Change NavigationEntry to use virtual URL in error pages for blocked navigations

content/browser/frame_host/data_url_navigation_browsertest.cc

Index: content/browser/frame_host/data_url_navigation_browsertest.cc
diff --git a/content/browser/frame_host/data_url_navigation_browsertest.cc b/content/browser/frame_host/data_url_navigation_browsertest.cc
index d500fb2ba21fc4e4ae10719fe84c5cc29a573e72..216db80c985bb8138017ecbb04aeb4fcab20c652 100644
--- a/content/browser/frame_host/data_url_navigation_browsertest.cc
+++ b/content/browser/frame_host/data_url_navigation_browsertest.cc
@@ -939,4 +939,68 @@ IN_PROC_BROWSER_TEST_F(DataUrlNavigationBrowserTest,
 #endif
 }
 
+// Test case to verify that redirects to data: URLs are properly disallowed,
+// even when invoked through history navigations.
+// See https://crbug.com/723796.
+IN_PROC_BROWSER_TEST_F(DataUrlNavigationBrowserTest,
+                       WindowOpenRedirectAndBack) {
+  NavigateToURL(shell(),
+                embedded_test_server()->GetURL("/data_url_navigations.html"));
+
+  // This test will need to navigate the newly opened window.
+  ShellAddedObserver new_shell_observer;
+  EXPECT_TRUE(
+      ExecuteScript(shell()->web_contents(),
+                    "document.getElementById('window-open-redirect').click()"));
+  Shell* new_shell = new_shell_observer.GetShell();
+  NavigationController* controller =
+      &new_shell->web_contents()->GetController();
+  WaitForLoadStop(new_shell->web_contents());
+
+  // The window.open() should have resulted in an error page. The blocked
+  // URL should be in the virtual URL, not the actual URL.
+  {
+    EXPECT_EQ(0, controller->GetLastCommittedEntryIndex());
+    NavigationEntry* entry = controller->GetLastCommittedEntry();
+    EXPECT_EQ(PAGE_TYPE_ERROR, entry->GetPageType());
+    EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme));
+    EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme));
+  }
+
+  // Navigate forward and then go back to ensure the navigation to data: URL
+  // is blocked. Use a browser-initiated back navigation, equivalent to user
+  // pressing the back button.
+  EXPECT_TRUE(
+      NavigateToURL(new_shell, embedded_test_server()->GetURL("/title1.html")));
+  EXPECT_EQ(1, controller->GetLastCommittedEntryIndex());
+  {
+    TestNavigationObserver observer(new_shell->web_contents());
+    controller->GoBack();
+    observer.Wait();
+
+    NavigationEntry* entry = controller->GetLastCommittedEntry();
+    EXPECT_EQ(0, controller->GetLastCommittedEntryIndex());
+    EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme));
+    EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme));
+    EXPECT_EQ(url::kAboutBlankURL, entry->GetURL().spec());
+  }
+
+  // Do another new navigation, but then use JavaScript to navigate back,
+  // equivalent to document executing JS.
+  EXPECT_TRUE(
+      NavigateToURL(new_shell, embedded_test_server()->GetURL("/title1.html")));
+  EXPECT_EQ(1, controller->GetLastCommittedEntryIndex());
+  {
+    TestNavigationObserver observer(new_shell->web_contents());
+    EXPECT_TRUE(ExecuteScript(new_shell, "history.go(-1)"));
+    observer.Wait();
+
+    NavigationEntry* entry = controller->GetLastCommittedEntry();
+    EXPECT_EQ(0, controller->GetLastCommittedEntryIndex());
+    EXPECT_FALSE(entry->GetURL().SchemeIs(url::kDataScheme));
+    EXPECT_TRUE(entry->GetVirtualURL().SchemeIs(url::kDataScheme));
+    EXPECT_EQ(url::kAboutBlankURL, entry->GetURL().spec());
+  }
+}
+
 }  // content