Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(285)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/common/csp_validator_unittest.cc

Issue 2574763003: Remove chrome-extension-resource:// scheme (Closed)
Patch Set: Remove BUILD reference to resources/extension outdir. Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | extensions/common/file_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 6
7 #include "extensions/common/csp_validator.h" 7 #include "extensions/common/csp_validator.h"
8 #include "extensions/common/error_utils.h" 8 #include "extensions/common/error_utils.h"
9 #include "extensions/common/install_warning.h" 9 #include "extensions/common/install_warning.h"
10 #include "extensions/common/manifest_constants.h" 10 #include "extensions/common/manifest_constants.h"
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 "default-src 'self'; script-src http://www.google.com")); 117 "default-src 'self'; script-src http://www.google.com"));
118 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 118 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
119 "default-src 'self';\nscript-src http://www.google.com")); 119 "default-src 'self';\nscript-src http://www.google.com"));
120 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 120 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
121 "default-src 'self';\rscript-src http://www.google.com")); 121 "default-src 'self';\rscript-src http://www.google.com"));
122 EXPECT_FALSE(ContentSecurityPolicyIsLegal( 122 EXPECT_FALSE(ContentSecurityPolicyIsLegal(
123 "default-src 'self';,script-src http://www.google.com")); 123 "default-src 'self';,script-src http://www.google.com"));
124 } 124 }
125 125
126 TEST(ExtensionCSPValidator, IsSecure) { 126 TEST(ExtensionCSPValidator, IsSecure) {
127 EXPECT_TRUE(CheckSanitizeCSP(std::string(), OPTIONS_ALLOW_UNSAFE_EVAL,
128 "script-src 'self'; object-src 'self';",
129 MissingSecureSrcWarning("script-src"),
130 MissingSecureSrcWarning("object-src")));
127 EXPECT_TRUE(CheckSanitizeCSP( 131 EXPECT_TRUE(CheckSanitizeCSP(
128 std::string(), OPTIONS_ALLOW_UNSAFE_EVAL, 132 "img-src https://google.com", OPTIONS_ALLOW_UNSAFE_EVAL,
129 "script-src 'self' chrome-extension-resource:; object-src 'self';", 133 "img-src https://google.com; script-src 'self'; object-src 'self';",
130 MissingSecureSrcWarning("script-src"), 134 MissingSecureSrcWarning("script-src"),
131 MissingSecureSrcWarning("object-src"))); 135 MissingSecureSrcWarning("object-src")));
132 EXPECT_TRUE(CheckSanitizeCSP( 136 EXPECT_TRUE(CheckSanitizeCSP(
133 "img-src https://google.com", OPTIONS_ALLOW_UNSAFE_EVAL,
134 "img-src https://google.com; script-src 'self'"
135 " chrome-extension-resource:; object-src 'self';",
136 MissingSecureSrcWarning("script-src"),
137 MissingSecureSrcWarning("object-src")));
138 EXPECT_TRUE(CheckSanitizeCSP(
139 "script-src a b", OPTIONS_ALLOW_UNSAFE_EVAL, 137 "script-src a b", OPTIONS_ALLOW_UNSAFE_EVAL,
140 "script-src; object-src 'self';", 138 "script-src; object-src 'self';",
141 InsecureValueWarning("script-src", "a"), 139 InsecureValueWarning("script-src", "a"),
142 InsecureValueWarning("script-src", "b"), 140 InsecureValueWarning("script-src", "b"),
143 MissingSecureSrcWarning("object-src"))); 141 MissingSecureSrcWarning("object-src")));
144 142
145 EXPECT_TRUE(CheckSanitizeCSP( 143 EXPECT_TRUE(CheckSanitizeCSP(
146 "default-src *", OPTIONS_ALLOW_UNSAFE_EVAL, 144 "default-src *", OPTIONS_ALLOW_UNSAFE_EVAL,
147 "default-src;", 145 "default-src;",
148 InsecureValueWarning("default-src", "*"))); 146 InsecureValueWarning("default-src", "*")));
(...skipping 298 matching lines...) Expand 10 before | Expand all | Expand 10 after
447 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION)); 445 "sandbox allow-top-navigation", Manifest::TYPE_EXTENSION));
448 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed( 446 EXPECT_FALSE(ContentSecurityPolicyIsSandboxed(
449 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP)); 447 "sandbox allow-top-navigation", Manifest::TYPE_PLATFORM_APP));
450 448
451 // Popups are OK. 449 // Popups are OK.
452 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 450 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
453 "sandbox allow-popups", Manifest::TYPE_EXTENSION)); 451 "sandbox allow-popups", Manifest::TYPE_EXTENSION));
454 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed( 452 EXPECT_TRUE(ContentSecurityPolicyIsSandboxed(
455 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP)); 453 "sandbox allow-popups", Manifest::TYPE_PLATFORM_APP));
456 } 454 }
OLDNEW
« no previous file with comments | « extensions/common/csp_validator.cc ('k') | extensions/common/file_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698