Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(166)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/test/data/cross_site_document_request.html

Issue 22254005: UMA data collector for cross-site documents(XSD) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr
Patch Set: blocking code gets simpler and testcase is moved to /content Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/public/common/content_switches.cc ('K') | « content/renderer/render_frame_impl.cc ('k') | content/test/data/cross_site_document_request_target.html » ('j') | content/test/data/cross_site_document_request_target.html » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <html>
2 <head>
3 <script>
4 /* This test shows that cross-site documents are blocked by SiteIsolationPolicy
Charlie Reis 2013/08/22 18:23:30 Style nit: We don't tend to use /* */ comments for
dsjang 2013/08/22 19:05:55 Done.
5 even if the Same Origin Policy is turned on in the renderer. The same origin
Charlie Reis 2013/08/22 18:23:30 nit: turned off
dsjang 2013/08/22 19:05:55 Done.
6 policy can be circumvented when the renderer is compromised, but we have
7 SiteIsolationPolicy that blocks cross-site documents at the IPC layer. For now
8 cross-site document blocking by SiteIsolationPolicy is done in the renderer, but
9 our ultimate plan is to do that in the browser process. */
10
11 var xhrStatus = -1;
12 var pathPrefix = "http://bar.com/files/site_isolation/";
13
14 /* We only block cross-site documents with a blacklisted mime type(text/html,
15 text/xml, application/json), and correctly sniffed as the content type that they
Charlie Reis 2013/08/22 18:23:30 and -> that are
dsjang 2013/08/22 19:05:55 Done.
16 claim to be. We also block text/plain documents when their body look like one of
Charlie Reis 2013/08/22 18:23:30 looks
dsjang 2013/08/22 19:05:55 Done.
17 the blacklisted content types. */
18
19 var blockedResourceUrls = ['valid.html', 'comment_valid.html', 'valid.xml',
20 'valid.json', 'html.txt', 'xml.txt', 'json.txt'];
21
22 var nonBlockedResourceUrls = ['js.html', 'comment_js.html', 'js.xml', 'js.json',
23 'js.txt', 'img.html', 'img.xml', 'img.json', 'img.txt', 'comment_js.html'];
24
25 var resourceUrls = blockedResourceUrls.concat(nonBlockedResourceUrls);
26
27 var failed = false;
28 function sendRequest(resourceUrl) {
29 var xhr = new XMLHttpRequest();
30 xhr.onreadystatechange = function() {
31 if (xhr.readyState == 4) {
32 var prefix = "";
33 if ((blockedResourceUrls.indexOf(resourceUrl) != -1 && xhr.responseText != " ") ||
Charlie Reis 2013/08/22 18:23:30 80 chars isn't required in HTML files, but it migh
dsjang 2013/08/22 19:05:55 Done.
34 (nonBlockedResourceUrls.indexOf(resourceUrl) != -1 && xhr.responseText == " ")) {
35 // Test failed. Either a resource that should have been blocked is not
36 // blocked, or a resource that should have not been blocked is blocked.
37 domAutomationController.setAutomationId(0);
38 //domAutomationController.send(0);
Charlie Reis 2013/08/22 18:23:30 Should this be uncommented?
dsjang 2013/08/22 19:05:55 Done.
39 if (blockedResourceUrls.indexOf(resourceUrl) != -1) {
40 prefix = "[ERROR:resource to be blocked wasn't blocked]";
41 } else {
42 prefix = "[ERROR:resource to be unblocked was blocked]";
43 }
44 }
45 document.getElementById("response_body").value +=
46 ("\n" + prefix + "response to " + resourceUrl + "(" + xhr.getResponseHea der("content-type") + ") " + (xhr.responseText == " " ? "blocked" : "not-blocked "));
Charlie Reis 2013/08/22 18:23:30 nit: Please wrap this line.
dsjang 2013/08/22 19:05:55 Done.
47 drive();
48 }
49 }
50 xhr.open('GET', pathPrefix + resourceUrl);
51 xhr.send();
52 }
53
54 var cnt = 0;
55 function drive() {
56 if (cnt < resourceUrls.length) {
57 sendRequest(resourceUrls[cnt]);
58 ++cnt;
59 } else {
60 //all the test cases are successfully passed.
Charlie Reis 2013/08/22 18:23:30 nit: Capitalize All and put a space before it.
dsjang 2013/08/22 19:05:55 Done.
61 domAutomationController.setAutomationId(0);
62 domAutomationController.send(1);
63 }
64 }
65
66 window.onload = function() {
67 // The call to pushState with chrome-extension:// URL will succeed, since the
68 // test uses --disable-web-security.
69 history.pushState('', '',
70 'http://bar.com/files/main.html');
Charlie Reis 2013/08/22 18:23:30 nit: This can all fit on one line.
dsjang 2013/08/22 19:05:55 Done.
71 drive();
72 }
73 </script>
74 </head>
75 <body>
76 <textarea rows=20 cols=50 id='response_body'></textarea>
77 </body>
78 </html>
OLDNEW
« content/public/common/content_switches.cc ('K') | « content/renderer/render_frame_impl.cc ('k') | content/test/data/cross_site_document_request_target.html » ('j') | content/test/data/cross_site_document_request_target.html » ('J')

Powered by Google App Engine
This is Rietveld 408576698