Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(327)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html

Issue 2255103002: CSP: Strip reported URLs for 'frame-src' and 'object-src'. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: estark Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-child-frame-navigates-to-blocked-origin-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked-expected.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html
index 710aa4bbedc3fd1ccd386e08a93aeeeb586e8139..795c19ea168a0913a3c7c5d709aab5d7fc298169 100644
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked.html
@@ -1,3 +1,24 @@
-<meta http-equiv="Content-Security-Policy" content="frame-src 127.0.0.1:8000">
-<script src="resources/dump-as-text.js"></script>
-<iframe src="resources/redir.php?url=http://localhost:8000/security/contentSecurityPolicy/resources/alert-fail.html"></iframe>
+<!doctype html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<meta http-equiv="Content-Security-Policy" content="frame-src 'self'">
+<script>
+ async_test(t => {
+ var watcher = new EventWatcher(t, document, ['securitypolicyviolation']);
+ watcher
+ .wait_for('securitypolicyviolation')
+ .then(t.step_func(e => {
+ assert_equals(e.blockedURI, "http://localhost:8000", "The reported URL should be stripped.");
+ assert_equals(e.lineNumber, 0, "No script involved in the redirect.");
+ t.done();
+ }));
+
+ window.onmessage = t.unreached_func('No message should be sent from the frame.');
+ window.onload = _ => {
+ var url = "resources/redir.php?url=http://localhost:8000/security/resources/post-done.html";
+ var i = document.createElement('iframe');
+ i.src = url;
+ document.body.appendChild(i);
+ };
+ }, "The redirected frame is blocked.");
+</script>
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-child-frame-navigates-to-blocked-origin-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/frame-src-redirect-blocked-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698