HTMLViewSourceDocument not affected by Feature-Policy

Feature-Policy does not quite make sense in a view-source document; such documents are not actually
rendering "the" WebPage. This CL makes sure feature policy takes the default values for a
view-source document.

TBR=iclelland@chromium.org

Bug: 898688
Change-Id: I4f8667f8539da977d0cf0281f4e8ee99fe9b23e9
Reviewed-on: https://chromium-review.googlesource.com/c/1305248
Commit-Queue: Ehsan Karamad <ekaramad@chromium.org>
Reviewed-by: Ehsan Karamad <ekaramad@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604256}

chrome/browser/tab_contents/view_source_browsertest.cc

@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/command_line.h"
 #include "base/macros.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/app/chrome_command_ids.h"
@@ -19,6 +20,7 @@
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "content/public/test/test_utils.h"
@@ -51,6 +53,25 @@ class ViewSourceTest : public InProcessBrowserTest {
   DISALLOW_COPY_AND_ASSIGN(ViewSourceTest);
 };
 
+class ViewSourceFeaturePolicyTest : public ViewSourceTest {
+ public:
+  ViewSourceFeaturePolicyTest() : ViewSourceTest() {}
+
+ protected:
+  void SetUpOnMainThread() override {
+    InProcessBrowserTest::SetUpOnMainThread();
+    host_resolver()->AddRule("*", "127.0.0.1");
+  }
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    command_line->AppendSwitch(
+        switches::kEnableExperimentalWebPlatformFeatures);
+  }
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(ViewSourceFeaturePolicyTest);
+};
+
 // This test renders a page in view-source and then checks to see if the title
 // set in the html was set successfully (it shouldn't because we rendered the
 // page in view source).
@@ -513,3 +534,31 @@ IN_PROC_BROWSER_TEST_F(ViewSourceTest, JavaScriptURISanitized) {
       link_href_extraction_script, &link_href));
   EXPECT_EQ("about:blank", link_href);
 }
+
+// This test verifies that 'view-source' documents are not affected by vertical
+// scroll (see https://crbug.com/898688).
+IN_PROC_BROWSER_TEST_F(ViewSourceFeaturePolicyTest,
+                       ViewSourceNotAffectedByHeaderPolicy) {
+  ASSERT_TRUE(embedded_test_server()->Start());
+  const std::string k_verify_feature = R"(
+      var all_features = document.policy.allowedFeatures();
+      var vs = all_features.find((f) => f === 'vertical-scroll');
+      console.log(vs);
+      domAutomationController.send("" + vs);)";
+  // Sanity-check: 'vertical-scroll' is disabled in the actual page (set by the
+  // mock headers).
+  GURL url(embedded_test_server()->GetURL(kTestHtml));
+  ui_test_utils::NavigateToURL(browser(), url);
+  std::string response;
+  ASSERT_TRUE(ExecuteScriptAndExtractString(
+      browser()->tab_strip_model()->GetActiveWebContents(), k_verify_feature,
+      &response));
+  EXPECT_EQ("undefined", response);
+  // Ensure the policy is enabled in the view-source version.
+  ui_test_utils::NavigateToURL(browser(), GURL(content::kViewSourceScheme +
+                                               std::string(":") + url.spec()));
+  ASSERT_TRUE(ExecuteScriptAndExtractString(
+      browser()->tab_strip_model()->GetActiveWebContents(), k_verify_feature,
+      &response));
+  EXPECT_EQ("vertical-scroll", response);
+}

chrome/test/data/viewsource/test.html.mock-http-headers

+HTTP/1.1 200 OK
+Feature-Policy: vertical-scroll 'none'
\ No newline at end of file

third_party/blink/renderer/core/execution_context/security_context.cc

@@ -115,6 +115,11 @@ void SecurityContext::InitializeFeaturePolicy(
     const ParsedFeaturePolicy& parsed_header,
     const ParsedFeaturePolicy& container_policy,
     const FeaturePolicy* parent_feature_policy) {
+  if (!HasCustomizedFeaturePolicy()) {
+    feature_policy_ = FeaturePolicy::CreateFromParentPolicy(
+        nullptr, {}, security_origin_->ToUrlOrigin());
+    return;
+  }
   feature_policy_ = FeaturePolicy::CreateFromParentPolicy(
       parent_feature_policy, container_policy, security_origin_->ToUrlOrigin());
   feature_policy_->SetHeaderPolicy(parsed_header);

third_party/blink/renderer/core/execution_context/security_context.h

@@ -154,6 +154,11 @@ class CORE_EXPORT SecurityContext : public GarbageCollectedMixin {
 
   void SetContentSecurityPolicy(ContentSecurityPolicy*);
 
+  // Determines whether or not the SecurityContext has a customized feature
+  // policy. If this method returns false, |feature_policy_| is reset to a
+  // default value ignoring container, header, and inherited policies.
+  virtual bool HasCustomizedFeaturePolicy() const { return true; }
+
   SandboxFlags sandbox_flags_;
 
  private:

third_party/blink/renderer/core/html/html_view_source_document.h

@@ -80,6 +80,9 @@ class CORE_EXPORT HTMLViewSourceDocument final : public HTMLDocument {
   Element* AddLink(const AtomicString& url, bool is_anchor);
   Element* AddBase(const AtomicString& href);
 
+  // A view-source document is not a regular WebPage.
+  bool HasCustomizedFeaturePolicy() const final { return false; }
+
   String type_;
   Member<Element> current_;
   Member<HTMLTableSectionElement> tbody_;