Support whitelisting to handle insecure origins as trustworthy origins (blink)

Source/platform/weborigin/SecurityPolicyTest.cpp

Index: Source/platform/weborigin/SecurityPolicyTest.cpp
diff --git a/Source/platform/weborigin/SecurityPolicyTest.cpp b/Source/platform/weborigin/SecurityPolicyTest.cpp
index a4ed846b2a670233f64bf46b3fab040a62d115ae..53760a50653a50f02d8e985e2514bb73bda3f267 100644
--- a/Source/platform/weborigin/SecurityPolicyTest.cpp
+++ b/Source/platform/weborigin/SecurityPolicyTest.cpp
@@ -29,12 +29,14 @@
  */
 
 #include "config.h"
+#include "platform/weborigin/SecurityOrigin.h"
 #include "platform/weborigin/SecurityPolicy.h"
 
 #include "platform/weborigin/KURL.h"
 #include <gtest/gtest.h>
 
 using blink::KURL;
+using blink::SecurityOrigin;
 using blink::SecurityPolicy;
 
 namespace {
@@ -137,5 +139,22 @@ TEST(SecurityPolicyTest, GenerateReferrer)
     }
 }
 
-} // namespace
+TEST(SecurityPolicyTest, TrustworthyWhiteList)
+{
+    const char* insecureURLs[] = {
+        "http://a.test/path/to/file.html",
+        "http://b.test/path/to/file.html",
+        "blob:http://c.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde",
+        "filesystem:http://d.test/path/t/file.html",

[Mike West, 2015/04/20 09:25:00]

I think we also need to verify that whitelisting `blob:[origin]` also whitelists
`[origin]`. That might not be clear to someone just skimming this test. It
probably means breaking out of the nice `for`-loop style, though. :(

[kinuko, 2015/04/20 15:43:18]

Good point, done.

+    };
 
+    for (const char* url : insecureURLs) {
+        String errorMessage;
+        RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(url);
+        EXPECT_FALSE(origin->isPotentiallyTrustworthy(errorMessage));
+        SecurityPolicy::addOriginTrustworthyWhiteList(*origin);
+        EXPECT_TRUE(origin->isPotentiallyTrustworthy(errorMessage));
+    }
+}
+
+} // namespace