OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 8672 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8683 | 8683 |
8684 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); | 8684 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); |
8685 v8::HandleScope scope(v8::Isolate::GetCurrent()); | 8685 v8::HandleScope scope(v8::Isolate::GetCurrent()); |
8686 mainFrame->executeScript(WebScriptSource("hello = 'world';")); | 8686 mainFrame->executeScript(WebScriptSource("hello = 'world';")); |
8687 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); | 8687 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); |
8688 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri ptSource("hello")); | 8688 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri ptSource("hello")); |
8689 ASSERT_TRUE(result->IsString()); | 8689 ASSERT_TRUE(result->IsString()); |
8690 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC ontext()).ToLocalChecked())); | 8690 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC ontext()).ToLocalChecked())); |
8691 } | 8691 } |
8692 | 8692 |
8693 static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securi tyOrigin) | |
8694 { | |
8695 Document* document = frame->document(); | |
8696 document->setSecurityOrigin(securityOrigin); | |
8697 } | |
8698 | |
8699 TEST_F(WebFrameTest, CanHaveSecureChild) | |
8700 { | |
8701 FrameTestHelpers::WebViewHelper helper; | |
8702 FrameTestHelpers::TestWebFrameClient client; | |
8703 helper.initialize(true, &client, nullptr, nullptr); | |
8704 WebFrame* mainFrame = helper.webView()->mainFrame(); | |
8705 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("http s://example.com"); | |
8706 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("ht tp://example.com"); | |
8707 | |
8708 // Secure frame. | |
8709 setSecurityOrigin(mainFrame, secureOrigin); | |
8710 ASSERT_TRUE(mainFrame->canHaveSecureChild()); | |
8711 | |
8712 // Insecure frame. | |
8713 setSecurityOrigin(mainFrame, insecureOrigin); | |
8714 ASSERT_FALSE(mainFrame->canHaveSecureChild()); | |
8715 | |
8716 // Create a chain of frames. | |
8717 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>"); | |
8718 WebFrame* childFrame = mainFrame->firstChild(); | |
8719 FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>"); | |
8720 WebFrame* grandchildFrame = childFrame->firstChild(); | |
8721 | |
8722 // Secure -> insecure -> secure frame. | |
8723 setSecurityOrigin(mainFrame, secureOrigin); | |
8724 setSecurityOrigin(childFrame, insecureOrigin); | |
8725 setSecurityOrigin(grandchildFrame, secureOrigin); | |
8726 ASSERT_TRUE(mainFrame->canHaveSecureChild()); | |
8727 ASSERT_FALSE(childFrame->canHaveSecureChild()); | |
8728 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); | |
8729 | |
8730 // A document in an insecure context can be considered | |
horo
2016/06/03 09:54:45
nit: strange line break.
falken
2016/06/03 12:10:45
My vim sometimes gets in a state where it can't gq
| |
8731 // secure if it has a scheme that bypasses the secure context check. | |
8732 // But the exception doesn't apply to children of that document's | |
8733 // frame. | |
8734 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-s cheme"); | |
8735 SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); | |
8736 RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("ver y-special-scheme://example.com"); | |
8737 | |
8738 setSecurityOrigin(mainFrame, insecureOrigin); | |
8739 setSecurityOrigin(childFrame, specialOrigin); | |
8740 setSecurityOrigin(grandchildFrame, secureOrigin); | |
8741 ASSERT_FALSE(mainFrame->canHaveSecureChild()); | |
8742 ASSERT_FALSE(childFrame->canHaveSecureChild()); | |
8743 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); | |
8744 Document* mainDocument = mainFrame->document(); | |
8745 Document* childDocument = childFrame->document(); | |
8746 Document* grandchildDocument = grandchildFrame->document(); | |
8747 ASSERT_FALSE(mainDocument->isSecureContext()); | |
8748 ASSERT_TRUE(childDocument->isSecureContext()); | |
8749 ASSERT_FALSE(grandchildDocument->isSecureContext()); | |
8750 } | |
8751 | |
8693 } // namespace blink | 8752 } // namespace blink |
OLD | NEW |