[JJI] Pass string "null" as origin for local file schemes

We want to treat file: and content: schemes as "null" for onPostMessage(), this would inconsistent with window.origin result if setAllowFileAccessFileUrls() set to true, but that is a more general problem in Blink. Bug: 918065 Change-Id: If639e3a8be42384258b45e787403f456dca6b3fd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2090920Reviewed-by: Changwan Ryu <changwan@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Shimi Zhang <ctzsm@chromium.org> Cr-Commit-Position: refs/heads/master@{#748842}

[JJI] Pass string "null" as origin for local file schemes
We want to treat file: and content: schemes as "null" for onPostMessage(), this would inconsistent with window.origin result if setAllowFileAccessFileUrls() set to true, but that is a more general problem in Blink. Bug: 918065 Change-Id: If639e3a8be42384258b45e787403f456dca6b3fd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2090920Reviewed-by: Changwan Ryu <changwan@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Shimi Zhang <ctzsm@chromium.org> Cr-Commit-Position: refs/heads/master@{#748842}
5787b610 · Shimi Zhang · Commit Bot · 35392ec2 · 5787b610 · 5787b610
Commit 5787b610 authored Mar 10, 2020 by Shimi Zhang Committed by Commit Bot Mar 10, 2020
2 changed files
--- a/android_webview/browser/js_java_interaction/js_to_java_messaging.cc
+++ b/android_webview/browser/js_java_interaction/js_to_java_messaging.cc
@@ -14,6 +14,7 @@
 #include "content/public/browser/web_contents.h"
 #include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
 #include "url/origin.h"
+#include "url/url_util.h"

 namespace android_webview {

@@ -54,10 +55,22 @@ void JsToJavaMessaging::PostMessage(
    int_ports[i] = ports[i].release().value();
  }

+  // We want to pass a string "null" for local file schemes, to make it
+  // consistent to the Blink side SecurityOrigin serialization. When both
+  // setAllow{File,Universal}AccessFromFileURLs are false, Blink::SecurityOrigin
+  // will be serialized as string "null" for local file schemes, but when
+  // setAllowFileAccessFromFileURLs is true, Blink::SecurityOrigin will be
+  // serialized as the scheme, which will be inconsistentt to this place. In
+  // this case we want to let developer to know that local files are not safe,
+  // so we still pass "null".
+  std::string origin_string =
+      base::Contains(url::GetLocalSchemes(), source_origin.scheme())
+          ? "null"
+          : source_origin.Serialize();
  JNIEnv* env = base::android::AttachCurrentThread();
  Java_WebMessageListenerHolder_onPostMessage(
      env, listener_ref_, base::android::ConvertUTF16ToJavaString(env, message),
-      base::android::ConvertUTF8ToJavaString(env, source_origin.Serialize()),
+      base::android::ConvertUTF8ToJavaString(env, origin_string),
      web_contents->GetMainFrame() == render_frame_host_,
      base::android::ToJavaIntArray(env, int_ports.data(), int_ports.size()),
      reply_proxy_->GetJavaPeer());

--- a/android_webview/javatests/src/org/chromium/android_webview/test/JsJavaInteractionTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/JsJavaInteractionTest.java
@@ -45,6 +45,7 @@ public class JsJavaInteractionTest {
            RESOURCE_PATH + "/post_message_repeat.html";
    private static final String POST_MESSAGE_REPLY_HTML =
            RESOURCE_PATH + "/post_message_receives_reply.html";
+    private static final String FILE_URI = "file:///android_asset/asset_file.html";

    private static final String HELLO = "Hello";
    private static final String NEW_TITLE = "new_title";
@@ -856,6 +857,87 @@ public class JsJavaInteractionTest {
        Assert.assertTrue(mListener.hasNoMoreOnPostMessage());
    }

