chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html - Issue 2775953002: Some cleanup of app and extension CSP tests.

Side by Side Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2775953002: Some cleanup of app and extension CSP tests.

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.html ('k') | chrome/test/data/extensions/platform_apps/iframes/main.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 This page should be sandboxed.	1 This page should be sandboxed.

2	2

3 <script>	3 <script>

	4

4 // We're not served with the extension default CSP, we can use inline script.	5 // We're not served with the extension default CSP, we can use inline script.

5	6

6 var sendResponse = function(msg) {	7 function on(target, event) {

7 var mainWindow = window.opener \|\| window.top;	8 return new Promise((resolve, reject) => {

8 mainWindow.postMessage(msg, '*');	9 target.addEventListener(event, resolve);

9 };	10 });

	11 }

10	12

11 var remote_frame_loaded = false;	13 function fail(reason) {

12 window.addEventListener('securitypolicyviolation', function(e) {	14 return (event) => Promise.reject(new Error(reason));

13 if (remote_frame_loaded)	15 }

14 sendResponse('succeeded');

15 else

16 sendResponse('failed');

17 });

18

19 var loadFrameExpectResponse = function(iframe, url) {

20 var identifier = performance.now();

21 return new Promise(function(resolve, reject) {

22 window.addEventListener('message', function(e) {

23 var data = JSON.parse(e.data);

24 if (data[0] == 'local frame msg' && data[1] == identifier) {

25 resolve();

26 } else {

27 reject();

28 }

29 });

30 iframe.onerror = reject;

31 iframe.onload = function() {

32 iframe.contentWindow.postMessage(

33 JSON.stringify(['sandboxed frame msg', identifier]), '*');

34 };

35 iframe.src = url;

36 });

37 };

38	16

39 var runTestAndRespond = function(localUrl, remoteUrl) {	17 var runTestAndRespond = function(localUrl, remoteUrl) {

40 var iframe = document.createElement('iframe');	18 var iframe = document.createElement('iframe');

	19 var identifier = performance.now();

	20 var sendResponse = function(msg) {

	21 var mainWindow = window.opener \|\| window.top;

	22 mainWindow.postMessage(msg, '*');

	23 };

41	24

42 // First load local resource in \|iframe\|, expect the local frame to respond.	25 // First load local resource in \|iframe\|, expect the local frame to respond.

43 loadFrameExpectResponse(iframe, localUrl).then(function() {

44 // Then load remote resource in \|iframe\|, expect the navigation to be

45 // blocked by the Content-Security-Policy.

46 // Rely on the SecurityPolicyViolationEvent to detect that the frame has

47 // been blocked.

48 remote_frame_loaded = true;

49 iframe.src = remoteUrl;

50 });

51 document.body.appendChild(iframe);	26 document.body.appendChild(iframe);

	27 iframe.src = localUrl;

	28 Promise.race([

	29 on(window, 'securitypolicyviolation').then(fail('localUrl csp error')),

	30 on(iframe, 'error').then(fail('localUrl iframe error')),

	31 on(window, 'error').then(fail('localUrl window error')),

	32 on(iframe, 'load')

	33 .then(() => {

	34 iframe.contentWindow.postMessage(

	35 JSON.stringify(['sandboxed frame msg', identifier]), '*');

	36 })

	37 .then(() => on(window, 'message'))

	38 .then((response) => {

	39 var data = JSON.parse(response.data);

	40 if (data[0] == 'local frame msg' && data[1] == identifier) {

	41 return Promise.resolve();

	42 } else {

	43 return Promise.reject();

	44 }

	45 })

	46 ]).then(() => {

	47 // Start a load of \|remoteUrl\|. Expect this to be a CSP violation.

	48 console.log('A CSP violation is expected on the next attempted load');

	49 iframe.src = remoteUrl;

	50 return Promise.race([

	51 Promise.all([

	52 on(iframe, 'load'), // This apparently still occurs?

	53 on(window, 'securitypolicyviolation')]),

	54 on(window, 'message').then(fail('remoteUrl message')),

	55 on(iframe, 'error').then(fail('remoteUrl iframe error')),

	56 on(window, 'error').then(fail('remoteUrl window error')),

	57 ]);

	58 }).then((values) => {

	59 load_event = values[0];

	60 securitypolicyviolation_event = values[1];

	61 sendResponse('succeeded');

	62 }).catch((err) => {

	63 console.log('Failing test because of: ' + err);

	64 sendResponse('failed');

	65 });

	66

	67 // Note that this test might fail due to CSP errors while loading the script

	68 // in the inner document. Those errors don't bubble cross origin, so we

	69 // don't have a great way to observe them here, and the test is likely to

	70 // hang if that happens.

52 };	71 };

53	72

54 onmessage = function(e) {	73 onmessage = function(e) {

55 var command = JSON.parse(e.data);	74 var command = JSON.parse(e.data);

56 if (command[0] == 'load') {	75 if (command[0] == 'load') {

57 var localUrl = command[1];	76 var localUrl = command[1];

58 var remoteUrl = command[2];	77 var remoteUrl = command[2];

59 runTestAndRespond(localUrl, remoteUrl);	78 runTestAndRespond(localUrl, remoteUrl);

60 }	79 }

61 };	80 };

62	81

63 </script>	82 </script>

OLD	NEW