OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 8672 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8683 | 8683 |
8684 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); | 8684 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); |
8685 v8::HandleScope scope(v8::Isolate::GetCurrent()); | 8685 v8::HandleScope scope(v8::Isolate::GetCurrent()); |
8686 mainFrame->executeScript(WebScriptSource("hello = 'world';")); | 8686 mainFrame->executeScript(WebScriptSource("hello = 'world';")); |
8687 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); | 8687 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); |
8688 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri
ptSource("hello")); | 8688 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri
ptSource("hello")); |
8689 ASSERT_TRUE(result->IsString()); | 8689 ASSERT_TRUE(result->IsString()); |
8690 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC
ontext()).ToLocalChecked())); | 8690 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC
ontext()).ToLocalChecked())); |
8691 } | 8691 } |
8692 | 8692 |
| 8693 static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securi
tyOrigin) |
| 8694 { |
| 8695 Document* document = frame->document(); |
| 8696 document->setSecurityOrigin(securityOrigin); |
| 8697 } |
| 8698 |
| 8699 TEST_F(WebFrameTest, CanHaveSecureChild) |
| 8700 { |
| 8701 FrameTestHelpers::WebViewHelper helper; |
| 8702 FrameTestHelpers::TestWebFrameClient client; |
| 8703 helper.initialize(true, &client, nullptr, nullptr); |
| 8704 WebFrame* mainFrame = helper.webView()->mainFrame(); |
| 8705 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("http
s://example.com"); |
| 8706 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("ht
tp://example.com"); |
| 8707 |
| 8708 // Secure frame. |
| 8709 setSecurityOrigin(mainFrame, secureOrigin); |
| 8710 ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
| 8711 |
| 8712 // Insecure frame. |
| 8713 setSecurityOrigin(mainFrame, insecureOrigin); |
| 8714 ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
| 8715 |
| 8716 // Create a chain of frames. |
| 8717 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>"); |
| 8718 WebFrame* childFrame = mainFrame->firstChild(); |
| 8719 FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>"); |
| 8720 WebFrame* grandchildFrame = childFrame->firstChild(); |
| 8721 |
| 8722 // Secure -> insecure -> secure frame. |
| 8723 setSecurityOrigin(mainFrame, secureOrigin); |
| 8724 setSecurityOrigin(childFrame, insecureOrigin); |
| 8725 setSecurityOrigin(grandchildFrame, secureOrigin); |
| 8726 ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
| 8727 ASSERT_FALSE(childFrame->canHaveSecureChild()); |
| 8728 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
| 8729 |
| 8730 // A document in an insecure context can be considered secure if it has a |
| 8731 // scheme that bypasses the secure context check. But the exception doesn't |
| 8732 // apply to children of that document's frame. |
| 8733 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-s
cheme"); |
| 8734 SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); |
| 8735 RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("ver
y-special-scheme://example.com"); |
| 8736 |
| 8737 setSecurityOrigin(mainFrame, insecureOrigin); |
| 8738 setSecurityOrigin(childFrame, specialOrigin); |
| 8739 setSecurityOrigin(grandchildFrame, secureOrigin); |
| 8740 ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
| 8741 ASSERT_FALSE(childFrame->canHaveSecureChild()); |
| 8742 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
| 8743 Document* mainDocument = mainFrame->document(); |
| 8744 Document* childDocument = childFrame->document(); |
| 8745 Document* grandchildDocument = grandchildFrame->document(); |
| 8746 ASSERT_FALSE(mainDocument->isSecureContext()); |
| 8747 ASSERT_TRUE(childDocument->isSecureContext()); |
| 8748 ASSERT_FALSE(grandchildDocument->isSecureContext()); |
| 8749 } |
| 8750 |
8693 } // namespace blink | 8751 } // namespace blink |
OLD | NEW |