| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
| 9 #include "chrome/browser/child_process_security_policy.h" | 9 #include "chrome/browser/child_process_security_policy.h" |
| 10 #include "chrome/common/url_constants.h" | 10 #include "chrome/common/url_constants.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 virtual void TearDown() { | 23 virtual void TearDown() { |
| 24 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme, NULL); | 24 URLRequest::RegisterProtocolFactory(chrome::kChromeUIScheme, NULL); |
| 25 } | 25 } |
| 26 }; | 26 }; |
| 27 | 27 |
| 28 static int kRendererID = 42; | 28 static int kRendererID = 42; |
| 29 | 29 |
| 30 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { | 30 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { |
| 31 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 31 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 32 | 32 |
| 33 EXPECT_TRUE(p->IsWebSafeScheme("http")); | 33 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); |
| 34 EXPECT_TRUE(p->IsWebSafeScheme("https")); | 34 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); |
| 35 EXPECT_TRUE(p->IsWebSafeScheme("ftp")); | 35 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); |
| 36 EXPECT_TRUE(p->IsWebSafeScheme("data")); | 36 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); |
| 37 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | 37 EXPECT_TRUE(p->IsWebSafeScheme("feed")); |
| 38 EXPECT_TRUE(p->IsWebSafeScheme("chrome-extension")); | 38 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kExtensionScheme)); |
| 39 | 39 |
| 40 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 40 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 41 p->RegisterWebSafeScheme("registered-web-safe-scheme"); | 41 p->RegisterWebSafeScheme("registered-web-safe-scheme"); |
| 42 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 42 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 43 } | 43 } |
| 44 | 44 |
| 45 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { | 45 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
| 46 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 46 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 47 | 47 |
| 48 EXPECT_TRUE(p->IsPseudoScheme("about")); | 48 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); |
| 49 EXPECT_TRUE(p->IsPseudoScheme("javascript")); | 49 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); |
| 50 EXPECT_TRUE(p->IsPseudoScheme("view-source")); | 50 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); |
| 51 | 51 |
| 52 EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme")); | 52 EXPECT_FALSE(p->IsPseudoScheme("registered-psuedo-scheme")); |
| 53 p->RegisterPseudoScheme("registered-psuedo-scheme"); | 53 p->RegisterPseudoScheme("registered-psuedo-scheme"); |
| 54 EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme")); | 54 EXPECT_TRUE(p->IsPseudoScheme("registered-psuedo-scheme")); |
| 55 } | 55 } |
| 56 | 56 |
| 57 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 57 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
| 58 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 58 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 59 | 59 |
| 60 p->Add(kRendererID); | 60 p->Add(kRendererID); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 91 | 91 |
| 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| 94 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 94 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
| 95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
| 96 | 96 |
| 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); |
| 98 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 98 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
| 99 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 99 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
| 100 | 100 |
| 101 p->GrantRequestURL(kRendererID, GURL("about:memory")); | 101 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL)); |
| 102 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 102 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL))); |
| 103 | 103 |
| 104 p->GrantRequestURL(kRendererID, GURL("about:crash")); | 104 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCrashURL)); |
| 105 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 105 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL))); |
| 106 | 106 |
| 107 p->GrantRequestURL(kRendererID, GURL("about:cache")); | 107 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCacheURL)); |
| 108 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 108 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL))); |
| 109 | 109 |
| 110 p->GrantRequestURL(kRendererID, GURL("about:hang")); | 110 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutHangURL)); |
| 111 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 111 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL))); |
| 112 | 112 |
| 113 p->Remove(kRendererID); | 113 p->Remove(kRendererID); |
| 114 } | 114 } |
| 115 | 115 |
| 116 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 116 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
| 117 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 117 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); |
| 118 | 118 |
| 119 p->Add(kRendererID); | 119 p->Add(kRendererID); |
| 120 | 120 |
| 121 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 121 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 259 | 259 |
| 260 // Renderers are added and removed on the UI thread, but the policy can be | 260 // Renderers are added and removed on the UI thread, but the policy can be |
| 261 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 261 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 262 // prepared to answer policy questions about renderers who no longer exist. | 262 // prepared to answer policy questions about renderers who no longer exist. |
| 263 | 263 |
| 264 // In this case, we default to secure behavior. | 264 // In this case, we default to secure behavior. |
| 265 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 265 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 266 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); | 266 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); |
| 267 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); | 267 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); |
| 268 } | 268 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 193092:
Replace a bunch of hardcoded URLs with constants from url_constants.h... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/