OLD | NEW |
1 This page should be sandboxed. | 1 This page should be sandboxed. |
2 | 2 |
3 <script> | 3 <script> |
4 // We're not served with the extension default CSP, we can use inline script. | 4 // We're not served with the extension default CSP, we can use inline script. |
5 | 5 |
| 6 var sendResponse = function(msg) { |
| 7 var mainWindow = window.opener || window.top; |
| 8 mainWindow.postMessage(msg, '*'); |
| 9 }; |
| 10 |
| 11 var remote_frame_loaded = false; |
| 12 window.addEventListener('securitypolicyviolation', function(e) { |
| 13 if (remote_frame_loaded) |
| 14 sendResponse('succeeded'); |
| 15 else |
| 16 sendResponse('failed'); |
| 17 }); |
| 18 |
6 var loadFrameExpectResponse = function(iframe, url) { | 19 var loadFrameExpectResponse = function(iframe, url) { |
7 var identifier = performance.now(); | 20 var identifier = performance.now(); |
8 return new Promise(function(resolve, reject) { | 21 return new Promise(function(resolve, reject) { |
9 window.addEventListener('message', function(e) { | 22 window.addEventListener('message', function(e) { |
10 var data = JSON.parse(e.data); | 23 var data = JSON.parse(e.data); |
11 if (data[0] == 'local frame msg' && data[1] == identifier) { | 24 if (data[0] == 'local frame msg' && data[1] == identifier) { |
12 resolve(); | 25 resolve(); |
13 } else { | 26 } else { |
14 reject(); | 27 reject(); |
15 } | 28 } |
16 }); | 29 }); |
17 iframe.onerror = reject; | 30 iframe.onerror = reject; |
18 iframe.onload = function() { | 31 iframe.onload = function() { |
19 iframe.contentWindow.postMessage( | 32 iframe.contentWindow.postMessage( |
20 JSON.stringify(['sandboxed frame msg', identifier]), '*'); | 33 JSON.stringify(['sandboxed frame msg', identifier]), '*'); |
21 }; | 34 }; |
22 iframe.src = url; | 35 iframe.src = url; |
23 }); | 36 }); |
24 }; | 37 }; |
25 | 38 |
26 var runTestAndRespond = function(localUrl, remoteUrl) { | 39 var runTestAndRespond = function(localUrl, remoteUrl) { |
27 var iframe = document.createElement('iframe'); | 40 var iframe = document.createElement('iframe'); |
28 var sendResponse = function(msg) { | |
29 var mainWindow = window.opener || window.top; | |
30 mainWindow.postMessage(msg, '*'); | |
31 }; | |
32 | 41 |
33 // First load local resource in |iframe|, expect the local frame to respond. | 42 // First load local resource in |iframe|, expect the local frame to respond. |
34 loadFrameExpectResponse(iframe, localUrl).then(function() { | 43 loadFrameExpectResponse(iframe, localUrl).then(function() { |
35 // Then try to load remote resource on the same iframe element. The remote | 44 // Then load remote resource in |iframe|, expect the navigation to be |
36 // resource will fail to load but we'd get an iframe.onload event and the | 45 // blocked by the Content-Security-Policy. |
37 // local frame will still be there. Therefore, expect the local frame to | 46 // Rely on the SecurityPolicyViolationEvent to detect that the frame has |
38 // respond again. | 47 // been blocked. |
39 return loadFrameExpectResponse(iframe, remoteUrl); | 48 remote_frame_loaded = true; |
40 }).then(function() { | 49 iframe.src = remoteUrl; |
41 sendResponse('succeeded'); | |
42 }).catch(function(err) { | |
43 sendResponse('failed'); | |
44 }); | 50 }); |
45 document.body.appendChild(iframe); | 51 document.body.appendChild(iframe); |
46 }; | 52 }; |
47 | 53 |
48 onmessage = function(e) { | 54 onmessage = function(e) { |
49 var command = JSON.parse(e.data); | 55 var command = JSON.parse(e.data); |
50 if (command[0] == 'load') { | 56 if (command[0] == 'load') { |
51 var localUrl = command[1]; | 57 var localUrl = command[1]; |
52 var remoteUrl = command[2]; | 58 var remoteUrl = command[2]; |
53 runTestAndRespond(localUrl, remoteUrl); | 59 runTestAndRespond(localUrl, remoteUrl); |
54 } | 60 } |
55 }; | 61 }; |
56 | 62 |
57 </script> | 63 </script> |
OLD | NEW |