OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 8626 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8637 | 8637 |
8638 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); | 8638 WebLocalFrame* mainFrame = helper.webView()->mainFrame()->toWebLocalFrame(); |
8639 v8::HandleScope scope(v8::Isolate::GetCurrent()); | 8639 v8::HandleScope scope(v8::Isolate::GetCurrent()); |
8640 mainFrame->executeScript(WebScriptSource("hello = 'world';")); | 8640 mainFrame->executeScript(WebScriptSource("hello = 'world';")); |
8641 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); | 8641 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,new page"); |
8642 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri
ptSource("hello")); | 8642 v8::Local<v8::Value> result = mainFrame->executeScriptAndReturnValue(WebScri
ptSource("hello")); |
8643 ASSERT_TRUE(result->IsString()); | 8643 ASSERT_TRUE(result->IsString()); |
8644 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC
ontext()).ToLocalChecked())); | 8644 EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptC
ontext()).ToLocalChecked())); |
8645 } | 8645 } |
8646 | 8646 |
| 8647 static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securi
tyOrigin) |
| 8648 { |
| 8649 Document* document = frame->document(); |
| 8650 document->setSecurityOrigin(securityOrigin); |
| 8651 } |
| 8652 |
| 8653 TEST_F(WebFrameTest, CanHaveSecureChild) |
| 8654 { |
| 8655 FrameTestHelpers::WebViewHelper helper; |
| 8656 FrameTestHelpers::TestWebFrameClient client; |
| 8657 helper.initialize(true, &client, nullptr, nullptr); |
| 8658 WebFrame* mainFrame = helper.webView()->mainFrame(); |
| 8659 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("http
s://example.com"); |
| 8660 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("ht
tp://example.com"); |
| 8661 |
| 8662 // Secure frame. |
| 8663 setSecurityOrigin(mainFrame, secureOrigin); |
| 8664 ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
| 8665 |
| 8666 // Insecure frame. |
| 8667 setSecurityOrigin(mainFrame, insecureOrigin); |
| 8668 ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
| 8669 |
| 8670 // Create a chain of frames. |
| 8671 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>"); |
| 8672 WebFrame* childFrame = mainFrame->firstChild(); |
| 8673 FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>"); |
| 8674 WebFrame* grandchildFrame = childFrame->firstChild(); |
| 8675 |
| 8676 // Secure -> insecure -> secure frame. |
| 8677 setSecurityOrigin(mainFrame, secureOrigin); |
| 8678 setSecurityOrigin(childFrame, insecureOrigin); |
| 8679 setSecurityOrigin(grandchildFrame, secureOrigin); |
| 8680 ASSERT_TRUE(mainFrame->canHaveSecureChild()); |
| 8681 ASSERT_FALSE(childFrame->canHaveSecureChild()); |
| 8682 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
| 8683 |
| 8684 // A document in an insecure context can be considered secure if it has a |
| 8685 // scheme that bypasses the secure context check. But the exception doesn't |
| 8686 // apply to children of that document's frame. |
| 8687 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-s
cheme"); |
| 8688 SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); |
| 8689 RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("ver
y-special-scheme://example.com"); |
| 8690 |
| 8691 setSecurityOrigin(mainFrame, insecureOrigin); |
| 8692 setSecurityOrigin(childFrame, specialOrigin); |
| 8693 setSecurityOrigin(grandchildFrame, secureOrigin); |
| 8694 ASSERT_FALSE(mainFrame->canHaveSecureChild()); |
| 8695 ASSERT_FALSE(childFrame->canHaveSecureChild()); |
| 8696 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); |
| 8697 Document* mainDocument = mainFrame->document(); |
| 8698 Document* childDocument = childFrame->document(); |
| 8699 Document* grandchildDocument = grandchildFrame->document(); |
| 8700 ASSERT_FALSE(mainDocument->isSecureContext()); |
| 8701 ASSERT_TRUE(childDocument->isSecureContext()); |
| 8702 ASSERT_FALSE(grandchildDocument->isSecureContext()); |
| 8703 } |
| 8704 |
8647 } // namespace blink | 8705 } // namespace blink |
OLD | NEW |