| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "chrome/browser/renderer_host/renderer_security_policy.h" | 8 #include "chrome/browser/renderer_host/renderer_security_policy.h" |
| 9 #include "net/url_request/url_request.h" | 9 #include "net/url_request/url_request.h" |
| 10 #include "net/url_request/url_request_test_job.h" | 10 #include "net/url_request/url_request_test_job.h" |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 TEST_F(RendererSecurityPolicyTest, AboutTest) { | 80 TEST_F(RendererSecurityPolicyTest, AboutTest) { |
| 81 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | 81 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); |
| 82 | 82 |
| 83 p->Add(kRendererID); | 83 p->Add(kRendererID); |
| 84 | 84 |
| 85 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 85 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| 86 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 86 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| 87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| 89 | 89 |
| 90 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 90 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL))); |
| 91 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 91 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL))); |
| 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL))); |
| 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL))); |
| 94 | 94 |
| 95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | 95 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); |
| 96 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 96 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
| 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
| 98 | 98 |
| 99 p->GrantRequestURL(kRendererID, GURL("about:memory")); | 99 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL)); |
| 100 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 100 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL))); |
| 101 | 101 |
| 102 p->GrantRequestURL(kRendererID, GURL("about:crash")); | 102 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCrashURL)); |
| 103 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 103 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL))); |
| 104 | 104 |
| 105 p->GrantRequestURL(kRendererID, GURL("about:cache")); | 105 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCacheURL)); |
| 106 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 106 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL))); |
| 107 | 107 |
| 108 p->GrantRequestURL(kRendererID, GURL("about:hang")); | 108 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutHangURL)); |
| 109 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 109 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL))); |
| 110 | 110 |
| 111 p->Remove(kRendererID); | 111 p->Remove(kRendererID); |
| 112 } | 112 } |
| 113 | 113 |
| 114 TEST_F(RendererSecurityPolicyTest, JavaScriptTest) { | 114 TEST_F(RendererSecurityPolicyTest, JavaScriptTest) { |
| 115 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | 115 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); |
| 116 | 116 |
| 117 p->Add(kRendererID); | 117 p->Add(kRendererID); |
| 118 | 118 |
| 119 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 119 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 253 // Renderers are added and removed on the UI thread, but the policy can be | 253 // Renderers are added and removed on the UI thread, but the policy can be |
| 254 // queried on the IO thread. The RendererSecurityPolicy needs to be prepared | 254 // queried on the IO thread. The RendererSecurityPolicy needs to be prepared |
| 255 // to answer policy questions about renderers who no longer exist. | 255 // to answer policy questions about renderers who no longer exist. |
| 256 | 256 |
| 257 // In this case, we default to secure behavior. | 257 // In this case, we default to secure behavior. |
| 258 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 258 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 259 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); | 259 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); |
| 260 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); | 260 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); |
| 261 } | 261 } |
| 262 | 262 |
| OLD | NEW |
|---|
Chromium Code Reviews
