CSP Suborigins

LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html

Index: LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html
diff --git a/LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html b/LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html
new file mode 100644
index 0000000000000000000000000000000000000000..914083621cb7aa663d144f8c97dfb46d60094875
--- /dev/null
+++ b/LayoutTests/http/tests/security/suborigins/suborigin-invalid-names.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Invalid suborigin names</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+
+<script>
+var test_suborigin_names = [
+    "",
+    "'foobar'",
+    "'foobar",
+    "foobar'",
+    "foo'bar",
+    "foob@r",
+    "foo bar",
+    ];
+
+var iframe;
+var i = 0;
+function next() {
+    name = test_suborigin_names[i];
+    i++;
+    iframe.src = "resources/childsuborigin.php?suborigin=" + name;
+}
+
+window.onmessage = function() {
+    if (i > test_suborigin_names.length)
+        done();
+
+    var secret = '';
+    try {
+        secret = iframe.contentWindow.secret;
+        assert_equals(secret, "I am a secret", "The parent frame should always be able to get the secret value from the child iframe.");

[Mike West, 2015/03/23 07:32:55]

Why is this the correct behavior? Why not lock down the frame (e.g. unique
origin) if an invalid suborigin is asserted?

[jww, 2015/04/11 02:52:35]

That's certainly up for debate. I think this is a fail open case, like with
typing in a bad hash algorithm. In the future, if  we change the format for
suborigins, we probably will want to fail open.

+    } catch(e) {
+        assert_unreached();
+    };
+    next();
+};
+
+window.onload = function() {; 
+    iframe = document.getElementById('iframe');
+    next();
+};
+</script>
+<iframe id="iframe"></iframe>