chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html - Issue 2775953002: Some cleanup of app and extension CSP tests.

Unified Diff: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

Issue 2775953002: Some cleanup of app and extension CSP tests.

Patch Set: Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/test/data/extensions/api_test/sandboxed_pages_csp/remote_frame.html ('k') | chrome/test/data/extensions/platform_apps/iframes/main.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

diff --git a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

index 3bcce5e24898716bf2d47834c141f5bba4f2eb09..373f76fe15dc46170d46a786084666ea536a400a 100644

--- a/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

+++ b/chrome/test/data/extensions/api_test/sandboxed_pages_csp/sandboxed.html

@@ -1,54 +1,73 @@

This page should be sandboxed.

-// We're not served with the extension default CSP, we can use inline script.

-var sendResponse = function(msg) {

- var mainWindow = window.opener || window.top;

- mainWindow.postMessage(msg, '*');

-};

-var remote_frame_loaded = false;

-window.addEventListener('securitypolicyviolation', function(e) {

- if (remote_frame_loaded)

- sendResponse('succeeded');

- else

- sendResponse('failed');

-});

+// We're not served with the extension default CSP, we can use inline script.

-var loadFrameExpectResponse = function(iframe, url) {

- var identifier = performance.now();

- return new Promise(function(resolve, reject) {

- window.addEventListener('message', function(e) {

- var data = JSON.parse(e.data);

- if (data[0] == 'local frame msg' && data[1] == identifier) {

- resolve();

- } else {

- reject();

- }

- });

- iframe.onerror = reject;

- iframe.onload = function() {

- iframe.contentWindow.postMessage(

- JSON.stringify(['sandboxed frame msg', identifier]), '*');

- };

- iframe.src = url;

+function on(target, event) {

+ return new Promise((resolve, reject) => {

+ target.addEventListener(event, resolve);

});

-};

+function fail(reason) {

+ return (event) => Promise.reject(new Error(reason));

var runTestAndRespond = function(localUrl, remoteUrl) {

var iframe = document.createElement('iframe');

+ var identifier = performance.now();

+ var sendResponse = function(msg) {

+ var mainWindow = window.opener || window.top;

+ mainWindow.postMessage(msg, '*');

+ };

// First load local resource in |iframe|, expect the local frame to respond.

- loadFrameExpectResponse(iframe, localUrl).then(function() {

- // Then load remote resource in |iframe|, expect the navigation to be

- // blocked by the Content-Security-Policy.

- // Rely on the SecurityPolicyViolationEvent to detect that the frame has

- // been blocked.

- remote_frame_loaded = true;

- iframe.src = remoteUrl;

- });

document.body.appendChild(iframe);

+ iframe.src = localUrl;

+ Promise.race([

+ on(window, 'securitypolicyviolation').then(fail('localUrl csp error')),

+ on(iframe, 'error').then(fail('localUrl iframe error')),

+ on(window, 'error').then(fail('localUrl window error')),

+ on(iframe, 'load')

+ .then(() => {

+ iframe.contentWindow.postMessage(

+ JSON.stringify(['sandboxed frame msg', identifier]), '*');

+ })

+ .then(() => on(window, 'message'))

+ .then((response) => {

+ var data = JSON.parse(response.data);

+ if (data[0] == 'local frame msg' && data[1] == identifier) {

+ return Promise.resolve();

+ } else {

+ return Promise.reject();

+ }

+ })

+ ]).then(() => {

+ // Start a load of |remoteUrl|. Expect this to be a CSP violation.

+ console.log('A CSP violation is expected on the next attempted load');

+ iframe.src = remoteUrl;

+ return Promise.race([

+ Promise.all([

+ on(iframe, 'load'), // This apparently still occurs?

+ on(window, 'securitypolicyviolation')]),

+ on(window, 'message').then(fail('remoteUrl message')),

+ on(iframe, 'error').then(fail('remoteUrl iframe error')),

+ on(window, 'error').then(fail('remoteUrl window error')),

+ ]);

+ }).then((values) => {

+ load_event = values[0];

+ securitypolicyviolation_event = values[1];

+ sendResponse('succeeded');

+ }).catch((err) => {

+ console.log('Failing test because of: ' + err);

+ sendResponse('failed');

+ });

+ // Note that this test might fail due to CSP errors while loading the script

+ // in the inner document. Those errors don't bubble cross origin, so we

+ // don't have a great way to observe them here, and the test is likely to

+ // hang if that happens.

};

onmessage = function(e) {