OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSourceList.h" | 5 #include "core/frame/csp/CSPSourceList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
55 | 55 |
56 TEST_F(CSPSourceListTest, BasicMatchingUnsafeDynamic) | 56 TEST_F(CSPSourceListTest, BasicMatchingUnsafeDynamic) |
57 { | 57 { |
58 String sources = "'unsafe-dynamic'"; | 58 String sources = "'unsafe-dynamic'"; |
59 CSPSourceList sourceList(csp.get(), "script-src"); | 59 CSPSourceList sourceList(csp.get(), "script-src"); |
60 parseSourceList(sourceList, sources); | 60 parseSourceList(sourceList, sources); |
61 | 61 |
62 EXPECT_TRUE(sourceList.allowDynamic()); | 62 EXPECT_TRUE(sourceList.allowDynamic()); |
63 } | 63 } |
64 | 64 |
| 65 TEST_F(CSPSourceListTest, BasicMatchingUnsafeHashedAttributes) |
| 66 { |
| 67 String sources = "'unsafe-hashed-attributes'"; |
| 68 CSPSourceList sourceList(csp.get(), "script-src"); |
| 69 parseSourceList(sourceList, sources); |
| 70 |
| 71 EXPECT_TRUE(sourceList.allowHashedAttributes()); |
| 72 } |
| 73 |
| 74 |
65 TEST_F(CSPSourceListTest, BasicMatchingStar) | 75 TEST_F(CSPSourceListTest, BasicMatchingStar) |
66 { | 76 { |
67 KURL base; | 77 KURL base; |
68 String sources = "*"; | 78 String sources = "*"; |
69 CSPSourceList sourceList(csp.get(), "script-src"); | 79 CSPSourceList sourceList(csp.get(), "script-src"); |
70 parseSourceList(sourceList, sources); | 80 parseSourceList(sourceList, sources); |
71 | 81 |
72 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/"))); | 82 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/"))); |
73 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/"))); | 83 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example.com/"))); |
74 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar"))); | 84 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example.com/bar"))); |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
181 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 191 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
182 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 192 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
183 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); | 193 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); |
184 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 194 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
185 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); | 195 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); |
186 | 196 |
187 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 197 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
188 } | 198 } |
189 | 199 |
190 } // namespace blink | 200 } // namespace blink |
OLD | NEW |