OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSourceList.h" | 5 #include "core/frame/csp/CSPSourceList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 { | 46 { |
47 KURL base; | 47 KURL base; |
48 String sources = "'none'"; | 48 String sources = "'none'"; |
49 CSPSourceList sourceList(csp.get(), "script-src"); | 49 CSPSourceList sourceList(csp.get(), "script-src"); |
50 parseSourceList(sourceList, sources); | 50 parseSourceList(sourceList, sources); |
51 | 51 |
52 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); | 52 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); |
53 EXPECT_FALSE(sourceList.matches(KURL(base, "https://example.test/"))); | 53 EXPECT_FALSE(sourceList.matches(KURL(base, "https://example.test/"))); |
54 } | 54 } |
55 | 55 |
| 56 TEST_F(CSPSourceListTest, BasicMatchingUnsafeDynamic) |
| 57 { |
| 58 String sources = "'unsafe-dynamic'"; |
| 59 CSPSourceList sourceList(csp.get(), "script-src"); |
| 60 parseSourceList(sourceList, sources); |
| 61 |
| 62 EXPECT_TRUE(sourceList.allowDynamic()); |
| 63 } |
| 64 |
56 TEST_F(CSPSourceListTest, BasicMatchingStar) | 65 TEST_F(CSPSourceListTest, BasicMatchingStar) |
57 { | 66 { |
58 KURL base; | 67 KURL base; |
59 String sources = "*"; | 68 String sources = "*"; |
60 CSPSourceList sourceList(csp.get(), "script-src"); | 69 CSPSourceList sourceList(csp.get(), "script-src"); |
61 parseSourceList(sourceList, sources); | 70 parseSourceList(sourceList, sources); |
62 | 71 |
63 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/"))); | 72 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/"))); |
64 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/"))); | 73 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/"))); |
65 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar"))); | 74 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar"))); |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
171 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 180 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
172 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 181 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
173 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); | 182 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); |
174 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 183 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
175 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); | 184 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); |
176 | 185 |
177 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 186 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
178 } | 187 } |
179 | 188 |
180 } // namespace blink | 189 } // namespace blink |
OLD | NEW |