WebUI Tab Strip: Prevent drag events for invalid tab or group IDs

This CLs prevents drag events from entering the WebUI tab strip's
WebView by checking to see if the drag data is valid. A drag is
considered invalid if there is no tab or group data, or if the tab
or group belongs to another profile.

Bug: 1005560
Change-Id: I3ffa70779a60e7bd4c803202e49b300fbb4867ab
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2031675
Commit-Queue: John Lee <johntlee@chromium.org>
Reviewed-by: Collin Baker <collinbaker@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737146}

chrome/browser/ui/views/frame/webui_tab_strip_container_view.cc

@@ -13,16 +13,20 @@
 #include "base/logging.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/scoped_observer.h"
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/app/vector_icons/vector_icons.h"
 #include "chrome/browser/extensions/chrome_extension_web_contents_observer.h"
+#include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/feature_engagement/tracker_factory.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/task_manager/web_contents_tags.h"
 #include "chrome/browser/themes/theme_properties.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/browser_commands.h"
+#include "chrome/browser/ui/browser_list.h"
 #include "chrome/browser/ui/layout_constants.h"
+#include "chrome/browser/ui/tabs/tab_group_model.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/browser/ui/tabs/tab_strip_model_observer.h"
 #include "chrome/browser/ui/ui_features.h"
@@ -36,12 +40,14 @@
 #include "chrome/browser/ui/webui/tab_strip/tab_strip_ui.h"
 #include "chrome/browser/ui/webui/tab_strip/tab_strip_ui_layout.h"
 #include "chrome/browser/ui/webui/tab_strip/tab_strip_ui_metrics.h"
+#include "chrome/browser/ui/webui/tab_strip/tab_strip_ui_util.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/webui_url_constants.h"
 #include "chrome/grit/generated_resources.h"
 #include "components/feature_engagement/public/event_constants.h"
 #include "components/feature_engagement/public/feature_constants.h"
 #include "components/feature_engagement/public/tracker.h"
+#include "content/public/common/drop_data.h"
 #include "ui/aura/window.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/theme_provider.h"
@@ -70,6 +76,39 @@ bool EventTypeCanCloseTabStrip(const ui::EventType& type) {
   }
 }
 
+class WebUITabStripWebView : public views::WebView {
+ public:
+  explicit WebUITabStripWebView(content::BrowserContext* context)
+      : views::WebView(context) {}
+
+  // content::WebContentsDelegate:
+  bool CanDragEnter(content::WebContents* source,
+                    const content::DropData& data,
+                    blink::WebDragOperationsMask operations_allowed) override {
+    // TODO(crbug.com/1032592): Prevent dragging across Chromium instances.
+    if (data.custom_data.find(base::ASCIIToUTF16(kWebUITabIdDataType)) !=
+        data.custom_data.end()) {
+      int tab_id;
+      bool found_tab_id = base::StringToInt(
+          data.custom_data.at(base::ASCIIToUTF16(kWebUITabIdDataType)),
+          &tab_id);
+      return found_tab_id && extensions::ExtensionTabUtil::GetTabById(
+                                 tab_id, browser_context(), false, nullptr);
+    }
+
+    if (data.custom_data.find(base::ASCIIToUTF16(kWebUITabGroupIdDataType)) !=
+        data.custom_data.end()) {
+      std::string group_id = base::UTF16ToUTF8(
+          data.custom_data.at(base::ASCIIToUTF16(kWebUITabGroupIdDataType)));
+      Browser* found_browser = tab_strip_ui::GetBrowserWithGroupId(
+          Profile::FromBrowserContext(browser_context()), group_id);
+      return found_browser != nullptr;
+    }
+
+    return false;
+  }
+};
+
 }  // namespace
 
 // When enabled, closes the container upon any event in the window not
@@ -112,8 +151,8 @@ WebUITabStripContainerView::WebUITabStripContainerView(
     Browser* browser,
     views::View* tab_contents_container)
     : browser_(browser),
-      web_view_(
-          AddChildView(std::make_unique<views::WebView>(browser->profile()))),
+      web_view_(AddChildView(
+          std::make_unique<WebUITabStripWebView>(browser->profile()))),
       tab_contents_container_(tab_contents_container),
       iph_tracker_(feature_engagement::TrackerFactory::GetForBrowserContext(
           browser_->profile())),

chrome/browser/ui/views/frame/webui_tab_strip_container_view_unittest.cc

@@ -3,14 +3,19 @@
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/views/frame/webui_tab_strip_container_view.h"
+#include <utility>
 
