Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(264)

Unified Diff: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html

Issue 200923002: Post a microtask to load <img> elements. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: fix last test failure Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
diff --git a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
index 5f71a3fb718ec147f1d114e30b003fef5b362e87..7cfd9bd9d2c927f7a5d63c78914445013c64aab5 100644
--- a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
+++ b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
@@ -8,41 +8,56 @@
testRunner.waitUntilDone();
}
- tests = 4;
+ tests = 6;
window.addEventListener("message", function(message) {
tests -= 1;
test();
}, false);
+ function setup() {
+ var img = document.getElementById('testimg');
+ img.onload = function () {
+ alert('LOADED');
+ window.postMessage("next", "*");
+ };
+ img.onerror = function () {
+ alert('BLOCKED');
+ window.postMessage("next", "*");
+ };
+ test();
+ }
+
function test() {
- function setImgSrc(isolated) {
- var img = document.createElement('img');
- document.body.appendChild(img);
- img.onload = function () {
- alert('LOADED in ' + (isolated ? "isolated world" : "main world"));
- window.postMessage("next", "*");
- };
- img.onerror = function () {
- alert('BLOCKED in ' + (isolated ? "isolated world" : "main world"));
- window.postMessage("next", "*");
- };
- img.src = "../resources/abe.png";
+ function setImgSrc(isolated, num) {
+ var img = document.getElementById('testimg');
+ img.src = "../resources/abe.png?" + num;
}
+ alert("Running test #" + tests + "\n");
switch (tests) {
+ case 6:
+ setImgSrc(false, 6);
+ break;
+ case 5:
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 5);");
+ break;
case 4:
- setImgSrc(false);
+ alert("Starting to bypass main world's CSP:");
+ testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *');
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 4);");
break;
case 3:
- testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
+ // Main world, then isolated world -> should load
+ setImgSrc(false, 3);
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 3);");
break;
case 2:
- alert("Starting to bypass main world's CSP:");
- testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *');
- testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
+ // Isolated world, then main world -> should block
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 2);");
+ setImgSrc(false, 2);
break;
case 1:
- setImgSrc(false);
+ setImgSrc(false, 1);
break;
case 0:
testRunner.setIsolatedWorldContentSecurityPolicy(1, '');
@@ -52,8 +67,9 @@
}
</script>
</head>
-<body onload='test();'>
+<body onload='setup();'>
<p>
+ <img id="testimg">
This test ensures that scripts run in isolated worlds marked with their
own Content Security Policy aren't affected by the page's content
security policy. Extensions, for example, should be able to load any

Powered by Google App Engine
This is Rietveld 408576698