Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(117)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/notifications/desktop_notifications_unittest.cc

Issue 2743007: Properly escape user input for notifications, since URL-encoded characters ar... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: feedback addressed & test Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/notifications/desktop_notification_service.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/notifications/desktop_notifications_unittest.h" 5 #include "chrome/browser/notifications/desktop_notifications_unittest.h"
6 6
7 #include "base/string_util.h" 7 #include "base/string_util.h"
8 #include "base/utf_string_conversions.h" 8 #include "base/utf_string_conversions.h"
9 9
10 // static 10 // static
(...skipping 263 matching lines...) Expand 10 before | Expand all | Expand 10 after
274 service_.reset(NULL); 274 service_.reset(NULL);
275 } 275 }
276 276
277 TEST_F(DesktopNotificationsTest, TestUserInputEscaping) { 277 TEST_F(DesktopNotificationsTest, TestUserInputEscaping) {
278 // Create a test script with some HTML; assert that it doesn't get into the 278 // Create a test script with some HTML; assert that it doesn't get into the
279 // data:// URL that's produced for the balloon. 279 // data:// URL that's produced for the balloon.
280 EXPECT_TRUE(service_->ShowDesktopNotificationText( 280 EXPECT_TRUE(service_->ShowDesktopNotificationText(
281 GURL("http://www.google.com"), 281 GURL("http://www.google.com"),
282 GURL("/icon.png"), 282 GURL("/icon.png"),
283 ASCIIToUTF16("<script>window.alert('uh oh');</script>"), 283 ASCIIToUTF16("<script>window.alert('uh oh');</script>"),
284 ASCIIToUTF16("<i>this text is in italics</i>"), 284 ASCIIToUTF16("<i>this text is in italics</i>, as is %3ci%3ethis%3c/i%3e"),
285 0, 0, DesktopNotificationService::PageNotification, 1)); 285 0, 0, DesktopNotificationService::PageNotification, 1));
286 286
287 MessageLoopForUI::current()->RunAllPending(); 287 MessageLoopForUI::current()->RunAllPending();
288 EXPECT_EQ(1, balloon_collection_->count()); 288 EXPECT_EQ(1, balloon_collection_->count());
289 Balloon* balloon = (*balloon_collection_->balloons().begin()); 289 Balloon* balloon = (*balloon_collection_->balloons().begin());
290 GURL data_url = balloon->notification().content_url(); 290 GURL data_url = balloon->notification().content_url();
291 EXPECT_EQ(std::string::npos, data_url.spec().find("<script>")); 291 EXPECT_EQ(std::string::npos, data_url.spec().find("<script>"));
292 EXPECT_EQ(std::string::npos, data_url.spec().find("<i>")); 292 EXPECT_EQ(std::string::npos, data_url.spec().find("<i>"));
293 // URL-encoded versions of tags should also not be found.
294 EXPECT_EQ(std::string::npos, data_url.spec().find("%3cscript%3e"));
295 EXPECT_EQ(std::string::npos, data_url.spec().find("%3ci%3e"));
293 } 296 }
OLDNEW
« no previous file with comments | « chrome/browser/notifications/desktop_notification_service.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698