| Index: third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js
|
| diff --git a/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..c5f07e9bd458c55ab6542beb5f85972582a73544
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/embedded-enforcement/support/testharness-helper.sub.js
|
| @@ -0,0 +1,136 @@
|
| +const Host = {
|
| + SAME_ORIGIN: "same-origin",
|
| + CROSS_ORIGIN: "cross-origin",
|
| +};
|
| +
|
| +const PolicyHeader = {
|
| + CSP: "echo-policy.py?policy=",
|
| + CSP_MULTIPLE: "echo-policy-multiple.py",
|
| + EMBEDDING_CSP: "echo-embedding-csp.py",
|
| + ALLOW_CSP_FROM: "echo-allow-csp-from.py",
|
| +};
|
| +
|
| +const IframeLoad = {
|
| + EXPECT_BLOCK: true,
|
| + EXPECT_LOAD: false,
|
| +};
|
| +
|
| +function getOrigin() {
|
| + var url = new URL("http://{{host}}:{{ports[http][0]}}/");
|
| + return url.toString();
|
| +}
|
| +
|
| +function getCrossOrigin() {
|
| + var url = new URL("http://{{domains[天気の良い日]}}:{{ports[http][0]}}/");
|
| + return url.toString();
|
| +}
|
| +
|
| +function getSecureCrossOrigin() {
|
| + // Since wptserve spins up servers on non-default port, 'self' matches
|
| + // http://[host]:[specified-port] and https://[host]:[specified-port], but not
|
| + // https://[host]:[https-port]. So, we use the http port for this https origin
|
| + // in order to verify that a secure variant of a non-secure URL matches 'self'.
|
| + var url = new URL("https://{{domains[天気の良い日]}}:{{ports[http][0]}}");
|
| + return url.toString();
|
| +}
|
| +
|
| +function generateURL(host, path) {
|
| + var url = new URL("http://{{host}}:{{ports[http][0]}}/content-security-policy/embedded-enforcement/support/");
|
| + url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気の良い日]}}";
|
| + url.pathname += path;
|
| +
|
| + return url;
|
| +}
|
| +
|
| +function generateURLString(host, path) {
|
| + return generateURL(host, path).toString();
|
| +}
|
| +
|
| +function generateRedirect(host, target) {
|
| + var url = new URL("http://{{host}}:{{ports[http][0]}}/common/redirect.py?location=" +
|
| + encodeURIComponent(target));
|
| + url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気の良い日]}}";
|
| +
|
| + return url.toString();
|
| +}
|
| +
|
| +function generateUrlWithPolicies(host, policy) {
|
| + var url = generateURL(host, PolicyHeader.CSP_MULTIPLE);
|
| + if (policy != null)
|
| + url.searchParams.append("policy", policy);
|
| + return url;
|
| +}
|
| +
|
| +function generateUrlWithAllowCSPFrom(host, allowCspFrom) {
|
| + var url = generateURL(host, PolicyHeader.ALLOW_CSP_FROM);
|
| + if (allowCspFrom != null)
|
| + url.searchParams.append("allow_csp_from", allowCspFrom);
|
| + return url;
|
| +}
|
| +
|
| +function assert_embedding_csp(t, url, csp, expected) {
|
| + var i = document.createElement('iframe');
|
| + if(csp)
|
| + i.csp = csp;
|
| + i.src = url;
|
| +
|
| + window.addEventListener('message', t.step_func(e => {
|
| + if (e.source != i.contentWindow || !('embedding_csp' in e.data))
|
| + return;
|
| + assert_equals(expected, e.data['embedding_csp']);
|
| + t.done();
|
| + }));
|
| +
|
| + document.body.appendChild(i);
|
| +}
|
| +
|
| +function assert_iframe_with_csp(t, url, csp, shouldBlock, urlId, blockedURI) {
|
| + var i = document.createElement('iframe');
|
| + url.searchParams.append("id", urlId);
|
| + i.src = url.toString();
|
| + if (csp != null)
|
| + i.csp = csp;
|
| +
|
| + var loaded = {};
|
| + window.addEventListener("message", function (e) {
|
| + if (e.source != i.contentWindow)
|
| + return;
|
| + if (e.data["loaded"])
|
| + loaded[e.data["id"]] = true;
|
| + });
|
| +
|
| + if (shouldBlock) {
|
| + // Assert iframe does not load and is inaccessible.
|
| + window.onmessage = function (e) {
|
| + if (e.source != i.contentWindow)
|
| + return;
|
| + t.unreached_func('No message should be sent from the frame.');
|
| + }
|
| + i.onload = t.step_func(function () {
|
| + // Delay the check until after the postMessage has a chance to execute.
|
| + setTimeout(t.step_func_done(function () {
|
| + assert_equals(loaded[urlId], undefined);
|
| + }), 1);
|
| + assert_throws("SecurityError", () => {
|
| + var x = i.contentWindow.location.href;
|
| + });
|
| + });
|
| + } else if (blockedURI) {
|
| + // Assert iframe loads with an expected violation.
|
| + window.addEventListener('message', t.step_func(e => {
|
| + if (e.source != i.contentWindow)
|
| + return;
|
| + assert_equals(e.data["blockedURI"], blockedURI);
|
| + t.done();
|
| + }));
|
| + } else {
|
| + // Assert iframe loads.
|
| + i.onload = t.step_func(function () {
|
| + // Delay the check until after the postMessage has a chance to execute.
|
| + setTimeout(t.step_func_done(function () {
|
| + assert_true(loaded[urlId]);
|
| + }), 1);
|
| + });
|
| + }
|
| + document.body.appendChild(i);
|
| +}
|
|
|
Chromium Code Reviews
Issue 2695813009:
Import wpt@503f5b5f78ec4e87d144f78609f363f0ed0ea8db (Closed)
