chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html - Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them. (Closed)

Patch Set: more commetns Created 3 years, 12 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('K') | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | extensions/common/csp_validator.h » ('j') | extensions/common/csp_validator.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 This page should be sandboxed.

	2

	3 <script>

	4 // We're not served with the extension default CSP, we can use inline script.

	5

	6 var loadFrameExpectResponse = function(iframe, url) {

	7 var identifier = +new Date;

	8 return new Promise(function(resolve, reject) {

	9 window.addEventListener('message', function(e) {

	10 var data = JSON.parse(e.data);

	11 if (data[0] == 'pong' && data[1] == identifier) {
	Devlin 2016/12/22 17:04:32 all these pings and pongs are getting hard to keep all these pings and pongs are getting hard to keep track of. Could we instead do something like 'sandboxed frame', etc? lazyboy 2016/12/22 22:57:06 Changed to sandboxed frame msg <-> local/remote fr Show quoted text On 2016/12/22 17:04:32, Devlin wrote: > all these pings and pongs are getting hard to keep track of. Could we instead > do something like 'sandboxed frame', etc? Changed to sandboxed frame msg <-> local/remote frame msg
	12 resolve();

	13 } else {

	14 reject();

	15 }

	16 });

	17 iframe.onerror = reject;

	18 iframe.onload = function() {

	19 iframe.contentWindow.postMessage(

	20 JSON.stringify(['ping', identifier]), '*');

	21 };

	22 iframe.src = url;

	23 });

	24 };

	25

	26 var runTestAndRespond = function(localUrl, remoteUrl) {

	27 var iframe = document.createElement('iframe');

	28 var sendResponse = function(msg) {

	29 var mainWindow = window.opener \|\| window.top;

	30 mainWindow.postMessage(msg, '*');

	31 };

	32

	33 // First load local resource in \|iframe\|, expect the local frame to respond.

	34 loadFrameExpectResponse(iframe, localUrl).then(function() {

	35 // Then try to load remote resource on the same iframe element. Since the

	36 // remote resource will fail to load, expect the local frame to respond
	Devlin 2016/12/22 17:04:32 I don't quite follow. So in trying to commit an i I don't quite follow. So in trying to commit an invalid url, we reload the current url? lazyboy 2016/12/22 22:57:06 We keep the current url and resource as is, but if Show quoted text On 2016/12/22 17:04:32, Devlin wrote: > I don't quite follow. So in trying to commit an invalid url, we reload the > current url? We keep the current url and resource as is, but iframe.onload fires.
	37 // again.

	38 return loadFrameExpectResponse(iframe, remoteUrl);

	39 }).then(function() {

	40 sendResponse('succeeded');

	41 }).catch(function(err) {

	42 sendResponse('failed');

	43 });

	44 document.body.appendChild(iframe);

	45 };

	46

	47 onmessage = function(e) {

	48 var command = JSON.parse(e.data);

	49 if (command[0] == 'load') {

	50 var localUrl = command[1];

	51 var remoteUrl = command[2];

	52 runTestAndRespond(localUrl, remoteUrl);

	53 }

	54 };

	55

	56 </script>

OLD	NEW