Prevent inline CRX installs in popup windows.

BUG=416929
TEST=WebstoreInlineInstallerTest.ShouldBlockInlineInstallFromPopupWindow

Review URL: https://codereview.chromium.org/908063002

Cr-Commit-Position: refs/heads/master@{#316679}

chrome/browser/extensions/webstore_inline_installer.cc

@@ -6,22 +6,26 @@
 
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ui/browser_finder.h"
 #include "content/public/browser/web_contents.h"
 
 using content::WebContents;
 
 namespace extensions {
 
-const char kInvalidWebstoreResponseError[] = "Invalid Chrome Web Store reponse";
+const char kInvalidWebstoreResponseError[] =
+    "Invalid Chrome Web Store response.";
 const char kNoVerifiedSitesError[] =
     "Inline installs can only be initiated for Chrome Web Store items that "
-    "have one or more verified sites";
+    "have one or more verified sites.";
 const char kNotFromVerifiedSitesError[] =
     "Installs can only be initiated by one of the Chrome Web Store item's "
-    "verified sites";
+    "verified sites.";
 const char kInlineInstallSupportedError[] =
     "Inline installation is not supported for this item. The user will be "
     "redirected to the Chrome Web Store.";
+const char kInitiatedFromPopupError[] =
+    "Inline installs can not be initiated from pop-up windows.";
 
 WebstoreInlineInstaller::WebstoreInlineInstaller(
     content::WebContents* web_contents,
@@ -126,6 +130,12 @@ WebContents* WebstoreInlineInstaller::GetWebContents() const {
 bool WebstoreInlineInstaller::CheckInlineInstallPermitted(
     const base::DictionaryValue& webstore_data,
     std::string* error) const {
+  Browser* browser = chrome::FindBrowserWithWebContents(web_contents());
+  DCHECK(browser);
+  if (browser->is_type_popup()) {
+    *error = kInitiatedFromPopupError;
+    return false;
+  }
   // The store may not support inline installs for this item, in which case
   // we open the store-provided redirect URL in a new tab and abort the
   // installation process.
@@ -152,7 +162,6 @@ bool WebstoreInlineInstaller::CheckInlineInstallPermitted(
     *error = kInlineInstallSupportedError;
     return false;
   }
-
   *error = "";
   return true;
 }

chrome/browser/extensions/webstore_inline_installer_browsertest.cc

@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/extensions/extension_install_prompt.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/tab_helper.h"
@@ -11,8 +12,10 @@
 #include "chrome/browser/extensions/webstore_standalone_installer.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/browser_finder.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "content/public/browser/web_contents.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_system.h"
@@ -126,7 +129,7 @@ class WebstoreInlineInstallerForTestFactory :
 };
 
 IN_PROC_BROWSER_TEST_F(WebstoreInlineInstallerTest,
-    CloseTabBeforeInstallConfirmation) {
+                       CloseTabBeforeInstallConfirmation) {
   GURL install_url = GenerateTestServerUrl(kAppDomain, "install.html");
   ui_test_utils::NavigateToURL(browser(), install_url);
   WebContents* web_contents =
@@ -141,6 +144,25 @@ IN_PROC_BROWSER_TEST_F(WebstoreInlineInstallerTest,
   ProgrammableInstallPrompt::Accept();
 }
 
