Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3115)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them. (Closed)
Patch Set: sync @tott Created 3 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | extensions/common/csp_validator.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
diff --git a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
new file mode 100644
index 0000000000000000000000000000000000000000..ac13d0bb80ef380059c4aa4d3e6e7f6a3084ceea
--- /dev/null
+++ b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
@@ -0,0 +1,57 @@
+This page should be sandboxed.
+
+<script>
+// We're not served with the extension default CSP, we can use inline script.
+
+var loadFrameExpectResponse = function(iframe, url) {
+ var identifier = performance.now();
+ return new Promise(function(resolve, reject) {
+ window.addEventListener('message', function(e) {
+ var data = JSON.parse(e.data);
+ if (data[0] == 'local frame msg' && data[1] == identifier) {
+ resolve();
+ } else {
+ reject();
+ }
+ });
+ iframe.onerror = reject;
+ iframe.onload = function() {
+ iframe.contentWindow.postMessage(
+ JSON.stringify(['sandboxed frame msg', identifier]), '*');
+ };
+ iframe.src = url;
+ });
+};
+
+var runTestAndRespond = function(localUrl, remoteUrl) {
+ var iframe = document.createElement('iframe');
+ var sendResponse = function(msg) {
+ var mainWindow = window.opener || window.top;
+ mainWindow.postMessage(msg, '*');
+ };
+
+ // First load local resource in |iframe|, expect the local frame to respond.
+ loadFrameExpectResponse(iframe, localUrl).then(function() {
+ // Then try to load remote resource on the same iframe element. The remote
+ // resource will fail to load but we'd get an iframe.onload event and the
+ // local frame will still be there. Therefore, expect the local frame to
+ // respond again.
+ return loadFrameExpectResponse(iframe, remoteUrl);
+ }).then(function() {
+ sendResponse('succeeded');
+ }).catch(function(err) {
+ sendResponse('failed');
+ });
+ document.body.appendChild(iframe);
+};
+
+onmessage = function(e) {
+ var command = JSON.parse(e.data);
+ if (command[0] == 'load') {
+ var localUrl = command[1];
+ var remoteUrl = command[2];
+ runTestAndRespond(localUrl, remoteUrl);
+ }
+};
+
+</script>
« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | extensions/common/csp_validator.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698