[ios] Suppress JS dialogs if visible URL origin differs dialog's origin

Please see crbug.com/1029907 for details. Bug: 1029907 Change-Id: I2dab884278ada0d2532bbb0adb4cf3d71fd7850e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2277069 Auto-Submit: Eugene But <eugenebut@chromium.org> Reviewed-by: Gauthier Ambard <gambard@chromium.org> Commit-Queue: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#784420}

[ios] Suppress JS dialogs if visible URL origin differs dialog's origin
Please see crbug.com/1029907 for details. Bug: 1029907 Change-Id: I2dab884278ada0d2532bbb0adb4cf3d71fd7850e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2277069 Auto-Submit: Eugene But <eugenebut@chromium.org> Reviewed-by: Gauthier Ambard <gambard@chromium.org> Commit-Queue: Eugene But <eugenebut@chromium.org> Cr-Commit-Position: refs/heads/master@{#784420}
a3ec688e · Eugene But · Commit Bot · 7dacaf75 · a3ec688e · a3ec688e
Commit a3ec688e authored Jul 01, 2020 by Eugene But Committed by Commit Bot Jul 01, 2020
Showing with 33 additions and 1 deletion

ios/web/web_state/ui/crw_web_controller_unittest.mm ios/web/web_state/ui/crw_web_controller_unittest.mm +21 -1

ios/web/web_state/ui/crw_wk_ui_handler.mm ios/web/web_state/ui/crw_wk_ui_handler.mm +12 -0

No files found.
--- a/ios/web/web_state/ui/crw_web_controller_unittest.mm
+++ b/ios/web/web_state/ui/crw_web_controller_unittest.mm
@@ -378,7 +378,7 @@ TEST_F(CRWWebControllerTest, WebViewCreatedAfterEnsureWebViewCreated) {
 }

 // Test fixture to test JavaScriptDialogPresenter.
-class JavaScriptDialogPresenterTest : public WebTestWithWebState {
+class JavaScriptDialogPresenterTest : public WebTestWithWebController {
 protected:
  JavaScriptDialogPresenterTest() : page_url_("https://chromium.test/") {}
  void SetUp() override {
@@ -468,6 +468,26 @@ TEST_F(JavaScriptDialogPresenterTest, Prompt) {
  EXPECT_NSEQ(@"No", dialog->default_prompt_text);
 }

+// Tests that window.alert, window.confirm and window.prompt dialogs are not
+// shown if URL of presenting main frame is different from visible URL.
+TEST_F(JavaScriptDialogPresenterTest, DifferentVisibleUrl) {
+  ASSERT_TRUE(requested_dialogs().empty());
+
+  // Change visible URL.
+  AddPendingItem(GURL("https://pending.test/"), ui::PAGE_TRANSITION_TYPED);
+  web_controller().webStateImpl->SetIsLoading(true);
+  ASSERT_NE(page_url().GetOrigin(), web_state()->GetVisibleURL().GetOrigin());
+
+  ExecuteJavaScript(@"alert('test')");
+  ASSERT_TRUE(requested_dialogs().empty());
+
+  EXPECT_NSEQ(@NO, ExecuteJavaScript(@"confirm('test')"));
+  ASSERT_TRUE(requested_dialogs().empty());
+
+  EXPECT_NSEQ([NSNull null], ExecuteJavaScript(@"prompt('Yes?', 'No')"));
+  ASSERT_TRUE(requested_dialogs().empty());
+}
+
 // Test fixture for testing visible security state.
 typedef WebTestWithWebState CRWWebStateSecurityStateTest;


--- a/ios/web/web_state/ui/crw_wk_ui_handler.mm
+++ b/ios/web/web_state/ui/crw_wk_ui_handler.mm
@@ -264,6 +264,18 @@
    return;
  }

+  if (self.webStateImpl->GetVisibleURL().GetOrigin() !=
+          requestURL.GetOrigin() &&
+      frame.mainFrame) {
+    // Dialog was requested by web page's main frame, but visible URL has
+    // different origin. This could happen if the user has started a new
+    // browser initiated navigation. There is no value in showing dialogs
+    // requested by page, which this WebState is about to leave. But presenting
+    // the dialog can lead to phishing and other abusive behaviors.
+    completionHandler(NO, nil);
+    return;
+  }
+
  self.webStateImpl->RunJavaScriptDialog(
      requestURL, type, message, defaultText,
      base::BindOnce(^(bool success, NSString* input) {