Default to 'never' referrer policy for invalid meta tags on iOS.

The w3c spec indicates that parsing an unsupported value for referrer meta tags should not result in a referrer policy change. However, when WKWebView detects one of these tags, it will change the policy to 'never'. testWebReferrerOpenInNewTab verifies this observed behavior of WKWebView but https://codereview.chromium.org/2918313002/ updated ReferrerPolicyFromString() to assume strict adherance to the latest spec rather than WKWebView's actual implementation. This change updates the context menu param construction to use 'never' for unsupported referrer meta tag values so that the policy is consistently defaulted to 'never' for pages that are opened in a new Tab. w3c spec: https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values Bug: 733202 Change-Id: I74772f799a78c726601debddf64dd8f9ebbb2e0e Reviewed-on: https://chromium-review.googlesource.com/580630 Commit-Queue: Kurt Horimoto <kkhorimoto@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#488810}

Default to 'never' referrer policy for invalid meta tags on iOS.
The w3c spec indicates that parsing an unsupported value for referrer meta tags should not result in a referrer policy change. However, when WKWebView detects one of these tags, it will change the policy to 'never'. testWebReferrerOpenInNewTab verifies this observed behavior of WKWebView but https://codereview.chromium.org/2918313002/ updated ReferrerPolicyFromString() to assume strict adherance to the latest spec rather than WKWebView's actual implementation. This change updates the context menu param construction to use 'never' for unsupported referrer meta tag values so that the policy is consistently defaulted to 'never' for pages that are opened in a new Tab. w3c spec: https://w3c.github.io/webappsec-referrer-policy/#unknown-policy-values Bug: 733202 Change-Id: I74772f799a78c726601debddf64dd8f9ebbb2e0e Reviewed-on: https://chromium-review.googlesource.com/580630 Commit-Queue: Kurt Horimoto <kkhorimoto@chromium.org> Reviewed-by: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#488810}
616ade75 · Kurt Horimoto · Commit Bot · a4d68f0b · 616ade75 · 616ade75
Commit 616ade75 authored Jul 21, 2017 by Kurt Horimoto Committed by Commit Bot Jul 21, 2017
Showing with 27 additions and 1 deletion

ios/web/web_state/js/context_menu_js_unittest.mm ios/web/web_state/js/context_menu_js_unittest.mm +15 -0

ios/web/web_state/js/resources/context_menu.js ios/web/web_state/js/resources/context_menu.js +12 -1

No files found.
--- a/ios/web/web_state/js/context_menu_js_unittest.mm
+++ b/ios/web/web_state/js/context_menu_js_unittest.mm
@@ -224,4 +224,19 @@ TEST_F(ContextMenuJsTest, LinkOfImageWithCalloutNone) {
  EXPECT_NSEQ(expected_result, result);
 }

+// Tests that the GetElementFromPoint script reports "never" as the referrer
+// policy for pages that have an unsupported policy in a meta tag.
+TEST_F(ContextMenuJsTest, UnsupportedReferrerPolicy) {
+  // A page with an unsupported referrer meta tag and a 400x400 image.
+  static const char kInvalidReferrerTag[] =
+      "<meta name=\"referrer\" content=\"unsupported-value\">"
+      "<img width=400 height=400 src='foo'></img>";
+
+  // Load the invalid meta tag
+  LoadHtml(kInvalidReferrerTag);
+  id result = ExecuteGetElementFromPointJavaScript(20, 20);
+  ASSERT_TRUE([result isKindOfClass:[NSDictionary class]]);
+  EXPECT_NSEQ(@"never", result[kContextMenuElementReferrerPolicy]);
+}
+
 }  // namespace web
--- a/ios/web/web_state/js/resources/context_menu.js
+++ b/ios/web/web_state/js/resources/context_menu.js
@@ -279,10 +279,21 @@ goog.provide('__crWeb.contextMenu');
      }
    }

+    // Search for referrer meta tag.  WKWebView only supports a subset of values
+    // for referrer meta tags.  If it parses a referrer meta tag with an
+    // unsupported value, it will default to 'never'.
    var metaTags = document.getElementsByTagName('meta');
    for (var i = 0; i < metaTags.length; ++i) {
      if (metaTags[i].name.toLowerCase() == 'referrer') {
-        return metaTags[i].content.toLowerCase();
+        var referrerPolicy = metaTags[i].content.toLowerCase();
+        if (referrerPolicy == 'no-referrer' ||
+            referrerPolicy == 'orgin' ||
+            referrerPolicy == 'no-referrer-when-downgrade' ||
+            referrerPolicy == 'unsafe-url') {
+          return referrerPolicy;
+        } else {
+          return 'never';
+        }
      }
    }
    return 'default';