OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSourceList.h" | 5 #include "core/frame/csp/CSPSourceList.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/CSPSource.h" | 8 #include "core/frame/csp/CSPSource.h" |
9 #include "core/frame/csp/ContentSecurityPolicy.h" | 9 #include "core/frame/csp/ContentSecurityPolicy.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
46 { | 46 { |
47 KURL base; | 47 KURL base; |
48 String sources = "'none'"; | 48 String sources = "'none'"; |
49 CSPSourceList sourceList(csp.get(), "script-src"); | 49 CSPSourceList sourceList(csp.get(), "script-src"); |
50 parseSourceList(sourceList, sources); | 50 parseSourceList(sourceList, sources); |
51 | 51 |
52 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); | 52 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example.com/"))); |
53 EXPECT_FALSE(sourceList.matches(KURL(base, "https://example.test/"))); | 53 EXPECT_FALSE(sourceList.matches(KURL(base, "https://example.test/"))); |
54 } | 54 } |
55 | 55 |
56 TEST_F(CSPSourceListTest, BasicMatchingUnsafeDynamic) | 56 TEST_F(CSPSourceListTest, BasicMatchingStrictDynamic) |
57 { | 57 { |
58 String sources = "'unsafe-dynamic'"; | 58 String sources = "'strict-dynamic'"; |
59 CSPSourceList sourceList(csp.get(), "script-src"); | 59 CSPSourceList sourceList(csp.get(), "script-src"); |
60 parseSourceList(sourceList, sources); | 60 parseSourceList(sourceList, sources); |
61 | 61 |
62 EXPECT_TRUE(sourceList.allowDynamic()); | 62 EXPECT_TRUE(sourceList.allowDynamic()); |
63 } | 63 } |
64 | 64 |
65 TEST_F(CSPSourceListTest, BasicMatchingUnsafeHashedAttributes) | 65 TEST_F(CSPSourceListTest, BasicMatchingUnsafeHashedAttributes) |
66 { | 66 { |
67 String sources = "'unsafe-hashed-attributes'"; | 67 String sources = "'unsafe-hashed-attributes'"; |
68 CSPSourceList sourceList(csp.get(), "script-src"); | 68 CSPSourceList sourceList(csp.get(), "script-src"); |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 191 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example1.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
192 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); | 192 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/bar/"), Conte
ntSecurityPolicy::DidRedirect)); |
193 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); | 193 EXPECT_TRUE(sourceList.matches(KURL(base, "http://example2.com/foo/"), Conte
ntSecurityPolicy::DidRedirect)); |
194 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 194 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
195 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); | 195 EXPECT_TRUE(sourceList.matches(KURL(base, "https://example1.com/bar/"), Cont
entSecurityPolicy::DidRedirect)); |
196 | 196 |
197 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); | 197 EXPECT_FALSE(sourceList.matches(KURL(base, "http://example3.com/foo/"), Cont
entSecurityPolicy::DidRedirect)); |
198 } | 198 } |
199 | 199 |
200 } // namespace blink | 200 } // namespace blink |
OLD | NEW |