chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html - Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2563843002: Restrict app sandbox's CSP to disallow loading web content in them. (Closed)

Patch Set: sync Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/test/data/extensions/api_test/sandboxed_pages_csp/main.js ('K') | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.js ('k') | chrome/test/data/extensions/manifest_tests/sandboxed_pages_valid_3.json » ('j') | extensions/common/csp_validator.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

diff --git a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

new file mode 100644

index 0000000000000000000000000000000000000000..c5f7e467a10752a4b699ffaa727ef853c3447f37

--- /dev/null

+++ b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

@@ -0,0 +1,45 @@

+This page should be sandboxed.

+<script>

+// We're not served with the extension default CSP, we can use inline script.

+// Loading status of frames, keyed by frame's url.

+var frameLoadStatus = {};

+var updateFrameLoadStatus = function(fileName, succeeded) {

+ if (frameLoadStatus[fileName].completed)

+ return;

+ frameLoadStatus[fileName].completed = true;

+ var mainWindow = window.opener || window.top;

+ mainWindow.postMessage(JSON.stringify(['loaded', url, succeeded]), '*');

+};

+var loadIframe = function(url, fileName) {

+ var iframe = document.createElement('iframe');

+ iframe.src = url;

+ frameLoadStatus[fileName] = {completed: false};

+ document.body.appendChild(iframe);

+ // The frame load will fail for remote frames in this test because of CSP.

+ // I couldn't find a better way than setTimeout to detect that :(.

Devlin 2016/12/15 00:04:11 is iframe.contentWindow.onerror called?

lazyboy 2016/12/15 08:02:35 Because the frame can be cross-origin, I don't thi

+ setTimeout(function() {

+ updateFrameLoadStatus(fileName, false);

+ }, 2000);

+};

+onmessage = function(e) {

+ var command = JSON.parse(e.data);

+ switch (command[0]) {

+ case 'load':

+ // message from main app window.

+ url = command[1];

+ fileName = command[2];

+ loadIframe(url, fileName);

+ break;

+ case 'loaded':

+ // message from subframe.

+ fileName = command[1];

+ updateFrameLoadStatus(fileName, true);

+ break;

+ }

+};

+</script>