Index: third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp |
diff --git a/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp b/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp |
index bc584d1ee13aa9b7327b6ef5e13a7c4d5d3013eb..a2f1aec6cbb72961b7f177dc6d98b41a7130878f 100644 |
--- a/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp |
+++ b/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp |
@@ -44,6 +44,12 @@ struct ReferrerPolicyTestCase { |
ReferrerPolicy referrerPolicy; |
}; |
+struct NonceTestCase { |
+ const char* baseURL; |
+ const char* inputHTML; |
+ const char* nonce; |
+}; |
+ |
class MockHTMLResourcePreloader : public ResourcePreloader { |
public: |
void preloadRequestVerification(Resource::Type type, const char* url, const char* baseURL, int width, const ClientHintsPreferences& preferences) |
@@ -80,6 +86,15 @@ public: |
} |
} |
+ void nonceRequestVerification(const char* nonce) |
+ { |
+ ASSERT_TRUE(m_preloadRequest.get()); |
+ if (strlen(nonce)) |
+ EXPECT_EQ(nonce, m_preloadRequest->nonce()); |
+ else |
+ EXPECT_TRUE(m_preloadRequest->nonce().isEmpty()); |
+ } |
+ |
protected: |
void preload(std::unique_ptr<PreloadRequest> preloadRequest, const NetworkHintsInterface&) override |
{ |
@@ -171,6 +186,16 @@ protected: |
preloader.preloadRequestVerification(testCase.type, testCase.preloadedURL, testCase.outputBaseURL, testCase.resourceWidth, testCase.referrerPolicy); |
} |
+ void test(NonceTestCase testCase) |
+ { |
+ MockHTMLResourcePreloader preloader; |
+ KURL baseURL(ParsedURLString, testCase.baseURL); |
+ m_scanner->appendToEnd(String(testCase.inputHTML)); |
+ m_scanner->scanAndPreload(&preloader, baseURL, nullptr); |
+ |
+ preloader.nonceRequestVerification(testCase.nonce); |
+ } |
+ |
private: |
std::unique_ptr<DummyPageHolder> m_dummyPageHolder; |
std::unique_ptr<HTMLPreloadScanner> m_scanner; |
@@ -374,6 +399,31 @@ TEST_F(HTMLPreloadScannerTest, testReferrerPolicy) |
test(testCase); |
} |
+TEST_F(HTMLPreloadScannerTest, testNonce) |
+{ |
+ NonceTestCase testCases[] = { |
+ { "http://example.test", "<script src='/script'></script>", "" }, |
+ { "http://example.test", "<script src='/script' nonce=''></script>", "" }, |
+ { "http://example.test", "<script src='/script' nonce='abc'></script>", "abc" }, |
+ { "http://example.test", "<link rel='import' href='/import'>", "" }, |
+ { "http://example.test", "<link rel='import' href='/import' nonce=''>", "" }, |
+ { "http://example.test", "<link rel='import' href='/import' nonce='abc'>", "abc" }, |
+ { "http://example.test", "<link rel='stylesheet' href='/style'>", "" }, |
+ { "http://example.test", "<link rel='stylesheet' href='/style' nonce=''>", "" }, |
+ { "http://example.test", "<link rel='stylesheet' href='/style' nonce='abc'>", "abc" }, |
+ |
+ // <img> doesn't support nonces: |
+ { "http://example.test", "<img src='/image'>", "" }, |
+ { "http://example.test", "<img src='/image' nonce=''>", "" }, |
+ { "http://example.test", "<img src='/image' nonce='abc'>", "" }, |
+ }; |
+ |
+ for (const auto& testCase : testCases) { |
+ SCOPED_TRACE(testCase.inputHTML); |
+ test(testCase); |
+ } |
+} |
+ |
// Tests that a document-level referrer policy (e.g. one set by HTTP |
// header) is applied for preload requests. |
TEST_F(HTMLPreloadScannerTest, testReferrerPolicyOnDocument) |