Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(23)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-with-own-policy-window-open.html

Issue 2530343006: CSP: "local schemes" should inherit policy when window.opened. (Closed)
Patch Set: feedback Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 <!DOCTYPE html>
2 <html>
3 <head>
4 <script src="/resources/testharness.js"></script>
5 <script src="/resources/testharnessreport.js"></script>
6 <script src="/security/contentSecurityPolicy/resources/cascade-helper.js"></sc ript>
7 <meta http-equiv="content-security-policy" content="img-src http://127.0.0.1:8 000 http://example.test:8000">
8 </head>
9 <body>
10 <script>
11 // The filesystem test takes some nesting to setup:
12 setup({explicit_done: true});
13
14 async_test(t => {
15 assert_allowed_image_in_document(t, document, "http://127.0.0.1:8000/resourc es/square.png?top-level");
16 assert_allowed_image_in_document(t, document, "http://example.test:8000/reso urces/square.png?top-level");
17 }, "Policy applied in top-level.");
18
19 async_test(t => {
20 var w = window.open();
21 w.document.head.innerHTML = "<meta http-equiv='content-security-policy' cont ent='img-src http://127.0.0.1:8000'>";
22 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/resou rces/square.png?blank-frame");
23 assert_blocked_image_in_document(t, w.document, "http://example.test:8000/re sources/square.png?blank-frame");
24 }, "Image loaded via about:blank window blocked.");
25
26 async_test(t => {
27 var b = new Blob([], {type: "text/html"});
28 var w = window.open(URL.createObjectURL(b));
29 w.onload = _ => {
30 w.document.head.innerHTML = "<meta http-equiv='content-security-policy' co ntent='img-src http://127.0.0.1:8000'>";
31 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1:8000/res ources/square.png?blob-frame");
32 assert_blocked_image_in_document(t, w.document, "http://example.test:8000/ resources/square.png?blob-frame");
33 };
34 }, "Image loaded via 'blob:' window blocked.");
35
36 async_test(t => {
37 window.webkitRequestFileSystem(window.TEMPORARY, 1024*1024, fs => {
38 fs.root.getFile('worker.js', { create: true }, entry => {
39 entry.createWriter(w => {
40 w.onwriteend = _ => {
41 var w = window.open(entry.toURL());
42 w.onload = _ => {
43 w.document.head.innerHTML = "<meta http-equiv='content-security-po licy' content='img-src http://127.0.0.1:8000'>";
44 assert_allowed_image_in_document(t, w.document, "http://127.0.0.1: 8000/resources/square.png?filesystem-frame");
45 assert_blocked_image_in_document(t, w.document, "http://example.te st:8000/resources/square.png?filesystem-frame");
46 };
47
48 // explicit_done: yay.
49 done();
50 };
51 w.onerror = t.unreached_func();
52
53 var b = new Blob([], {type: "text/html"});
54 w.write(b);
55 });
56 });
57 });
58 }, "Image loaded via 'filesystem:' window blocked.");
59 </script>
60 </body>
61 </html>
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/same-origin-window-open.html ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698