Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(157)

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin.html

Issue 2472333003: CSP: "local schemes" should inherit policy when embedded. (Closed)
Patch Set: dcheng@ Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script src="/resources/testharness.js"></script>
5 <script src="/resources/testharnessreport.js"></script>
6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc ript>
7 <meta http-equiv="content-security-policy" content="img-src 'none'">
8 </head>
9 <body>
10 <script>
11 // The filesystem test takes some nesting to setup:
12 setup({explicit_done: true});
13
14 async_test(t => {
15 assert_blocked_image_in_document(t, document, "http://example.test:8000/reso urces/square.png?img-in-top-level");
16 }, "Image loaded in top-level blocked.");
17
18 async_test(t => {
19 var frame = document.createElement("iframe");
20 frame.onload = _ => {
21 assert_blocked_image_in_document(t, frame.contentDocument, "http://example .test:8000/resources/square.png?img-in-blank-frame");
22 };
23 document.body.appendChild(frame);
24 }, "Image loaded via about:blank frame blocked.");
25
26 async_test(t => {
27 var frame = document.createElement("iframe");
28 frame.setAttribute("srcdoc", "");
29 frame.onload = _ => {
30 assert_blocked_image_in_document(t, frame.contentDocument, "http://example .test:8000/resources/square.png?img-in-srcdoc-frame");
31 };
32 document.body.appendChild(frame);
33 }, "Image loaded via srcdoc frame blocked.");
34
35 async_test(t => {
36 var b = new Blob([], {type: "text/html"});
37
38 var frame = document.createElement("iframe");
39 frame.src = URL.createObjectURL(b);
40 frame.onload = _ => {
41 assert_blocked_image_in_document(t, frame.contentDocument, "http://example .test:8000/resources/square.png?img-in-blob-frame");
42 };
43 document.body.appendChild(frame);
44 }, "Image loaded via 'blob:' frame blocked.");
45
46 async_test(t => {
47 window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => {
48 fs.root.getFile('worker.js', { create: true }, entry => {
49 entry.createWriter(w => {
50 w.onwriteend = _ => {
51 var u = entry.toURL();
52
53 var frame = document.createElement("iframe");
54 frame.src = URL.createObjectURL(b);
55 frame.onload = _ => {
56 assert_blocked_image_in_document(t, frame.contentDocument, "http:/ /example.test:8000/resources/square.png?img-in-filsystem-frame");
57 };
58 document.body.appendChild(frame);
59
60 // explicit_done: yay.
61 done();
62 };
63 w.onerror = t.unreached_func();
64
65 var b = new Blob([], {type: "text/html"});
66 w.write(b);
67 });
68 });
69 });
70 }, "Image loaded via 'filesystem:' frame blocked.");
71 </script>
72 </body>
73 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698