+    private void verifyOnPostMessageOriginIsNull() throws Throwable {
+        mActivityTestRule.executeJavaScriptAndWaitForResult(
+                mAwContents, mContentsClient, JS_OBJECT_NAME + ".postMessage('Hello');");
+
+        TestWebMessageListener.Data data = mListener.waitForOnPostMessage();
+
+        Assert.assertEquals("null", data.mSourceOrigin.toString());
+
+        Assert.assertEquals(HELLO, data.mMessage);
+        Assert.assertTrue(data.mIsMainFrame);
+        Assert.assertEquals(0, data.mPorts.length);
+
+        Assert.assertTrue(mListener.hasNoMoreOnPostMessage());
+    }
+
+    @Test
+    @MediumTest
+    @Feature({"AndroidWebView", "JsJavaInteraction"})
+    public void testFileSchemeUrl_setAllowFileAccessFromFile_true() throws Throwable {
+        mAwContents.getSettings().setAllowFileAccessFromFileURLs(true);
+        addWebMessageListenerOnUiThread(mAwContents, JS_OBJECT_NAME, new String[] {"*"}, mListener);
+        mActivityTestRule.loadUrlSync(
+                mAwContents, mContentsClient.getOnPageFinishedHelper(), FILE_URI);
+        Assert.assertEquals("\"file://\"",
+                mActivityTestRule.executeJavaScriptAndWaitForResult(
+                        mAwContents, mContentsClient, "window.origin"));
+
+        verifyOnPostMessageOriginIsNull();
+    }
+
+    @Test
+    @MediumTest
+    @Feature({"AndroidWebView", "JsJavaInteraction"})
+    public void testFileSchemeUrl_setAllowFileAccessFromFile_false() throws Throwable {
+        // The default value is false on JELLY_BEAN and above, but we explicitly set this to
+        // false to readability.
+        mAwContents.getSettings().setAllowFileAccessFromFileURLs(false);
+        addWebMessageListenerOnUiThread(mAwContents, JS_OBJECT_NAME, new String[] {"*"}, mListener);
+        mActivityTestRule.loadUrlSync(
+                mAwContents, mContentsClient.getOnPageFinishedHelper(), FILE_URI);
+        Assert.assertEquals("\"null\"",
+                mActivityTestRule.executeJavaScriptAndWaitForResult(
+                        mAwContents, mContentsClient, "window.origin"));
+
+        verifyOnPostMessageOriginIsNull();
+    }
+
+    @Test
+    @MediumTest
+    @Feature({"AndroidWebView", "JsJavaInteraction"})
+    public void testContentSchemeUrl_setAllowFileAccessFromFileURLs_true() throws Throwable {
+        mAwContents.getSettings().setAllowContentAccess(true);
+        mAwContents.getSettings().setAllowFileAccessFromFileURLs(true);
+        addWebMessageListenerOnUiThread(mAwContents, JS_OBJECT_NAME, new String[] {"*"}, mListener);
+        mActivityTestRule.loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
+                TestContentProvider.createContentUrl("content_access"));
+        Assert.assertEquals("\"content://\"",
+                mActivityTestRule.executeJavaScriptAndWaitForResult(
+                        mAwContents, mContentsClient, "window.origin"));
+
+        verifyOnPostMessageOriginIsNull();
+    }
+
+    @Test
+    @MediumTest
+    @Feature({"AndroidWebView", "JsJavaInteraction"})
+    public void testContentSchemeUrl_setAllowFileAccessFromFileURLs_false() throws Throwable {
+        mAwContents.getSettings().setAllowContentAccess(true);
+        // The default value is false on JELLY_BEAN and above, but we explicitly set this to
+        // false to readability.
+        mAwContents.getSettings().setAllowFileAccessFromFileURLs(false);
+        addWebMessageListenerOnUiThread(mAwContents, JS_OBJECT_NAME, new String[] {"*"}, mListener);
+        mActivityTestRule.loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
+                TestContentProvider.createContentUrl("content_access"));
+        Assert.assertEquals("\"null\"",
+                mActivityTestRule.executeJavaScriptAndWaitForResult(
+                        mAwContents, mContentsClient, "window.origin"));
+
+        verifyOnPostMessageOriginIsNull();
+    }
+
    @Test
    @SmallTest
    @Feature({"AndroidWebView", "JsJavaInteraction"})