Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Side by Side Diff: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html

Issue 200923002: Post a microtask to load <img> elements. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: fix last test failure Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <html> 2 <html>
3 <head> 3 <head>
4 <meta http-equiv="Content-Security-Policy" content="img-src 'none'"> 4 <meta http-equiv="Content-Security-Policy" content="img-src 'none'">
5 <script> 5 <script>
6 if (window.testRunner) { 6 if (window.testRunner) {
7 testRunner.dumpAsText(); 7 testRunner.dumpAsText();
8 testRunner.waitUntilDone(); 8 testRunner.waitUntilDone();
9 } 9 }
10 10
11 tests = 4; 11 tests = 6;
12 window.addEventListener("message", function(message) { 12 window.addEventListener("message", function(message) {
13 tests -= 1; 13 tests -= 1;
14 test(); 14 test();
15 }, false); 15 }, false);
16 16
17 function setup() {
18 var img = document.getElementById('testimg');
19 img.onload = function () {
20 alert('LOADED');
21 window.postMessage("next", "*");
22 };
23 img.onerror = function () {
24 alert('BLOCKED');
25 window.postMessage("next", "*");
26 };
27 test();
28 }
29
17 function test() { 30 function test() {
18 function setImgSrc(isolated) { 31 function setImgSrc(isolated, num) {
19 var img = document.createElement('img'); 32 var img = document.getElementById('testimg');
20 document.body.appendChild(img); 33 img.src = "../resources/abe.png?" + num;
21 img.onload = function () {
22 alert('LOADED in ' + (isolated ? "isolated world" : "main world" ));
23 window.postMessage("next", "*");
24 };
25 img.onerror = function () {
26 alert('BLOCKED in ' + (isolated ? "isolated world" : "main world "));
27 window.postMessage("next", "*");
28 };
29 img.src = "../resources/abe.png";
30 } 34 }
31 35
36 alert("Running test #" + tests + "\n");
32 switch (tests) { 37 switch (tests) {
38 case 6:
39 setImgSrc(false, 6);
40 break;
41 case 5:
42 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true, 5);");
43 break;
33 case 4: 44 case 4:
34 setImgSrc(false); 45 alert("Starting to bypass main world's CSP:");
46 testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *') ;
47 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true, 4);");
35 break; 48 break;
36 case 3: 49 case 3:
37 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true);"); 50 // Main world, then isolated world -> should load
51 setImgSrc(false, 3);
52 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true, 3);");
38 break; 53 break;
39 case 2: 54 case 2:
40 alert("Starting to bypass main world's CSP:"); 55 // Isolated world, then main world -> should block
41 testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *') ; 56 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true, 2);");
42 testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgS rc")) + "\nsetImgSrc(true);"); 57 setImgSrc(false, 2);
43 break; 58 break;
44 case 1: 59 case 1:
45 setImgSrc(false); 60 setImgSrc(false, 1);
46 break; 61 break;
47 case 0: 62 case 0:
48 testRunner.setIsolatedWorldContentSecurityPolicy(1, ''); 63 testRunner.setIsolatedWorldContentSecurityPolicy(1, '');
49 testRunner.notifyDone(); 64 testRunner.notifyDone();
50 break; 65 break;
51 } 66 }
52 } 67 }
53 </script> 68 </script>
54 </head> 69 </head>
55 <body onload='test();'> 70 <body onload='setup();'>
56 <p> 71 <p>
72 <img id="testimg">
57 This test ensures that scripts run in isolated worlds marked with their 73 This test ensures that scripts run in isolated worlds marked with their
58 own Content Security Policy aren't affected by the page's content 74 own Content Security Policy aren't affected by the page's content
59 security policy. Extensions, for example, should be able to load any 75 security policy. Extensions, for example, should be able to load any
60 resource they like. 76 resource they like.
61 </p> 77 </p>
62 </body> 78 </body>
63 </html> 79 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698