/safe_browsing/download_protection/navigation_observer/"
+    "create_iframe_element.html";
 class DownloadItemCreatedObserver : public DownloadManager::Observer {
 public:
@@ -2492,4 +2495,15 @@ IN_PROC_BROWSER_TEST_F(SBNavigationObserverBrowserTest, ReloadNotRecorded) {
  EXPECT_EQ(1U, nav_list->Size());
 }
+IN_PROC_BROWSER_TEST_F(SBNavigationObserverBrowserTest,
+                       CreateIframeElementGetsReferrerChain) {
+  GURL initial_url = embedded_test_server()->GetURL(kCreateIframeElementURL);
+  ui_test_utils::NavigateToURL(browser(), initial_url);
+  ClickTestLink("do_download", 1, initial_url);
+  ReferrerChain referrer_chain;
+  IdentifyReferrerChainForDownload(GetDownload(), &referrer_chain);
+  ASSERT_EQ(2, referrer_chain.size());
+}
 }  // namespace safe_browsing
--- a/chrome/test/data/safe_browsing/download_protection/navigation_observer/create_iframe_element.html
+++ b/chrome/test/data/safe_browsing/download_protection/navigation_observer/create_iframe_element.html
+<html>
+  <head>
+    <script>
+      function clickLink(linkId) {
+        var node = document.getElementById(linkId);
+        if (node != null) {
+          // Click and open link in the same tab.
+          node.click();
+        }
+      }
+      function runTest() {
+        var download_url = "../signed.exe";
+        var ifrm = document.createElement("iframe");
+        ifrm.setAttribute("src", download_url);
+        document.body.appendChild(ifrm);
+      }
+    </script>
+  </head>
+  <body>
+    <a id="do_download" onclick="runTest()">Click for download</div>
+  </body>
+</html>