Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them. (Closed)
Patch Set: comments Created 3 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | extensions/common/csp_validator.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 This page should be sandboxed.
2
3 <script>
4 // We're not served with the extension default CSP, we can use inline script.
5
6 var loadFrameExpectResponse = function(iframe, url) {
7 var identifier = +new Date;
Devlin 2016/12/27 17:48:38 nit: maybe use performance.now()? performance.now
lazyboy 2016/12/28 02:13:08 Done.
8 return new Promise(function(resolve, reject) {
9 window.addEventListener('message', function(e) {
10 var data = JSON.parse(e.data);
11 if (data[0] == 'local frame msg' && data[1] == identifier) {
12 resolve();
13 } else {
14 reject();
15 }
16 });
17 iframe.onerror = reject;
18 iframe.onload = function() {
19 iframe.contentWindow.postMessage(
20 JSON.stringify(['sandboxed frame msg', identifier]), '*');
21 };
22 iframe.src = url;
23 });
24 };
25
26 var runTestAndRespond = function(localUrl, remoteUrl) {
27 var iframe = document.createElement('iframe');
28 var sendResponse = function(msg) {
29 var mainWindow = window.opener || window.top;
30 mainWindow.postMessage(msg, '*');
31 };
32
33 // First load local resource in |iframe|, expect the local frame to respond.
34 loadFrameExpectResponse(iframe, localUrl).then(function() {
35 // Then try to load remote resource on the same iframe element. The remote
36 // resource will fail to load but we'd get an iframe.onload event and the
37 // local frame will still be there. Therefore, expect the local frame to
38 // respond again.
39 return loadFrameExpectResponse(iframe, remoteUrl);
40 }).then(function() {
41 sendResponse('succeeded');
42 }).catch(function(err) {
43 sendResponse('failed');
44 });
45 document.body.appendChild(iframe);
46 };
47
48 onmessage = function(e) {
49 var command = JSON.parse(e.data);
50 if (command[0] == 'load') {
51 var localUrl = command[1];
52 var remoteUrl = command[2];
53 runTestAndRespond(localUrl, remoteUrl);
54 }
55 };
56
57 </script>
OLDNEW
« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | extensions/common/csp_validator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698