Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(31)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute.html

Issue 2794303002: Deprecate resource requests whose URLs contain raw newlines. (Closed)
Patch Set: Rebase. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/local/absolute-url-strip-whitespace-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <!DOCTYPE html> 1 <!DOCTYPE html>
2 <script src="/resources/testharness.js"></script> 2 <script src="/resources/testharness.js"></script>
3 <script src="/resources/testharnessreport.js"></script> 3 <script src="/resources/testharnessreport.js"></script>
4 <script src="./resources/helper.js"></script> 4 <script src="./resources/helper.js"></script>
5 <body> 5 <body>
6 <script> 6 <script>
7 // We're injecting markup via `srcdoc` so, confusingly, we need to 7 // We're injecting markup via `srcdoc` so, confusingly, we need to
8 // entity-escape the "raw" content, and double-escape the "escaped" 8 // entity-escape the "raw" content, and double-escape the "escaped"
9 // content. 9 // content.
10 var rawBrace = "&lt;"; 10 var rawBrace = "&lt;";
11 var escapedBrace = "&amp;lt;"; 11 var escapedBrace = "&amp;lt;";
12 var rawNewline = "&#10;"; 12 var rawNewline = "&#10;";
13 var escapedNewline = "&amp;#10;"; 13 var escapedNewline = "&amp;#10;";
14 14
15 var abeSizedPng = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEwAAABnAQMAA ACQMjadAAAAA1BMVEX///+nxBvIAAAAEUlEQVQ4y2MYBaNgFIwCegAABG0AAd5G4RkAAAAASUVORK5CY II="; 15 var abeSizedPng = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEwAAABnAQMAA ACQMjadAAAAA1BMVEX///+nxBvIAAAAEUlEQVQ4y2MYBaNgFIwCegAABG0AAd5G4RkAAAAASUVORK5CY II=";
16 var abeSizedPngWithNewline = abeSizedPng.replace("i", "i\n"); 16 var abeSizedPngWithNewline = abeSizedPng.replace("i", "i\n");
17 17
18 var should_block = [ 18 var should_block = [
19 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?im g=a${rawNewline}b${rawBrace}c">`, 19 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?da ta=1${rawNewline}b">`,
20 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?im g=2${rawNewline}b${rawBrace}c">`,
20 ` 21 `
21 <img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?i mg=a 22 <img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?i mg=3
22 b${rawBrace}c 23 b${rawBrace}c
23 "> 24 ">
24 `, 25 `,
26 `<img id="dangling" src="${abeSizedPngWithNewline}">`,
25 ]; 27 ];
26 28
27 should_block.forEach(markup => { 29 should_block.forEach(markup => {
28 async_test(t => { 30 async_test(t => {
29 var i = createFrame(`${markup}`); 31 var i = createFrame(`${markup}`);
30 assert_img_not_loaded(t, i); 32 assert_img_not_loaded(t, i);
31 }, markup.replace(/[\n\r]/g, '')); 33 }, markup.replace(/[\n\r]/g, ''));
32 }); 34 });
33 35
34 var should_load = [ 36 var should_load = [
35 37 // Brace alone doesn't block:
36 // `data:` and `javascript:` URLs don't check the content: 38 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?4& img=${rawBrace}b">`,
37 `<img id="dangling" src="${abeSizedPngWithNewline}">`,
38
39 // Just one or the other isn't enough:
40 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?da ta=a${rawNewline}b">`,
41 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?im g=a${rawBrace}b">`,
42 39
43 // Entity-escaped characters don't trigger blocking: 40 // Entity-escaped characters don't trigger blocking:
44 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?da ta=a${escapedNewline}b">`, 41 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?5& data=${escapedNewline}b">`,
45 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?im g=a${escapedBrace}b">`, 42 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?6& img=${escapedBrace}b">`,
46 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?im g=a${escapedNewline}b${escapedBrace}c">`, 43 `<img id="dangling" src="http://127.0.0.1:8000/security/resources/abe.png?7& img=${escapedNewline}b${escapedBrace}c">`,
47 44
48 // Leading and trailing whitespace is stripped: 45 // Leading and trailing whitespace is stripped:
49 ` 46 `
50 <img id="dangling" src=" 47 <img id="dangling" src="
51 http://127.0.0.1:8000/security/resources/abe.png 48 http://127.0.0.1:8000/security/resources/abe.png?8
52 "> 49 ">
53 <input type=hidden name=csrf value=sekrit> 50 <input type=hidden name=csrf value=sekrit>
54 `, 51 `,
55 ` 52 `
56 <img id="dangling" src=" 53 <img id="dangling" src="
57 http://127.0.0.1:8000/security/resources/abe.png?img=${escapedBrace} 54 http://127.0.0.1:8000/security/resources/abe.png?9&img=${escapedBrace}
58 "> 55 ">
59 <input type=hidden name=csrf value=sekrit> 56 <input type=hidden name=csrf value=sekrit>
60 `, 57 `,
61 ` 58 `
62 <img id="dangling" src=" 59 <img id="dangling" src="
63 http://127.0.0.1:8000/security/resources/abe.png?img=${escapedNewline} 60 http://127.0.0.1:8000/security/resources/abe.png?10&img=${escapedNewline}
64 "> 61 ">
65 <input type=hidden name=csrf value=sekrit> 62 <input type=hidden name=csrf value=sekrit>
66 `, 63 `,
67 ]; 64 ];
68 65
69 should_load.forEach(markup => { 66 should_load.forEach(markup => {
70 async_test(t => { 67 async_test(t => {
71 var i = createFrame(`${markup} <element attr="" another=''>`); 68 var i = createFrame(`${markup} <element attr="" another=''>`);
72 assert_img_loaded(t, i); 69 assert_img_loaded(t, i);
73 }, markup.replace(/[\n\r]/g, '')); 70 }, markup.replace(/[\n\r]/g, ''));
74 }); 71 });
75 </script> 72 </script>
76 73
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/local/absolute-url-strip-whitespace-expected.txt ('k') | third_party/WebKit/LayoutTests/http/tests/security/dangling-markup/src-attribute-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698