Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(895)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_unittest.cc

Issue 2347163004: Disallow navigations to blob URLs with non-canonical origins. (Closed)
Patch Set: Fix issues and add unittest. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/blob_storage/blob_url_browsertest.cc ('K') | « content/browser/child_process_security_policy_impl.cc ('k') | content/test/BUILD.gn » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_unittest.cc
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index 24aa45bc21f050f00bea4642e7f5fe50674589a6..ef45b2b7c9d305d7055c8fdd056510a8ceddaa21 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc
@@ -186,6 +186,49 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
p->Remove(kRendererID);
}
+TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) {
+ ChildProcessSecurityPolicyImpl* p =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+
+ p->Add(kRendererID);
+
+ EXPECT_TRUE(
+ p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid")));
+ EXPECT_TRUE(
+ p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid")));
+ EXPECT_FALSE(p->CanCommitURL(
+ kRendererID, GURL("blob:http://username@localhost/some-guid")));
+ EXPECT_FALSE(p->CanCommitURL(
+ kRendererID, GURL("blob:http://username @localhost/some-guid")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:blob:some-guid")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:some-guid")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("blob:filesystem:http://localhost/path")));
+ EXPECT_FALSE(p->CanCommitURL(kRendererID,
+ GURL("filesystem:blob:http://localhost/guid")));
+
+ EXPECT_TRUE(
+ p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
Charlie Reis 2016/09/20 23:19:06 nit: Let's put the CanRequest block above the CanC
ncarter (slow) 2016/09/21 17:03:16 Done.
+ EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:null/some-guid")));
+ EXPECT_TRUE(
+ p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
+ EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid")));
+ EXPECT_FALSE(p->CanRequestURL(
+ kRendererID, GURL("blob:http://username@localhost/some-guid")));
+ EXPECT_FALSE(p->CanRequestURL(
+ kRendererID, GURL("blob:http://username @localhost/some-guid")));
+ EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid")));
+ EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid")));
+ EXPECT_FALSE(p->CanRequestURL(kRendererID,
+ GURL("blob:filesystem:http://localhost/path")));
+ EXPECT_FALSE(p->CanRequestURL(kRendererID,
+ GURL("filesystem:blob:http://localhost/guid")));
+
+ p->Remove(kRendererID);
+}
+
TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
ChildProcessSecurityPolicyImpl* p =
ChildProcessSecurityPolicyImpl::GetInstance();
« content/browser/blob_storage/blob_url_browsertest.cc ('K') | « content/browser/child_process_security_policy_impl.cc ('k') | content/test/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698