Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(746)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2756913002: Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | content/browser/frame_host/ancestor_throttle.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 This page should be sandboxed. 1 This page should be sandboxed.
2 2
3 <script> 3 <script>
4 // We're not served with the extension default CSP, we can use inline script. 4 // We're not served with the extension default CSP, we can use inline script.
5 5
6 var sendResponse = function(msg) {
7 var mainWindow = window.opener || window.top;
8 mainWindow.postMessage(msg, '*');
9 };
10
11 var remote_frame_loaded = false;
12 window.addEventListener('securitypolicyviolation', function(e) {
13 if (remote_frame_loaded)
14 sendResponse('succeeded');
15 else
16 sendResponse('failed');
17 });
18
19 var loadFrameExpectResponse = function(iframe, url) { 6 var loadFrameExpectResponse = function(iframe, url) {
20 var identifier = performance.now(); 7 var identifier = performance.now();
21 return new Promise(function(resolve, reject) { 8 return new Promise(function(resolve, reject) {
22 window.addEventListener('message', function(e) { 9 window.addEventListener('message', function(e) {
23 var data = JSON.parse(e.data); 10 var data = JSON.parse(e.data);
24 if (data[0] == 'local frame msg' && data[1] == identifier) { 11 if (data[0] == 'local frame msg' && data[1] == identifier) {
25 resolve(); 12 resolve();
26 } else { 13 } else {
27 reject(); 14 reject();
28 } 15 }
29 }); 16 });
30 iframe.onerror = reject; 17 iframe.onerror = reject;
31 iframe.onload = function() { 18 iframe.onload = function() {
32 iframe.contentWindow.postMessage( 19 iframe.contentWindow.postMessage(
33 JSON.stringify(['sandboxed frame msg', identifier]), '*'); 20 JSON.stringify(['sandboxed frame msg', identifier]), '*');
34 }; 21 };
35 iframe.src = url; 22 iframe.src = url;
36 }); 23 });
37 }; 24 };
38 25
39 var runTestAndRespond = function(localUrl, remoteUrl) { 26 var runTestAndRespond = function(localUrl, remoteUrl) {
40 var iframe = document.createElement('iframe'); 27 var iframe = document.createElement('iframe');
28 var sendResponse = function(msg) {
29 var mainWindow = window.opener || window.top;
30 mainWindow.postMessage(msg, '*');
31 };
41 32
42 // First load local resource in |iframe|, expect the local frame to respond. 33 // First load local resource in |iframe|, expect the local frame to respond.
43 loadFrameExpectResponse(iframe, localUrl).then(function() { 34 loadFrameExpectResponse(iframe, localUrl).then(function() {
44 // Then load remote resource in |iframe|, expect the navigation to be 35 // Then try to load remote resource on the same iframe element. The remote
45 // blocked by the Content-Security-Policy. 36 // resource will fail to load but we'd get an iframe.onload event and the
46 // Rely on the SecurityPolicyViolationEvent to detect that the frame has 37 // local frame will still be there. Therefore, expect the local frame to
47 // been blocked. 38 // respond again.
48 remote_frame_loaded = true; 39 return loadFrameExpectResponse(iframe, remoteUrl);
49 iframe.src = remoteUrl; 40 }).then(function() {
41 sendResponse('succeeded');
42 }).catch(function(err) {
43 sendResponse('failed');
50 }); 44 });
51 document.body.appendChild(iframe); 45 document.body.appendChild(iframe);
52 }; 46 };
53 47
54 onmessage = function(e) { 48 onmessage = function(e) {
55 var command = JSON.parse(e.data); 49 var command = JSON.parse(e.data);
56 if (command[0] == 'load') { 50 if (command[0] == 'load') {
57 var localUrl = command[1]; 51 var localUrl = command[1];
58 var remoteUrl = command[2]; 52 var remoteUrl = command[2];
59 runTestAndRespond(localUrl, remoteUrl); 53 runTestAndRespond(localUrl, remoteUrl);
60 } 54 }
61 }; 55 };
62 56
63 </script> 57 </script>
OLDNEW
« no previous file with comments | « no previous file | content/browser/frame_host/ancestor_throttle.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698