Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4859)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Rebase. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/BUILD.gn » ('j') | content/browser/BUILD.gn » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
diff --git a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
index ac13d0bb80ef380059c4aa4d3e6e7f6a3084ceea..6f2cd359d046973c91109f3804d87fe73573b04f 100644
--- a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
+++ b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html
@@ -3,6 +3,19 @@ This page should be sandboxed.
<script>
// We're not served with the extension default CSP, we can use inline script.
+var sendResponse = function(msg) {
+ var mainWindow = window.opener || window.top;
+ mainWindow.postMessage(msg, '*');
+};
+
+var remote_frame_loaded = false;
+window.addEventListener('securitypolicyviolation', function(e) {
+ if (remote_frame_loaded)
+ sendResponse('succeeded');
+ else
+ sendResponse('failed');
+});
+
var loadFrameExpectResponse = function(iframe, url) {
var identifier = performance.now();
return new Promise(function(resolve, reject) {
@@ -25,10 +38,6 @@ var loadFrameExpectResponse = function(iframe, url) {
var runTestAndRespond = function(localUrl, remoteUrl) {
var iframe = document.createElement('iframe');
- var sendResponse = function(msg) {
- var mainWindow = window.opener || window.top;
- mainWindow.postMessage(msg, '*');
- };
// First load local resource in |iframe|, expect the local frame to respond.
loadFrameExpectResponse(iframe, localUrl).then(function() {
@@ -36,6 +45,10 @@ var runTestAndRespond = function(localUrl, remoteUrl) {
// resource will fail to load but we'd get an iframe.onload event and the
// local frame will still be there. Therefore, expect the local frame to
// respond again.
+ // PlzNavigate: The first local frame has been replaced by an error page.
alexmos 2017/02/24 06:40:27 nit: s/has been/will be/ Alternatively, we could
arthursonzogni 2017/02/24 16:13:29 Done.
+ // Instead, rely on the SecurityPolicyViolationEvent to detect that the
+ // frame has been blocked.
+ remote_frame_loaded = true;
return loadFrameExpectResponse(iframe, remoteUrl);
}).then(function() {
sendResponse('succeeded');
« no previous file with comments | « no previous file | content/browser/BUILD.gn » ('j') | content/browser/BUILD.gn » ('J')

Powered by Google App Engine
This is Rietveld 408576698