Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_context_unittest.cc

Issue 2612793002: Implement ContentSecurityPolicy on the browser-side. (Closed)
Patch Set: Temporary re-add the parser + transmit parsed CSP over IPC. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_directive.h » ('j') | content/renderer/render_frame_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/common/content_security_policy/csp_context.h"
6 #include "content/common/content_security_policy_header.h"
7 #include "testing/gtest/include/gtest/gtest.h"
8
9 namespace content {
10
11 namespace {
12
13 class CSPContextTest : public CSPContext {
14 public:
15 const std::string& LastConsoleMessage() { return console_message_; }
16
17 void AddSchemeToByPass(const std::string& scheme) {
18 scheme_to_bypass_.push_back(scheme);
19 }
20
21 bool SchemeShouldByPass(const base::StringPiece& scheme) override {
22 return std::find(scheme_to_bypass_.begin(), scheme_to_bypass_.end(),
23 scheme) != scheme_to_bypass_.end();
24 }
25
26 private:
27 void LogToConsole(const std::string& message) override {
28 console_message_ = message;
29 }
30 std::string console_message_;
31 std::vector<std::string> scheme_to_bypass_;
32 };
33
34 CSPPolicy ParsePolicy(CSPContext* context, const std::string& value) {
35 return CSPPolicy::Parse(context,
36 ContentSecurityPolicyHeader{
37 value, blink::WebContentSecurityPolicyTypeEnforce,
38 blink::WebContentSecurityPolicySourceHTTP});
39 }
40
41 } // namespace;
42
43 TEST(CSPContextTest, SchemeShouldByPass) {
44 CSPContextTest context;
45
46 CSPPolicy policy = ParsePolicy(&context, "default-src example.com");
47 EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc,
48 GURL("data:text/html,<html></html>")));
49 context.AddSchemeToByPass("data");
50 EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc,
51 GURL("data:text/html,<html></html>")));
52 }
53
54 TEST(CSPContextTest, MultiplePolicies) {
55 CSPContextTest context;
56 context.SetSelf(url::Origin(GURL("http://example.com")));
57
58 std::vector<CSPPolicy> policies = {
59 ParsePolicy(&context, "frame-src a.com b.com"),
60 ParsePolicy(&context, "frame-src a.com c.com")};
61
62 EXPECT_TRUE(
63 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com")));
64 EXPECT_FALSE(
65 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com")));
66 EXPECT_FALSE(
67 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com")));
68 EXPECT_FALSE(
69 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com")));
70 }
71
72 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_directive.h » ('j') | content/renderer/render_frame_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698