| Index: LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
|
| diff --git a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
|
| index 5f71a3fb718ec147f1d114e30b003fef5b362e87..7cfd9bd9d2c927f7a5d63c78914445013c64aab5 100644
|
| --- a/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
|
| +++ b/LayoutTests/http/tests/security/isolatedWorld/bypass-main-world-csp.html
|
| @@ -8,41 +8,56 @@
|
| testRunner.waitUntilDone();
|
| }
|
|
|
| - tests = 4;
|
| + tests = 6;
|
| window.addEventListener("message", function(message) {
|
| tests -= 1;
|
| test();
|
| }, false);
|
|
|
| + function setup() {
|
| + var img = document.getElementById('testimg');
|
| + img.onload = function () {
|
| + alert('LOADED');
|
| + window.postMessage("next", "*");
|
| + };
|
| + img.onerror = function () {
|
| + alert('BLOCKED');
|
| + window.postMessage("next", "*");
|
| + };
|
| + test();
|
| + }
|
| +
|
| function test() {
|
| - function setImgSrc(isolated) {
|
| - var img = document.createElement('img');
|
| - document.body.appendChild(img);
|
| - img.onload = function () {
|
| - alert('LOADED in ' + (isolated ? "isolated world" : "main world"));
|
| - window.postMessage("next", "*");
|
| - };
|
| - img.onerror = function () {
|
| - alert('BLOCKED in ' + (isolated ? "isolated world" : "main world"));
|
| - window.postMessage("next", "*");
|
| - };
|
| - img.src = "../resources/abe.png";
|
| + function setImgSrc(isolated, num) {
|
| + var img = document.getElementById('testimg');
|
| + img.src = "../resources/abe.png?" + num;
|
| }
|
|
|
| + alert("Running test #" + tests + "\n");
|
| switch (tests) {
|
| + case 6:
|
| + setImgSrc(false, 6);
|
| + break;
|
| + case 5:
|
| + testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 5);");
|
| + break;
|
| case 4:
|
| - setImgSrc(false);
|
| + alert("Starting to bypass main world's CSP:");
|
| + testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *');
|
| + testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 4);");
|
| break;
|
| case 3:
|
| - testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
|
| + // Main world, then isolated world -> should load
|
| + setImgSrc(false, 3);
|
| + testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 3);");
|
| break;
|
| case 2:
|
| - alert("Starting to bypass main world's CSP:");
|
| - testRunner.setIsolatedWorldContentSecurityPolicy(1, 'img-src *');
|
| - testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true);");
|
| + // Isolated world, then main world -> should block
|
| + testRunner.evaluateScriptInIsolatedWorld(1, String(eval("setImgSrc")) + "\nsetImgSrc(true, 2);");
|
| + setImgSrc(false, 2);
|
| break;
|
| case 1:
|
| - setImgSrc(false);
|
| + setImgSrc(false, 1);
|
| break;
|
| case 0:
|
| testRunner.setIsolatedWorldContentSecurityPolicy(1, '');
|
| @@ -52,8 +67,9 @@
|
| }
|
| </script>
|
| </head>
|
| -<body onload='test();'>
|
| +<body onload='setup();'>
|
| <p>
|
| + <img id="testimg">
|
| This test ensures that scripts run in isolated worlds marked with their
|
| own Content Security Policy aren't affected by the page's content
|
| security policy. Extensions, for example, should be able to load any
|
|
|
Chromium Code Reviews
Issue 200923002:
Post a microtask to load <img> elements. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk