OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 8782 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8793 EXPECT_EQ(WebString::fromUTF8("data:image/gif;base64" | 8793 EXPECT_EQ(WebString::fromUTF8("data:image/gif;base64" |
8794 ",R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs="), client.result()); | 8794 ",R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs="), client.result()); |
8795 | 8795 |
8796 client.reset(); | 8796 client.reset(); |
8797 localFrame->saveImageAt(WebPoint(125, 25)); | 8797 localFrame->saveImageAt(WebPoint(125, 25)); |
8798 EXPECT_EQ(WebString(), client.result()); | 8798 EXPECT_EQ(WebString(), client.result()); |
8799 | 8799 |
8800 helper.reset(); // Explicitly reset to break dependency on locally scoped cl
ient. | 8800 helper.reset(); // Explicitly reset to break dependency on locally scoped cl
ient. |
8801 } | 8801 } |
8802 | 8802 |
8803 static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securi
tyOrigin) | |
8804 { | |
8805 Document* document = frame->document(); | |
8806 document->setSecurityOrigin(securityOrigin); | |
8807 } | |
8808 | |
8809 TEST_F(WebFrameTest, CanHaveSecureChild) | |
8810 { | |
8811 FrameTestHelpers::WebViewHelper helper; | |
8812 FrameTestHelpers::TestWebFrameClient client; | |
8813 helper.initialize(true, &client, nullptr, nullptr); | |
8814 WebFrame* mainFrame = helper.webView()->mainFrame(); | |
8815 RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("http
s://example.com"); | |
8816 RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("ht
tp://example.com"); | |
8817 | |
8818 // Secure frame. | |
8819 setSecurityOrigin(mainFrame, secureOrigin); | |
8820 ASSERT_TRUE(mainFrame->canHaveSecureChild()); | |
8821 | |
8822 // Insecure frame. | |
8823 setSecurityOrigin(mainFrame, insecureOrigin); | |
8824 ASSERT_FALSE(mainFrame->canHaveSecureChild()); | |
8825 | |
8826 // Create a chain of frames. | |
8827 FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>"); | |
8828 WebFrame* childFrame = mainFrame->firstChild(); | |
8829 FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>"); | |
8830 WebFrame* grandchildFrame = childFrame->firstChild(); | |
8831 | |
8832 // Secure -> insecure -> secure frame. | |
8833 setSecurityOrigin(mainFrame, secureOrigin); | |
8834 setSecurityOrigin(childFrame, insecureOrigin); | |
8835 setSecurityOrigin(grandchildFrame, secureOrigin); | |
8836 ASSERT_TRUE(mainFrame->canHaveSecureChild()); | |
8837 ASSERT_FALSE(childFrame->canHaveSecureChild()); | |
8838 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); | |
8839 | |
8840 // A document in an insecure context can be considered secure if it has a | |
8841 // scheme that bypasses the secure context check. But the exception doesn't | |
8842 // apply to children of that document's frame. | |
8843 SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-s
cheme"); | |
8844 SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme"); | |
8845 RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("ver
y-special-scheme://example.com"); | |
8846 | |
8847 setSecurityOrigin(mainFrame, insecureOrigin); | |
8848 setSecurityOrigin(childFrame, specialOrigin); | |
8849 setSecurityOrigin(grandchildFrame, secureOrigin); | |
8850 ASSERT_FALSE(mainFrame->canHaveSecureChild()); | |
8851 ASSERT_FALSE(childFrame->canHaveSecureChild()); | |
8852 ASSERT_FALSE(grandchildFrame->canHaveSecureChild()); | |
8853 Document* mainDocument = mainFrame->document(); | |
8854 Document* childDocument = childFrame->document(); | |
8855 Document* grandchildDocument = grandchildFrame->document(); | |
8856 ASSERT_FALSE(mainDocument->isSecureContext()); | |
8857 ASSERT_TRUE(childDocument->isSecureContext()); | |
8858 ASSERT_FALSE(grandchildDocument->isSecureContext()); | |
8859 } | |
8860 | |
8861 } // namespace blink | 8803 } // namespace blink |
OLD | NEW |