 #include "base/command_line.h"
 #include "base/test/scoped_feature_list.h"
+#include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/ui/ui_features.h"
 #include "chrome/browser/ui/views/frame/browser_view.h"
 #include "chrome/browser/ui/views/frame/test_with_browser_view.h"
 #include "chrome/browser/ui/views/toolbar/toolbar_view.h"
+#include "chrome/browser/ui/webui/tab_strip/tab_strip_ui.h"
 #include "chrome/common/chrome_switches.h"
+#include "chrome/test/base/test_browser_window.h"
+#include "content/public/common/drop_data.h"
 #include "ui/base/test/material_design_controller_test_api.h"
 #include "ui/base/ui_base_switches.h"
 
@@ -64,6 +69,73 @@ TEST_F(WebUITabStripContainerViewTest, ButtonsPresentInToolbar) {
       browser_view()->webui_tab_strip()->tab_counter_for_testing()));
 }
 
+TEST_F(WebUITabStripContainerViewTest, PreventsInvalidTabDrags) {
+  content::DropData empty_drop_data;
+  EXPECT_FALSE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, empty_drop_data, blink::kWebDragOperationMove));
+
+  content::DropData invalid_drop_data;
+  invalid_drop_data.custom_data.insert(std::make_pair(
+      base::ASCIIToUTF16(kWebUITabIdDataType), base::ASCIIToUTF16("3000")));
+  EXPECT_FALSE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, invalid_drop_data, blink::kWebDragOperationMove));
+
+  AddTab(browser(), GURL("http://foo"));
+  int valid_tab_id = extensions::ExtensionTabUtil::GetTabId(
+      browser()->tab_strip_model()->GetWebContentsAt(0));
+  content::DropData valid_drop_data;
+  valid_drop_data.custom_data.insert(
+      std::make_pair(base::ASCIIToUTF16(kWebUITabIdDataType),
+                     base::NumberToString16(valid_tab_id)));
+  EXPECT_TRUE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, valid_drop_data, blink::kWebDragOperationMove));
+}
+
+TEST_F(WebUITabStripContainerViewTest, PreventsInvalidGroupDrags) {
+  content::DropData invalid_drop_data;
+  invalid_drop_data.custom_data.insert(
+      std::make_pair(base::ASCIIToUTF16(kWebUITabGroupIdDataType),
+                     base::ASCIIToUTF16("not a real group")));
+  EXPECT_FALSE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, invalid_drop_data, blink::kWebDragOperationMove));
+
+  AddTab(browser(), GURL("http://foo"));
+  tab_groups::TabGroupId group_id =
+      browser()->tab_strip_model()->AddToNewGroup({0});
+  content::DropData valid_drop_data;
+  valid_drop_data.custom_data.insert(
+      std::make_pair(base::ASCIIToUTF16(kWebUITabGroupIdDataType),
+                     base::ASCIIToUTF16(group_id.ToString())));
+  EXPECT_TRUE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, valid_drop_data, blink::kWebDragOperationMove));
+
+  // Another group from a different profile.
+  std::unique_ptr<BrowserWindow> new_window(
+      std::make_unique<TestBrowserWindow>());
+  std::unique_ptr<Browser> new_browser =
+      CreateBrowser(browser()->profile()->GetOffTheRecordProfile(),
+                    browser()->type(), false, new_window.get());
+  AddTab(new_browser.get(), GURL("http://foo"));
+
+  tab_groups::TabGroupId new_group_id =
+      new_browser.get()->tab_strip_model()->AddToNewGroup({0});
+  content::DropData different_profile_drop_data;
+  different_profile_drop_data.custom_data.insert(
+      std::make_pair(base::ASCIIToUTF16(kWebUITabGroupIdDataType),
+                     base::ASCIIToUTF16(new_group_id.ToString())));
+  EXPECT_FALSE(
+      browser_view()->webui_tab_strip()->web_view_for_testing()->CanDragEnter(
+          nullptr, different_profile_drop_data, blink::kWebDragOperationMove));
+
+  // Close all tabs before destructing.
+  new_browser.get()->tab_strip_model()->CloseAllTabs();
+}
+
 class WebUITabStripDevToolsTest : public WebUITabStripContainerViewTest {
  public:
   WebUITabStripDevToolsTest()

chrome/browser/ui/webui/tab_strip/tab_strip_ui.h

@@ -15,6 +15,9 @@ class Browser;
 class TabStripUIEmbedder;
 class TabStripUIHandler;
 
+extern const char kWebUITabIdDataType[];
+extern const char kWebUITabGroupIdDataType[];
+
 // The WebUI version of the tab strip in the browser. It is currently only
 // supported on ChromeOS in tablet mode.
 class TabStripUI : public content::WebUIController {