chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Side by Side Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Fix tests. Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 This page should be sandboxed.	1 This page should be sandboxed.

2	2

3 <script>	3 <script>

4 // We're not served with the extension default CSP, we can use inline script.	4 // We're not served with the extension default CSP, we can use inline script.

5	5

	6 var sendResponse = function(msg) {

	7 var mainWindow = window.opener \|\| window.top;

	8 mainWindow.postMessage(msg, '*');

	9 };

	10

	11 var remote_frame_loaded = false;

	12 window.addEventListener('securitypolicyviolation', function(e) {

	13 if (remote_frame_loaded)

	14 sendResponse('succeeded');

	15 else

	16 sendResponse('failed');

	17 });

	18

6 var loadFrameExpectResponse = function(iframe, url) {	19 var loadFrameExpectResponse = function(iframe, url) {

7 var identifier = performance.now();	20 var identifier = performance.now();

8 return new Promise(function(resolve, reject) {	21 return new Promise(function(resolve, reject) {

9 window.addEventListener('message', function(e) {	22 window.addEventListener('message', function(e) {

10 var data = JSON.parse(e.data);	23 var data = JSON.parse(e.data);

11 if (data[0] == 'local frame msg' && data[1] == identifier) {	24 if (data[0] == 'local frame msg' && data[1] == identifier) {

12 resolve();	25 resolve();

13 } else {	26 } else {

14 reject();	27 reject();

15 }	28 }

16 });	29 });

17 iframe.onerror = reject;	30 iframe.onerror = reject;

18 iframe.onload = function() {	31 iframe.onload = function() {

19 iframe.contentWindow.postMessage(	32 iframe.contentWindow.postMessage(

20 JSON.stringify(['sandboxed frame msg', identifier]), '*');	33 JSON.stringify(['sandboxed frame msg', identifier]), '*');

21 };	34 };

22 iframe.src = url;	35 iframe.src = url;

23 });	36 });

24 };	37 };

25	38

26 var runTestAndRespond = function(localUrl, remoteUrl) {	39 var runTestAndRespond = function(localUrl, remoteUrl) {

27 var iframe = document.createElement('iframe');	40 var iframe = document.createElement('iframe');

28 var sendResponse = function(msg) {

29 var mainWindow = window.opener \|\| window.top;

30 mainWindow.postMessage(msg, '*');

31 };

32	41

33 // First load local resource in \|iframe\|, expect the local frame to respond.	42 // First load local resource in \|iframe\|, expect the local frame to respond.

34 loadFrameExpectResponse(iframe, localUrl).then(function() {	43 loadFrameExpectResponse(iframe, localUrl).then(function() {

35 // Then try to load remote resource on the same iframe element. The remote	44 // Then try to load remote resource on the same iframe element. The remote

36 // resource will fail to load but we'd get an iframe.onload event and the	45 // resource will fail to load but we'd get an iframe.onload event and the

37 // local frame will still be there. Therefore, expect the local frame to	46 // local frame will still be there. Therefore, expect the local frame to

38 // respond again.	47 // respond again.

	48 // PlzNavigate: The first local frame has been replaced by an error page.

	49 // Instead, rely on the SecurityPolicyViolationEvent to detect that the

	50 // frame has been blocked.

	51 remote_frame_loaded = true;

39 return loadFrameExpectResponse(iframe, remoteUrl);	52 return loadFrameExpectResponse(iframe, remoteUrl);

40 }).then(function() {	53 }).then(function() {

41 sendResponse('succeeded');	54 sendResponse('succeeded');

42 }).catch(function(err) {	55 }).catch(function(err) {

43 sendResponse('failed');	56 sendResponse('failed');

44 });	57 });

45 document.body.appendChild(iframe);	58 document.body.appendChild(iframe);

46 };	59 };

47	60

48 onmessage = function(e) {	61 onmessage = function(e) {

49 var command = JSON.parse(e.data);	62 var command = JSON.parse(e.data);

50 if (command[0] == 'load') {	63 if (command[0] == 'load') {

51 var localUrl = command[1];	64 var localUrl = command[1];

52 var remoteUrl = command[2];	65 var remoteUrl = command[2];

53 runTestAndRespond(localUrl, remoteUrl);	66 runTestAndRespond(localUrl, remoteUrl);

54 }	67 }

55 };	68 };

56	69

57 </script>	70 </script>

OLD	NEW

« no previous file with comments | « no previous file | content/browser/BUILD.gn » ('j') | content/browser/frame_host/ancestor_throttle.cc » ('J')