Use JavaScript in WebView SafeBrowsing integration tests |
|||||
Issue descriptionUsing JavaScript in WebView's Safe Browsing integration tests would have a couple big advantages: - Actually check page content, instead of only checking pixels - This lets us differentiate between quiet and loud interstitials - We can check for the appearance of buttons, like back-to-safety - Click UI buttons via JavaScript - This would let us properly test back-to-safety for malicious subresource (some logic sits above InterstitialPage::DontProceed) - This would verify that all internals are working for quiet interstitials The issue right now is that our JavaScript helper functions are only interacting with the main page, not the interstitial page, so they see an entirely different DOM. I think the trick is to use something like content::ExecuteScriptAndGetValue() [1]. We can't currently use this method in aw_contents because the method is in a testonly dependency. [1] https://cs.chromium.org/chromium/src/content/public/test/test_utils.cc?sq=package:chromium&l=188
,
Jun 27 2017
I have a prototype where this works for some of the tests. The trick is that we need to wait for the interstitial DOM to be fully loaded, which means waiting for `document.readState == 'complete'`.
,
Jun 29 2017
,
Jul 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5fdb7e978ede05e7236a04b7295194d864e499f6 commit 5fdb7e978ede05e7236a04b7295194d864e499f6 Author: Nate Fischer <ntfschr@chromium.org> Date: Sat Jul 01 01:08:01 2017 AW: change SafeBrowsing tests to use JavaScript No change in production logic. This changes WebView Safe Browsing instrumentation tests to use JavaScript on interstitial pages instead of calling underlying methods. This lets us test more of the underlying logic, since we can verify the interstitial HTML/JavaScript and the logic in SafeBrowsing*ErrorUI. This adds EvaluateJavaScriptOnInterstitialForTesting(), based off WebContentsAndroid::EvaluateJavaScriptForTests(), but using the InterstitialPage's RenderFrameHost. This replaces proceedThroughInterstitial() and dontProceedThroughInterstitial() with clickVisitUnsafePage() and clickBackToSafety(). Quiet interstitials use clickVisitUnsafePageQuietInterstitial() because they use a #details-link instead of #details-button. This adds one test (DontProceedNavigatesBackForSubResource) and disables another (DontProceedCausesNetworkErrorForSubresource). This is because clicking back to safety has different behavior than calling InterstitialPage::DontProceed(). "Back to safety" causes a backwards navigation for malicious subresources, skipping our mechanism for the network error (see crbug/737820). Bug: 733815 , 737820 Test: run_webview_instrumentation_test_apk -f SafeBrowsingTest#* Change-Id: I4829f3cc5d9863ddd2a1fc51050f583ac9758bcf Reviewed-on: https://chromium-review.googlesource.com/557918 Commit-Queue: Nate Fischer <ntfschr@chromium.org> Reviewed-by: Bo Liu <boliu@chromium.org> Cr-Commit-Position: refs/heads/master@{#483883} [modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/browser/aw_contents.cc [modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/browser/aw_contents.h [modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/java/src/org/chromium/android_webview/AwContents.java [modify] https://crrev.com/5fdb7e978ede05e7236a04b7295194d864e499f6/android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java
,
Jul 1 2017
,
Oct 11 2017
,
Aug 24
Bulk edit: marking stale 'fixed' bugs as 'verified' since they don't need verification at this point. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by vakh@chromium.org
, Jun 16 2017