Index: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html |
diff --git a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html |
index 5f71a3fb718ec147f1d114e30b003fef5b362e87..7cfd9bd9d2c927f7a5d63c78914445013c64aab5 100644 |
--- a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html |
+++ b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html |
@@ -8,41 +8,56 @@ |
testRunner.waitUntilDone(); |
} |
- tests = 4; |
+ tests = 6; |
window.addEventListener("message", function(message) { |
tests -= 1; |
test(); |
}, false); |
+ function setup() { |
+ var img = document.getElementById('testimg'); |
+ img.onload = function () { |
+ alert('LOADED'); |
+ window.postMessage("next", "*"); |
+ }; |
+ img.onerror = function () { |
+ alert('BLOCKED'); |
+ window.postMessage("next", "*"); |
+ }; |
+ test(); |
+ } |
+ |
function test() { |
- function setImgSrc(isolated) { |
- var img = document.createElement('img'); |
- document.body.appendChild(img); |
- img.onload = function () { |
- alert('LOADED in ' + (isolated ? "isolated world" : "main world")); |
- window.postMessage("next", "*"); |
- }; |
- img.onerror = function () { |
- alert('BLOCKED in ' + (isolated ? "isolated world" : "main world")); |
- window.postMessage("next", "*"); |
- }; |
- img.src = "../resources/abe.png"; |
+ function setImgSrc(isolated, num) { |
+ var img = document.getElementById('testimg'); |
+ img.src = "../resources/abe.png?" + num; |
} |
+ alert("Running test #" + tests + "\n"); |
switch (tests) { |
+ case 6: |
+ setImgSrc(false, 6); |
+ break; |
+ case 5: |
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 5);"); |
+ break; |
case 4: |
- setImgSrc(false); |
+ alert("Starting to bypass main world's CSP:"); |
+ testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *'); |
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 4);"); |
break; |
case 3: |
- testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);"); |
+ // Main world, then isolated world -> should load |
+ setImgSrc(false, 3); |
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 3);"); |
break; |
case 2: |
- alert("Starting to bypass main world's CSP:"); |
- testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *'); |
- testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);"); |
+ // Isolated world, then main world -> should block |
+ testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 2);"); |
+ setImgSrc(false, 2); |
break; |
case 1: |
- setImgSrc(false); |
+ setImgSrc(false, 1); |
break; |
case 0: |
testRunner.setIsolatedWorldContentSecurityPolicy(1, ''); |
@@ -52,8 +67,9 @@ |
} |
</script> |
</head> |
-<body onload='test();'> |
+<body onload='setup();'> |
<p> |
+ <img id="testimg"> |
This test ensures that scripts run in isolated worlds marked with their |
own Content Security Policy aren't affected by the page's content |
security policy. Extensions, for example, should be able to load any |