Chromium Code Reviews Chromium Code Reviews
Issue 1723753002:
Make Document::isSecureContext() work for OOPIFs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 2014, Google Inc. All rights reserved. | 2 * Copyright (c) 2014, Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 30 | 30 |
| 31 #include "core/dom/Document.h" | 31 #include "core/dom/Document.h" |
| 32 | 32 |
| 33 #include "core/dom/DocumentVisibilityObserver.h" | 33 #include "core/dom/DocumentVisibilityObserver.h" |
| 34 #include "core/frame/FrameView.h" | 34 #include "core/frame/FrameView.h" |
| 35 #include "core/html/HTMLHeadElement.h" | 35 #include "core/html/HTMLHeadElement.h" |
| 36 #include "core/html/HTMLLinkElement.h" | 36 #include "core/html/HTMLLinkElement.h" |
| 37 #include "core/testing/DummyPageHolder.h" | 37 #include "core/testing/DummyPageHolder.h" |
| 38 #include "platform/heap/Handle.h" | 38 #include "platform/heap/Handle.h" |
| 39 #include "platform/weborigin/ReferrerPolicy.h" | 39 #include "platform/weborigin/ReferrerPolicy.h" |
| 40 #include "platform/weborigin/SchemeRegistry.h" | |
| 40 #include "platform/weborigin/SecurityOrigin.h" | 41 #include "platform/weborigin/SecurityOrigin.h" |
| 41 #include "testing/gmock/include/gmock/gmock.h" | 42 #include "testing/gmock/include/gmock/gmock.h" |
| 42 #include "testing/gtest/include/gtest/gtest.h" | 43 #include "testing/gtest/include/gtest/gtest.h" |
| 43 | 44 |
| 44 namespace blink { | 45 namespace blink { |
| 45 | 46 |
| 46 class DocumentTest : public ::testing::Test { | 47 class DocumentTest : public ::testing::Test { |
| 47 protected: | 48 protected: |
| 48 void SetUp() override; | 49 void SetUp() override; |
| 49 | 50 |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 346 element->setAttribute(blink::HTMLNames::classAttr, "a"); | 347 element->setAttribute(blink::HTMLNames::classAttr, "a"); |
| 347 EXPECT_NE(previousStyleVersion, document().styleVersion()); | 348 EXPECT_NE(previousStyleVersion, document().styleVersion()); |
| 348 | 349 |
| 349 document().view()->updateAllLifecyclePhases(); | 350 document().view()->updateAllLifecyclePhases(); |
| 350 | 351 |
| 351 previousStyleVersion = document().styleVersion(); | 352 previousStyleVersion = document().styleVersion(); |
| 352 element->setAttribute(blink::HTMLNames::classAttr, "a b"); | 353 element->setAttribute(blink::HTMLNames::classAttr, "a b"); |
| 353 EXPECT_NE(previousStyleVersion, document().styleVersion()); | 354 EXPECT_NE(previousStyleVersion, document().styleVersion()); |
| 354 } | 355 } |
| 355 | 356 |
| 357 TEST_F(DocumentTest, EnforceSandboxFlags) | |
| 358 { | |
| 359 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("http://exa mple.test"); | |
| 360 document().setSecurityOrigin(origin); | |
| 361 SandboxFlags mask = SandboxNavigation; | |
| 362 document().enforceSandboxFlags(mask); | |
| 363 EXPECT_EQ(origin, document().securityOrigin()); | |
| 364 EXPECT_FALSE(document().securityOrigin()->isPotentiallyTrustworthy()); | |
| 365 EXPECT_FALSE(document().securityOrigin()->bypassSecureContextCheck()); | |
| 366 | |
| 367 mask |= SandboxOrigin; | |
| 368 document().enforceSandboxFlags(mask); | |
| 369 EXPECT_TRUE(document().securityOrigin()->isUnique()); | |
| 370 EXPECT_FALSE(document().securityOrigin()->isPotentiallyTrustworthy()); | |
| 371 EXPECT_FALSE(document().securityOrigin()->bypassSecureContextCheck()); | |
| 372 | |
| 373 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("special-scheme "); | |
| 374 // A unique origin does not bypass secure context checks unless it is also p otentially trustworthy. | |
| 375 origin = SecurityOrigin::createFromString("special-scheme://example.test"); | |
| 376 document().setSecurityOrigin(origin); | |
| 377 document().enforceSandboxFlags(mask); | |
| 378 EXPECT_TRUE(document().securityOrigin()->isUnique()); | |
| 379 EXPECT_FALSE(document().securityOrigin()->isPotentiallyTrustworthy()); | |
|
alexmos
2016/03/09 18:45:06
It seems this part of the test still might have be
estark
2016/03/10 00:53:44
Done.
| |
| 380 EXPECT_FALSE(document().securityOrigin()->bypassSecureContextCheck()); | |
| 381 | |
| 382 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-s cheme"); | |
| 383 SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); | |
| 384 origin = SecurityOrigin::createFromString("very-special-scheme://example.tes t"); | |
| 385 document().setSecurityOrigin(origin); | |
| 386 document().enforceSandboxFlags(mask); | |
| 387 EXPECT_TRUE(document().securityOrigin()->isUnique()); | |
| 388 EXPECT_TRUE(document().securityOrigin()->isPotentiallyTrustworthy()); | |
| 389 EXPECT_TRUE(document().securityOrigin()->bypassSecureContextCheck()); | |
| 390 | |
| 391 origin = SecurityOrigin::createFromString("https://example.test"); | |
| 392 document().setSecurityOrigin(origin); | |
| 393 document().enforceSandboxFlags(mask); | |
| 394 EXPECT_TRUE(document().securityOrigin()->isUnique()); | |
| 395 EXPECT_TRUE(document().securityOrigin()->isPotentiallyTrustworthy()); | |
| 396 EXPECT_FALSE(document().securityOrigin()->bypassSecureContextCheck()); | |
| 397 } | |
| 398 | |
| 356 } // namespace blink | 399 } // namespace blink |
| OLD | NEW |
