OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2014 Google Inc. All rights reserved. | 2 * Copyright (C) 2014 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 11 matching lines...) Expand all Loading... | |
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
29 */ | 29 */ |
30 | 30 |
31 #include "config.h" | 31 #include "config.h" |
32 #include "platform/weborigin/SecurityOrigin.h" | |
32 #include "platform/weborigin/SecurityPolicy.h" | 33 #include "platform/weborigin/SecurityPolicy.h" |
33 | 34 |
34 #include "platform/weborigin/KURL.h" | 35 #include "platform/weborigin/KURL.h" |
35 #include <gtest/gtest.h> | 36 #include <gtest/gtest.h> |
36 | 37 |
37 using blink::KURL; | 38 using blink::KURL; |
39 using blink::SecurityOrigin; | |
38 using blink::SecurityPolicy; | 40 using blink::SecurityPolicy; |
39 | 41 |
40 namespace { | 42 namespace { |
41 | 43 |
42 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL) | 44 TEST(SecurityPolicyTest, ReferrerIsAlwaysAWebURL) |
43 { | 45 { |
44 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer); | 46 EXPECT_TRUE(String() == SecurityPolicy::generateReferrer(blink::ReferrerPoli cyAlways, KURL(blink::ParsedURLString, "http://example.com/"), String::fromUTF8( "chrome://somepage/")).referrer); |
45 } | 47 } |
46 | 48 |
47 TEST(SecurityPolicyTest, GenerateReferrer) | 49 TEST(SecurityPolicyTest, GenerateReferrer) |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
130 << result.referrer.utf8().data() << "'."; | 132 << result.referrer.utf8().data() << "'."; |
131 } else { | 133 } else { |
132 EXPECT_TRUE(result.referrer.isEmpty()) | 134 EXPECT_TRUE(result.referrer.isEmpty()) |
133 << "'" << test.referrer << "' to '" << test.destination | 135 << "'" << test.referrer << "' to '" << test.destination |
134 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'."; | 136 << "' should have been empty: was '" << result.referrer.utf8().d ata() << "'."; |
135 } | 137 } |
136 EXPECT_EQ(test.policy, result.referrerPolicy); | 138 EXPECT_EQ(test.policy, result.referrerPolicy); |
137 } | 139 } |
138 } | 140 } |
139 | 141 |
142 TEST(SecurityPolicyTest, TrustworthyWhiteList) | |
143 { | |
144 const char* insecureURLs[] = { | |
145 "http://a.test/path/to/file.html", | |
146 "http://b.test/path/to/file.html", | |
147 "blob:http://c.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde", | |
148 "filesystem:http://d.test/path/t/file.html", | |
Mike West
2015/04/20 09:25:00
I think we also need to verify that whitelisting `
kinuko
2015/04/20 15:43:18
Good point, done.
| |
149 }; | |
150 | |
151 for (const char* url : insecureURLs) { | |
152 String errorMessage; | |
153 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url); | |
154 EXPECT_FALSE(origin->isPotentiallyTrustworthy(errorMessage)); | |
155 SecurityPolicy::addOriginTrustworthyWhiteList(*origin); | |
156 EXPECT_TRUE(origin->isPotentiallyTrustworthy(errorMessage)); | |
157 } | |
158 } | |
159 | |
140 } // namespace | 160 } // namespace |
141 | |
OLD | NEW |