UMA data collector for cross-site documents(XSD)

webkit/child/site_isolation_policy_unittest.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/strings/utf_string_conversions.h"
+#include "content/public/common/context_menu_params.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/WebKit/public/platform/WebURLResponse.h"
+#include "ui/base/range/range.h"
+#include "webkit/child/site_isolation_policy.h"
+
+namespace webkit_glue {
+
+TEST(SiteIsolationPolicyTest, IsBlockableScheme) {
+  GURL data_url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA==");
+  EXPECT_FALSE(SiteIsolationPolicy::IsBlockableScheme(data_url));

[Charlie Reis, 2013/08/09 18:48:38]

Also test that http/https are true and ftp is false.

[nasko, 2013/08/09 19:07:28]

Why not test other schemes? How would this test catch regressions in
IsBlockableScheme?

[dsjang, 2013/08/13 20:54:48]

Done.

+}
+
+TEST(SiteIsolationPolicyTest, IsSameSite) {
+  GURL url0("https://mock1.a.com:8080/page1.html");
+  GURL url1("https://mock2.a.com:9090/page2.html");
+  GURL url2("https://a.com/page3.html");
+
+  EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(url0, url1));
+  EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(url1, url2));
+  EXPECT_TRUE(SiteIsolationPolicy::IsSameSite(url2, url0));

[Charlie Reis, 2013/08/09 18:48:38]

Also test that http://a.com, https://b.com, about:blank, and the empty URL are
not considered the same site as url0.

[nasko, 2013/08/09 19:07:28]

Why not add negative tests as well?

[dsjang, 2013/08/13 20:54:48]

Done.

+}
+
+TEST(SiteIsolationPolicyTest, IsValidCorsHeaderSet) {
+  GURL frame_origin("http://www.google.com");
+  GURL site_origin("http://www.yahoo.com");
+
+  EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "*"));
+  EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "\"*\""));
+  EXPECT_TRUE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "http://mail.google.com"));
+  EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "https://mail.google.com"));
+  EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "http://yahoo.com"));
+  EXPECT_FALSE(SiteIsolationPolicy::IsValidCorsHeaderSet(
+      frame_origin, site_origin, "www.google.com"));
+}
+
+TEST(SiteIsolationPolicyTest, SniffForHTML) {
+  const char* html_data = "  \t\r\n    <HtMladfokadfkado";
+  const char* non_html_data = "        var name=window.location;\nadfadf";
+
+  EXPECT_TRUE(SiteIsolationPolicy::SniffForHTML(html_data, strlen(html_data)));
+  EXPECT_FALSE(
+      SiteIsolationPolicy::SniffForHTML(non_html_data, strlen(non_html_data)));
+}
+
+TEST(SiteIsolationPolicyTest, SniffForXML) {
+  const char* xml_data = "   \t \r \n     <?xml version=\"1.0\"?>\n <catalog";
+  const char* non_xml_data = "        var name=window.location;\nadfadf";
+
+  EXPECT_TRUE(SiteIsolationPolicy::SniffForXML(xml_data, strlen(xml_data)));
+  EXPECT_FALSE(
+      SiteIsolationPolicy::SniffForXML(non_xml_data, strlen(non_xml_data)));
+}
+
+TEST(SiteIsolationPolicyTest, SniffForJSON) {
+  const char* json_data = "\t\t\r\n   { \"name\" : \"chrome\", ";
+  const char* non_json_data = "\t\t\r\n   { name : \"chrome\", ";

[Charlie Reis, 2013/08/09 18:48:38]

Also test for "foo({"name" : "chrome","

[dsjang, 2013/08/13 20:54:48]

Done.

+
+  EXPECT_TRUE(SiteIsolationPolicy::SniffForJSON(json_data, strlen(json_data)));
+  EXPECT_FALSE(
+      SiteIsolationPolicy::SniffForJSON(non_json_data, strlen(non_json_data)));
+}
+
+TEST(SiteIsolationPolicyTest, SniffForJS) {
+  const char* js_data = "\t\t\r\n var a = 4";
+  const char* json_data = "\t\t\r\n   { \"name\" : \"chrome\", ";
+
+  EXPECT_TRUE(SiteIsolationPolicy::SniffForJS(js_data, strlen(js_data)));
+  EXPECT_FALSE(SiteIsolationPolicy::SniffForJS(json_data, strlen(json_data)));
+}
+
+}  // namespace conten