Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(35)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-block.html

Issue 1849223002: Blocking synchronous and third party doc.written scripts (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Resolved conflicts with latest Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-block.html
diff --git a/third_party/WebKit/LayoutTests/accessibility/name-calc-img.html b/third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-block.html
similarity index 10%
copy from third_party/WebKit/LayoutTests/accessibility/name-calc-img.html
copy to third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-block.html
index d5467d158b175415a234d719cf785a87819e840a..c9b719952229fc30d9714f7efb4c79cc59a1b021 100644
--- a/third_party/WebKit/LayoutTests/accessibility/name-calc-img.html
+++ b/third_party/WebKit/LayoutTests/http/tests/loading/doc-write-sync-third-party-script-block.html
@@ -1,74 +1,80 @@
-<!DOCTYPE HTML>
+<!DOCTYPE html>
<script src="../resources/testharness.js"></script>
<script src="../resources/testharnessreport.js"></script>
+<script>
+ var sameOrigin = 'http://127.0.0.1:8000'
+ var crossOrigin = 'http://localhost:8000'
+ var filePath = '/loading/resources/js-loaded.js'
+ var jsLoaded = false;
+ var loadSuccess = false;
-<style>
-.hideAllContainers .container {
- display: none;
-}
-</style>
-
-<div class="container">
- <img id="img1" src="resources/cake.png">
-</div>
+ src = crossOrigin + filePath;
+ document.write('<scr' + 'ipt src="' + src + '" onload="loadSuccess=true"></scr' + 'ipt>');
+</script>
<script>
-test(function(t) {
- var axImg1 = accessibilityController.accessibleElementById("img1");
- assert_equals(axImg1.name, "");
-}, "img element without alt");
+ test(function () {
+ assert_true(jsLoaded);
+ assert_true(loadSuccess);
+ }, "Blocking of scripts doesn't come into effect since feature is disabled");
+
</script>
+<script>
+ if (window.internals) {
+ internals.settings.setDisallowFetchForDocWrittenScriptsInMainFrame(true);
+ internals.setNetworkStateNotifierTestOnly(true);
+ internals.setNetworkConnectionInfo('cellular2g', 1.0);
+ internals.evictAllResources();
-<div class="container">
- <img id="img2" title="img2-title" src="resources/cake.png">
-</div>
+ // Reset the state of the singleton network state notifier.
+ window.addEventListener('beforeunload', function() {
+ internals.settings.setDisallowFetchForDocWrittenScriptsInMainFrame(false);
+ internals.setNetworkStateNotifierTestOnly(false);
+ }, false);
+ }
-<script>
-test(function(t) {
- var axImg2 = accessibilityController.accessibleElementById("img2");
- assert_equals(axImg2.name, "img2-title");
- assert_equals(axImg2.nameFrom, "attribute");
-}, "img element without alt, with title");
+ src = sameOrigin + filePath;
+ jsLoaded = false;
+ loadSuccess = false;
+ document.write('<scr' + 'ipt src="' + src + '" onload="loadSuccess=true"></scr' + 'ipt>');
</script>
-<div class="container">
- <img id="img3" title="img3-title" alt="img3-alt" src="resources/cake.png">
-</div>
-
<script>
-test(function(t) {
- var axImg3 = accessibilityController.accessibleElementById("img3");
- assert_equals(axImg3.name, "img3-alt");
- assert_equals(axImg3.nameFrom, "attribute");
-}, "img element with title and alt");
+ test(function () {
+ assert_true(jsLoaded);
+ assert_true(loadSuccess);
+ }, "Same domain doc.written scripts are not blocked");
</script>
-<div class="container">
- <img id="img4" title="img4-title" alt="img4-alt" aria-label="img4-aria-label" src="resources/cake.png">
-</div>
-
<script>
-test(function(t) {
- var axImg4 = accessibilityController.accessibleElementById("img4");
- assert_equals(axImg4.name, "img4-aria-label");
- assert_equals(axImg4.nameFrom, "attribute");
-}, "img element with title and alt");
-</script>
+ var jsLoaded = false;
+ var loadSuccess = false;
-<div class="container">
- <img id="img5" title="img5-title" alt="img5-alt" aria-label="img5-aria-label" aria-labelledby="labelledby5" src="resources/cake.png">
- <span hidden="true" id="labelledby5">img5-aria-labelledby</span>
-</div>
+ src = crossOrigin + filePath;
+ document.write('<scr' + 'ipt src="' + src + '" onload="loadSuccess=true"></scr' + 'ipt>');
+</script>
<script>
-test(function(t) {
- var axImg5 = accessibilityController.accessibleElementById("img5");
- assert_equals(axImg5.name, "img5-aria-labelledby");
- assert_equals(axImg5.nameFrom, "relatedElement");
-}, "img element with title and alt");
+ test(function () {
+ assert_true(jsLoaded);
+ assert_true(loadSuccess);
+ }, "cross-origin script not blocked since it is cached");
+
+</script>
+<script>
+ jsLoaded = false;
+ loadSuccess = false;
+ var loadFailed = false;
+
+ filePath = '/loading/resources/js-loaded.js?1';
+ src = crossOrigin + filePath;
+ document.write('<scr' + 'ipt src="' + src + '" onload="loadSuccess=true" onError="loadFailed=true"></scr' + 'ipt>');
</script>
<script>
-if (window.testRunner)
- document.body.className = "hideAllContainers";
+ test(function () {
+ assert_false(jsLoaded);
+ assert_false(loadSuccess);
+ assert_true(loadFailed);
+ }, "cross origin doc.written scripts are blocked");
</script>

Powered by Google App Engine
This is Rietveld 408576698