| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/common/extensions/csp_validator.h" |
| 6 #include "testing/gtest/include/gtest/gtest.h" |
| 7 |
| 8 using namespace extensions::csp_validator; |
| 9 |
| 10 TEST(ExtensionCSPValidator, IsLegal) { |
| 11 EXPECT_TRUE(ContentSecurityPolicyIsLegal("foo")); |
| 12 EXPECT_TRUE(ContentSecurityPolicyIsLegal( |
| 13 "default-src 'self'; script-src http://www.google.com")); |
| 14 EXPECT_FALSE(ContentSecurityPolicyIsLegal( |
| 15 "default-src 'self';\nscript-src http://www.google.com")); |
| 16 EXPECT_FALSE(ContentSecurityPolicyIsLegal( |
| 17 "default-src 'self';\rscript-src http://www.google.com")); |
| 18 } |
| 19 |
| 20 TEST(ExtensionCSPValidator, IsSecure) { |
| 21 EXPECT_FALSE(ContentSecurityPolicyIsSecure("")); |
| 22 EXPECT_FALSE(ContentSecurityPolicyIsSecure("img-src https://google.com")); |
| 23 |
| 24 EXPECT_FALSE(ContentSecurityPolicyIsSecure("default-src *")); |
| 25 EXPECT_TRUE(ContentSecurityPolicyIsSecure("default-src 'self'")); |
| 26 EXPECT_TRUE(ContentSecurityPolicyIsSecure("default-src 'none'")); |
| 27 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 28 "default-src 'self' ftp://google.com")); |
| 29 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 30 "default-src 'self' https://google.com")); |
| 31 |
| 32 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 33 "default-src *; default-src 'self'")); |
| 34 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 35 "default-src 'self'; default-src *")); |
| 36 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 37 "default-src 'self'; default-src *; script-src *; script-src 'self'")); |
| 38 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 39 "default-src 'self'; default-src *; script-src 'self'; script-src *")); |
| 40 |
| 41 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 42 "default-src *; script-src 'self'")); |
| 43 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 44 "default-src *; script-src 'self'; img-src 'self'")); |
| 45 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 46 "default-src *; script-src 'self'; object-src 'self'")); |
| 47 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 48 "script-src 'self'; object-src 'self'")); |
| 49 |
| 50 EXPECT_FALSE(ContentSecurityPolicyIsSecure("default-src 'unsafe-inline'")); |
| 51 EXPECT_FALSE(ContentSecurityPolicyIsSecure("default-src 'unsafe-eval'")); |
| 52 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 53 "default-src 'unsafe-inline' 'none'")); |
| 54 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 55 "default-src 'self' http://google.com")); |
| 56 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 57 "default-src 'self' https://google.com")); |
| 58 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 59 "default-src 'self' chrome://resources")); |
| 60 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 61 "default-src 'self' chrome-extension://aabbcc")); |
| 62 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 63 "default-src 'self' https:")); |
| 64 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 65 "default-src 'self' http:")); |
| 66 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 67 "default-src 'self' https://*")); |
| 68 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 69 "default-src 'self' *")); |
| 70 EXPECT_FALSE(ContentSecurityPolicyIsSecure( |
| 71 "default-src 'self' google.com")); |
| 72 EXPECT_TRUE(ContentSecurityPolicyIsSecure( |
| 73 "default-src 'self' https://*.google.com")); |
| 74 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8773028:
Allow extenions to override the default content_security_policy, but require (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/