Index: third_party/WebKit/Source/web/tests/WebFrameTest.cpp |
diff --git a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp |
index b2d4ad274c57325a801197399a9ac6e4980b9bcb..45f2a3c6b02e77172d6f29469e0432b095f305ff 100644 |
--- a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp |
+++ b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp |
@@ -8690,4 +8690,63 @@ TEST(WebFrameGlobalReuseTest, ReuseForMainFrameIfEnabled) |
EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptContext()).ToLocalChecked())); |
} |
+static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securityOrigin) |
+{ |
+ Document* document = frame->document(); |
+ document->setSecurityOrigin(securityOrigin); |
+} |
+ |
+TEST_F(WebFrameTest, CanHaveSecureChild) |
+{ |
+ FrameTestHelpers::WebViewHelper helper; |
+ FrameTestHelpers::TestWebFrameClient client; |
+ helper.initialize(true, &client, nullptr, nullptr); |
+ WebFrame* mainFrame = helper.webView()->mainFrame(); |
+ RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("https://example.com"); |
+ RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("http://example.com"); |
+ |
+ // Secure frame. |
+ setSecurityOrigin(mainFrame, secureOrigin); |
+ ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
+ |
+ // Insecure frame. |
+ setSecurityOrigin(mainFrame, insecureOrigin); |
+ ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
+ |
+ // Create a chain of frames. |
+ FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>"); |
+ WebFrame* childFrame = mainFrame->firstChild(); |
+ FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>"); |
+ WebFrame* grandchildFrame = childFrame->firstChild(); |
+ |
+ // Secure -> insecure -> secure frame. |
+ setSecurityOrigin(mainFrame, secureOrigin); |
+ setSecurityOrigin(childFrame, insecureOrigin); |
+ setSecurityOrigin(grandchildFrame, secureOrigin); |
+ ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
+ ASSERT_FALSE(childFrame->canHaveSecureChild()); |
+ ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
+ |
+ // A document in an insecure context can be considered |
horo
2016/06/03 09:54:45
nit: strange line break.
falken
2016/06/03 12:10:45
My vim sometimes gets in a state where it can't gq
|
+ // secure if it has a scheme that bypasses the secure context check. |
+ // But the exception doesn't apply to children of that document's |
+ // frame. |
+ SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-scheme"); |
+ SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); |
+ RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("very-special-scheme://example.com"); |
+ |
+ setSecurityOrigin(mainFrame, insecureOrigin); |
+ setSecurityOrigin(childFrame, specialOrigin); |
+ setSecurityOrigin(grandchildFrame, secureOrigin); |
+ ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
+ ASSERT_FALSE(childFrame->canHaveSecureChild()); |
+ ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
+ Document* mainDocument = mainFrame->document(); |
+ Document* childDocument = childFrame->document(); |
+ Document* grandchildDocument = grandchildFrame->document(); |
+ ASSERT_FALSE(mainDocument->isSecureContext()); |
+ ASSERT_TRUE(childDocument->isSecureContext()); |
+ ASSERT_FALSE(grandchildDocument->isSecureContext()); |
+} |
+ |
} // namespace blink |