| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "chrome/browser/renderer_host/renderer_security_policy.h" | 8 #include "chrome/browser/renderer_host/renderer_security_policy.h" |
| 9 #include "chrome/common/url_constants.h" | 9 #include "chrome/common/url_constants.h" |
| 10 #include "net/url_request/url_request.h" | 10 #include "net/url_request/url_request.h" |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 81 TEST_F(RendererSecurityPolicyTest, AboutTest) { | 81 TEST_F(RendererSecurityPolicyTest, AboutTest) { |
| 82 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | 82 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); |
| 83 | 83 |
| 84 p->Add(kRendererID); | 84 p->Add(kRendererID); |
| 85 | 85 |
| 86 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 86 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| 87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 87 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| 88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 88 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 89 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 89 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| 90 | 90 |
| 91 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL))); | 91 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL))); | 92 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL))); | 93 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
| 94 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL))); | 94 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
| 95 | 95 |
| 96 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | 96 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); |
| 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 97 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); |
| 98 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 98 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); |
| 99 | 99 |
| 100 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL)); | 100 p->GrantRequestURL(kRendererID, GURL("about:memory")); |
| 101 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutMemoryURL))); | 101 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| 102 | 102 |
| 103 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCrashURL)); | 103 p->GrantRequestURL(kRendererID, GURL("about:crash")); |
| 104 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL))); | 104 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| 105 | 105 |
| 106 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCacheURL)); | 106 p->GrantRequestURL(kRendererID, GURL("about:cache")); |
| 107 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCacheURL))); | 107 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); |
| 108 | 108 |
| 109 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutHangURL)); | 109 p->GrantRequestURL(kRendererID, GURL("about:hang")); |
| 110 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutHangURL))); | 110 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); |
| 111 | 111 |
| 112 p->Remove(kRendererID); | 112 p->Remove(kRendererID); |
| 113 } | 113 } |
| 114 | 114 |
| 115 TEST_F(RendererSecurityPolicyTest, JavaScriptTest) { | 115 TEST_F(RendererSecurityPolicyTest, JavaScriptTest) { |
| 116 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); | 116 RendererSecurityPolicy* p = RendererSecurityPolicy::GetInstance(); |
| 117 | 117 |
| 118 p->Add(kRendererID); | 118 p->Add(kRendererID); |
| 119 | 119 |
| 120 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 120 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 254 // Renderers are added and removed on the UI thread, but the policy can be | 254 // Renderers are added and removed on the UI thread, but the policy can be |
| 255 // queried on the IO thread. The RendererSecurityPolicy needs to be prepared | 255 // queried on the IO thread. The RendererSecurityPolicy needs to be prepared |
| 256 // to answer policy questions about renderers who no longer exist. | 256 // to answer policy questions about renderers who no longer exist. |
| 257 | 257 |
| 258 // In this case, we default to secure behavior. | 258 // In this case, we default to secure behavior. |
| 259 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 259 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 260 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); | 260 EXPECT_FALSE(p->CanUploadFile(kRendererID, file)); |
| 261 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); | 261 EXPECT_FALSE(p->HasDOMUIBindings(kRendererID)); |
| 262 } | 262 } |
| 263 | 263 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 28209:
Back out r10487 too (Closed)
Base URL: svn://chrome-svn.corp.google.com/chrome/trunk/src/