content/test/data/frame-src-self-and-b.html - Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: content/test/data/frame-src-self-and-b.html

Issue 1957783002: Replicate Content-Security-Policy into remote frame proxies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixing CSP inheritance for srcdoc. Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/site_per_process_browsertest.cc ('K') | « content/renderer/render_frame_proxy.cc ('k') | content/test/data/frame-src-self-and-b.html.mock-http-headers » ('j') | third_party/WebKit/Source/core/dom/RemoteSecurityContext.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 <!DOCTYPE html>

	2 <html>

	3 <head>

	4 <title>This page should only allow subframes from the same origin or b.com</titl e>

	5 </head>

	6 <body>

	7 This page should only allow subframes from the same origin or from b.com,

	8 because its CSP headers specify frame-src 'self' and 'b.com'.

	9 <iframe src="/cross-site/b.com/title2.html"></iframe>

	10 <iframe srcdoc="

	11 <html>
	alexmos 2016/05/16 16:17:03 Looking at some other test files with srcdoc ifram Looking at some other test files with srcdoc iframes, some of them get away without the escaping - is it really required here? Łukasz Anforowicz 2016/05/16 19:44:45 Oh, indeed - I assumed that I need to escape, but Show quoted text On 2016/05/16 16:17:03, alexmos wrote: > Looking at some other test files with srcdoc iframes, some of them get away > without the escaping - is it really required here? Oh, indeed - I assumed that I need to escape, but HTML5 spec seems to say that I only need to escape the quote character. OTOH it also says that "'text' must not contain control characters other than space characters" and I remember reading elsewhere that newlines are okay. Some people think that indeed only quote needs to be escaped (http://stackoverflow.com/a/8047332). Done.
	12 <head>

	13 <title>subtitle1</title>

	14 </head>

	15 <body>

	16 <iframe src="/cross-site/b.com/title2.html"></iframe&gt ;

	17 </body>

	18 </html>"></iframe>

	19 </body>

	20 </html>

	21

OLD	NEW