+IN_PROC_BROWSER_TEST_F(WebstoreInlineInstallerTest,
+                       ShouldBlockInlineInstallFromPopupWindow) {
+  GURL install_url =
+      GenerateTestServerUrl(kAppDomain, "install_from_popup.html");
+  // Disable popup blocking for the test url.
+  browser()->profile()->GetHostContentSettingsMap()->SetContentSetting(
+      ContentSettingsPattern::FromURL(install_url),
+      ContentSettingsPattern::Wildcard(), CONTENT_SETTINGS_TYPE_POPUPS,
+      std::string(), CONTENT_SETTING_ALLOW);
+  ui_test_utils::NavigateToURL(browser(), install_url);
+  // The test page opens a popup which is a new |browser| window.
+  Browser* popup_browser = chrome::FindLastActiveWithProfile(
+      browser()->profile(), chrome::GetActiveDesktop());
+  WebContents* popup_contents =
+      popup_browser->tab_strip_model()->GetActiveWebContents();
+  EXPECT_EQ(base::ASCIIToUTF16("POPUP"), popup_contents->GetTitle());
+  RunTest(popup_contents, "runTest");
+}
+
 // Ensure that inline-installing a disabled extension simply re-enables it.
 IN_PROC_BROWSER_TEST_F(WebstoreInlineInstallerTest,
                        ReinstallDisabledExtension) {

chrome/browser/extensions/webstore_installer_test.cc

@@ -99,18 +99,22 @@ GURL WebstoreInstallerTest::GenerateTestServerUrl(
   return page_url.ReplaceComponents(replace_host);
 }
 
-void WebstoreInstallerTest::RunTest(const std::string& test_function_name) {
+void WebstoreInstallerTest::RunTest(WebContents* web_contents,
+                                    const std::string& test_function_name) {
   bool result = false;
   std::string script = base::StringPrintf(
       "%s('%s')", test_function_name.c_str(),
       test_gallery_url_.c_str());
-  ASSERT_TRUE(content::ExecuteScriptAndExtractBool(
-      browser()->tab_strip_model()->GetActiveWebContents(),
-      script,
-      &result));
+  ASSERT_TRUE(
+      content::ExecuteScriptAndExtractBool(web_contents, script, &result));
   EXPECT_TRUE(result);
 }
 
+void WebstoreInstallerTest::RunTest(const std::string& test_function_name) {
+  RunTest(browser()->tab_strip_model()->GetActiveWebContents(),
+          test_function_name);
+}
+
 bool WebstoreInstallerTest::RunIndexedTest(
     const std::string& test_function_name,
     int i) {

chrome/browser/extensions/webstore_installer_test.h

@@ -13,7 +13,11 @@
 
 namespace base {
 class CommandLine;
-}  // namespace base
+}
+
+namespace contents {
+class WebContents;
+}
 
 class WebstoreInstallerTest : public ExtensionBrowserTest {
  public:
@@ -34,6 +38,9 @@ class WebstoreInstallerTest : public ExtensionBrowserTest {
 
   void RunTest(const std::string& test_function_name);
 
+  void RunTest(content::WebContents* web_contents,
+               const std::string& test_function_name);
+
   // Passes |i| to |test_function_name|, and expects that function to
   // return one of "FAILED", "KEEPGOING" or "DONE". KEEPGOING should be
   // returned if more tests remain to be run and the current test succeeded,

chrome/test/data/extensions/api_test/webstore_inline_install/install_from_popup.html

+<!DOCTYPE html>
+<html>
+<head>
+  <link rel="chrome-webstore-item">
+</head>
+<body>
+<script>
+if (window.location.search == "") {
+  window.open(window.location.href + "?install", "w", "toolbar=no");
+} else {
+  document.title = "POPUP";
+}
+
+function runTest(galleryUrl) {
+  // Link URL has to be generated dynamically in order to include the right
+  // port number. The ID corresponds to the data in the "extension" directory.
+  document.getElementsByTagName('link')[0].href =
+      galleryUrl + '/detail/ecglahbcnmdpdciemllbhojghbkagdje';
+
+  try {
+    chrome.webstore.install(
+        undefined,
+        function() {
+          console.error('Did not expect install complete in a pop-up window.');
+          window.domAutomationController.send(false);
+        },
+        function(error) {
+          var expected_error =
+              "Inline installs can not be initiated from pop-up windows.";
+          window.domAutomationController.send(error == expected_error);
+        }
+    );
+  } catch (e) {
+    console.error('Unexpected exception: ', e);
+    window.domAutomationController.send(false);
+    throw e;
+  }
+}
+</script>
+
+</body>
+</html>